SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:50:10 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:10 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:50:10 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:10 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:50:10 executing program 7: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:10 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)) socket$inet6_udplite(0xa, 0x2, 0x88) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1637.559178] FAULT_INJECTION: forcing a failure. [ 1637.559178] name failslab, interval 1, probability 0, space 0, times 0 [ 1637.561829] CPU: 1 PID: 9825 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1637.563302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1637.565072] Call Trace: [ 1637.565669] dump_stack+0x107/0x167 [ 1637.566436] should_fail.cold+0x5/0xa [ 1637.567269] ? create_object.isra.0+0x3a/0xa20 [ 1637.568227] should_failslab+0x5/0x20 [ 1637.569054] kmem_cache_alloc+0x5b/0x360 [ 1637.569939] create_object.isra.0+0x3a/0xa20 [ 1637.570890] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1637.571997] kmem_cache_alloc_bulk+0x168/0x320 [ 1637.572990] io_submit_sqes+0x7099/0x86e0 [ 1637.573895] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1637.574965] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1637.576048] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1637.577097] ? lock_downgrade+0x6d0/0x6d0 [ 1637.577994] ? find_held_lock+0x2c/0x110 [ 1637.578874] ? io_submit_sqes+0x86e0/0x86e0 [ 1637.579813] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1637.580855] ? wait_for_completion_io+0x270/0x270 [ 1637.581898] ? rcu_read_lock_any_held+0x75/0xa0 [ 1637.582896] ? vfs_write+0x354/0xa70 [ 1637.583711] ? fput_many+0x2f/0x1a0 [ 1637.584497] ? ksys_write+0x1a9/0x260 [ 1637.585306] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1637.586442] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1637.587557] do_syscall_64+0x33/0x40 [ 1637.588363] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1637.589485] RIP: 0033:0x7fa5e05a4b19 [ 1637.590285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1637.594232] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1637.595868] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1637.597419] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1637.598954] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1637.600480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1637.602014] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:50:27 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:50:27 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:50:27 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:27 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:27 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:50:27 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:27 executing program 7: r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:27 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1654.271696] FAULT_INJECTION: forcing a failure. [ 1654.271696] name failslab, interval 1, probability 0, space 0, times 0 [ 1654.274591] CPU: 1 PID: 9838 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1654.276002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.277692] Call Trace: [ 1654.278226] dump_stack+0x107/0x167 [ 1654.278984] should_fail.cold+0x5/0xa [ 1654.279754] ? create_object.isra.0+0x3a/0xa20 [ 1654.280686] should_failslab+0x5/0x20 [ 1654.281447] kmem_cache_alloc+0x5b/0x360 [ 1654.282314] ? mark_held_locks+0x9e/0xe0 [ 1654.283145] create_object.isra.0+0x3a/0xa20 [ 1654.284057] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1654.285128] kmem_cache_alloc_bulk+0x168/0x320 [ 1654.286135] io_submit_sqes+0x7099/0x86e0 [ 1654.286988] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1654.288001] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1654.289012] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1654.289992] ? lock_downgrade+0x6d0/0x6d0 [ 1654.290816] ? find_held_lock+0x2c/0x110 [ 1654.291651] ? io_submit_sqes+0x86e0/0x86e0 [ 1654.292555] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1654.293565] ? wait_for_completion_io+0x270/0x270 [ 1654.294550] ? rcu_read_lock_any_held+0x75/0xa0 [ 1654.295490] ? vfs_write+0x354/0xa70 [ 1654.296268] ? fput_many+0x2f/0x1a0 [ 1654.297004] ? ksys_write+0x1a9/0x260 [ 1654.297807] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1654.298876] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1654.299944] do_syscall_64+0x33/0x40 [ 1654.300697] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1654.301749] RIP: 0033:0x7fa5e05a4b19 [ 1654.302508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.306233] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1654.307775] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1654.309247] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1654.310786] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.312253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1654.313715] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:50:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:41 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:41 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:50:41 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:41 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:41 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:50:41 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:41 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:50:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1668.611605] FAULT_INJECTION: forcing a failure. [ 1668.611605] name failslab, interval 1, probability 0, space 0, times 0 [ 1668.614475] CPU: 0 PID: 9864 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1668.615958] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1668.617800] Call Trace: [ 1668.618393] dump_stack+0x107/0x167 [ 1668.619203] should_fail.cold+0x5/0xa [ 1668.620055] ? create_object.isra.0+0x3a/0xa20 [ 1668.621070] should_failslab+0x5/0x20 [ 1668.621937] kmem_cache_alloc+0x5b/0x360 [ 1668.622839] ? mark_held_locks+0x9e/0xe0 [ 1668.623743] create_object.isra.0+0x3a/0xa20 [ 1668.624716] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1668.625850] kmem_cache_alloc_bulk+0x168/0x320 [ 1668.626870] io_submit_sqes+0x7099/0x86e0 [ 1668.627791] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1668.628893] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1668.630014] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1668.631091] ? lock_downgrade+0x6d0/0x6d0 08:50:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1668.632007] ? find_held_lock+0x2c/0x110 [ 1668.633058] ? io_submit_sqes+0x86e0/0x86e0 [ 1668.634042] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1668.635112] ? wait_for_completion_io+0x270/0x270 [ 1668.636177] ? rcu_read_lock_any_held+0x75/0xa0 [ 1668.637197] ? vfs_write+0x354/0xa70 [ 1668.638037] ? fput_many+0x2f/0x1a0 [ 1668.638845] ? ksys_write+0x1a9/0x260 [ 1668.639704] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1668.640861] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1668.642032] do_syscall_64+0x33/0x40 [ 1668.642859] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1668.643982] RIP: 0033:0x7fa5e05a4b19 [ 1668.644806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1668.648857] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1668.650568] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1668.652145] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1668.653738] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1668.655326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1668.656932] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:50:41 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:41 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:50:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:42 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:42 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:42 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:50:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:50:57 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:50:57 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:57 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:57 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:57 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:58 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:50:58 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:58 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 1684.775904] FAULT_INJECTION: forcing a failure. [ 1684.775904] name failslab, interval 1, probability 0, space 0, times 0 [ 1684.777151] CPU: 0 PID: 9910 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1684.777892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1684.778794] Call Trace: [ 1684.779074] dump_stack+0x107/0x167 [ 1684.779476] should_fail.cold+0x5/0xa [ 1684.779887] ? create_object.isra.0+0x3a/0xa20 [ 1684.780382] should_failslab+0x5/0x20 [ 1684.780789] kmem_cache_alloc+0x5b/0x360 [ 1684.781222] ? mark_held_locks+0x9e/0xe0 [ 1684.781660] create_object.isra.0+0x3a/0xa20 [ 1684.782149] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1684.782692] kmem_cache_alloc_bulk+0x168/0x320 [ 1684.783184] io_submit_sqes+0x7099/0x86e0 [ 1684.783631] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1684.784172] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1684.784699] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1684.785226] ? lock_downgrade+0x6d0/0x6d0 [ 1684.785647] ? find_held_lock+0x2c/0x110 [ 1684.786128] ? io_submit_sqes+0x86e0/0x86e0 [ 1684.786602] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1684.787131] ? wait_for_completion_io+0x270/0x270 [ 1684.787619] ? rcu_read_lock_any_held+0x75/0xa0 [ 1684.788136] ? vfs_write+0x354/0xa70 [ 1684.788553] ? fput_many+0x2f/0x1a0 [ 1684.788947] ? ksys_write+0x1a9/0x260 [ 1684.789371] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1684.789961] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1684.790545] do_syscall_64+0x33/0x40 [ 1684.790948] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1684.791517] RIP: 0033:0x7fa5e05a4b19 [ 1684.791936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1684.793758] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1684.794617] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1684.795415] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1684.796206] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1684.796989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1684.797783] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:50:58 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:58 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:58 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:50:58 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:50:58 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:58 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:50:58 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:50:58 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:58 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:50:58 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1685.111177] FAULT_INJECTION: forcing a failure. [ 1685.111177] name failslab, interval 1, probability 0, space 0, times 0 [ 1685.114314] CPU: 0 PID: 9935 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1685.116253] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1685.118343] Call Trace: [ 1685.119096] dump_stack+0x107/0x167 [ 1685.120047] should_fail.cold+0x5/0xa [ 1685.120978] ? create_object.isra.0+0x3a/0xa20 [ 1685.122113] should_failslab+0x5/0x20 [ 1685.122832] kmem_cache_alloc+0x5b/0x360 [ 1685.123447] ? mark_held_locks+0x9e/0xe0 [ 1685.123991] create_object.isra.0+0x3a/0xa20 [ 1685.124652] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1685.125329] kmem_cache_alloc_bulk+0x168/0x320 [ 1685.126030] io_submit_sqes+0x7099/0x86e0 [ 1685.126573] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1685.127322] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1685.127978] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1685.128704] ? lock_downgrade+0x6d0/0x6d0 [ 1685.129244] ? find_held_lock+0x2c/0x110 [ 1685.129860] ? io_submit_sqes+0x86e0/0x86e0 [ 1685.130458] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1685.131175] ? wait_for_completion_io+0x270/0x270 [ 1685.131810] ? rcu_read_lock_any_held+0x75/0xa0 [ 1685.132495] ? vfs_write+0x354/0xa70 [ 1685.132997] ? fput_many+0x2f/0x1a0 [ 1685.133537] ? ksys_write+0x1a9/0x260 [ 1685.134179] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1685.135309] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1685.136458] do_syscall_64+0x33/0x40 [ 1685.137267] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1685.138420] RIP: 0033:0x7fa5e05a4b19 [ 1685.139227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1685.143269] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1685.144921] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1685.146499] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1685.148057] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1685.149600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1685.151149] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:50:58 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:50:58 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:51:14 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:14 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:14 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:51:14 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:14 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:14 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:51:14 executing program 5: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:14 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 1700.917154] FAULT_INJECTION: forcing a failure. [ 1700.917154] name failslab, interval 1, probability 0, space 0, times 0 [ 1700.919788] CPU: 1 PID: 9958 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1700.921211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1700.922938] Call Trace: [ 1700.923520] dump_stack+0x107/0x167 [ 1700.924338] should_fail.cold+0x5/0xa [ 1700.925134] ? create_object.isra.0+0x3a/0xa20 [ 1700.926127] should_failslab+0x5/0x20 [ 1700.926949] kmem_cache_alloc+0x5b/0x360 [ 1700.927793] ? mark_held_locks+0x9e/0xe0 [ 1700.928635] create_object.isra.0+0x3a/0xa20 [ 1700.929530] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1700.930581] kmem_cache_alloc_bulk+0x168/0x320 [ 1700.931534] io_submit_sqes+0x7099/0x86e0 [ 1700.932392] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1700.933404] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1700.934430] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1700.935423] ? lock_downgrade+0x6d0/0x6d0 [ 1700.936272] ? find_held_lock+0x2c/0x110 [ 1700.937102] ? io_submit_sqes+0x86e0/0x86e0 [ 1700.937996] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1700.939005] ? wait_for_completion_io+0x270/0x270 [ 1700.939991] ? rcu_read_lock_any_held+0x75/0xa0 [ 1700.940932] ? vfs_write+0x354/0xa70 [ 1700.941689] ? fput_many+0x2f/0x1a0 [ 1700.942436] ? ksys_write+0x1a9/0x260 [ 1700.943222] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1700.944290] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1700.945350] do_syscall_64+0x33/0x40 [ 1700.946112] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1700.947177] RIP: 0033:0x7fa5e05a4b19 [ 1700.947946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1700.951705] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1700.953273] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1700.954750] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1700.956208] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1700.957656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1700.959114] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:51:14 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:14 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:14 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:14 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:51:14 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:14 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:51:28 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:28 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:28 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:51:28 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:51:28 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:28 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:51:28 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:28 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:28 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1715.128355] FAULT_INJECTION: forcing a failure. [ 1715.128355] name failslab, interval 1, probability 0, space 0, times 0 [ 1715.131065] CPU: 0 PID: 9997 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1715.132511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1715.134259] Call Trace: [ 1715.134827] dump_stack+0x107/0x167 [ 1715.135610] should_fail.cold+0x5/0xa [ 1715.136420] ? create_object.isra.0+0x3a/0xa20 08:51:28 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1715.137393] should_failslab+0x5/0x20 [ 1715.138362] kmem_cache_alloc+0x5b/0x360 [ 1715.139229] ? mark_held_locks+0x9e/0xe0 [ 1715.140103] create_object.isra.0+0x3a/0xa20 [ 1715.141042] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1715.142130] kmem_cache_alloc_bulk+0x168/0x320 [ 1715.143114] io_submit_sqes+0x7099/0x86e0 [ 1715.143995] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1715.145061] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1715.146127] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1715.147172] ? lock_downgrade+0x6d0/0x6d0 [ 1715.148045] ? find_held_lock+0x2c/0x110 [ 1715.148918] ? io_submit_sqes+0x86e0/0x86e0 [ 1715.149846] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1715.150881] ? wait_for_completion_io+0x270/0x270 [ 1715.151902] ? rcu_read_lock_any_held+0x75/0xa0 [ 1715.152885] ? vfs_write+0x354/0xa70 [ 1715.153676] ? fput_many+0x2f/0x1a0 [ 1715.154461] ? ksys_write+0x1a9/0x260 [ 1715.155277] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1715.156423] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1715.157522] do_syscall_64+0x33/0x40 [ 1715.158309] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1715.159410] RIP: 0033:0x7fa5e05a4b19 [ 1715.160192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1715.164076] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1715.165715] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1715.167240] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1715.168742] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1715.170244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1715.171833] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:51:28 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:28 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:28 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:28 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:28 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:28 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 1715.404340] FAULT_INJECTION: forcing a failure. [ 1715.404340] name failslab, interval 1, probability 0, space 0, times 0 [ 1715.407098] CPU: 1 PID: 10024 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1715.408572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1715.410330] Call Trace: [ 1715.410926] dump_stack+0x107/0x167 [ 1715.411722] should_fail.cold+0x5/0xa [ 1715.412547] ? create_object.isra.0+0x3a/0xa20 [ 1715.413549] should_failslab+0x5/0x20 [ 1715.414362] kmem_cache_alloc+0x5b/0x360 [ 1715.415249] ? mark_held_locks+0x9e/0xe0 [ 1715.416120] create_object.isra.0+0x3a/0xa20 [ 1715.417035] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1715.418126] kmem_cache_alloc_bulk+0x168/0x320 [ 1715.419125] io_submit_sqes+0x7099/0x86e0 [ 1715.420014] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1715.421084] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1715.422145] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1715.423202] ? lock_downgrade+0x6d0/0x6d0 [ 1715.424071] ? find_held_lock+0x2c/0x110 [ 1715.424954] ? io_submit_sqes+0x86e0/0x86e0 [ 1715.425883] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1715.426917] ? wait_for_completion_io+0x270/0x270 [ 1715.427938] ? rcu_read_lock_any_held+0x75/0xa0 [ 1715.428946] ? vfs_write+0x354/0xa70 [ 1715.429795] ? fput_many+0x2f/0x1a0 [ 1715.430619] ? ksys_write+0x1a9/0x260 [ 1715.431459] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1715.432581] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1715.433707] do_syscall_64+0x33/0x40 [ 1715.434535] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1715.435633] RIP: 0033:0x7fa5e05a4b19 [ 1715.436444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1715.440452] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1715.442092] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1715.443641] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1715.445173] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1715.446717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1715.448273] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:51:44 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:44 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:51:44 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:51:44 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:44 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 1731.771697] FAULT_INJECTION: forcing a failure. [ 1731.771697] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.772983] CPU: 0 PID: 10039 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1731.773731] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.774615] Call Trace: [ 1731.774899] dump_stack+0x107/0x167 [ 1731.775290] should_fail.cold+0x5/0xa [ 1731.775714] should_failslab+0x5/0x20 [ 1731.776119] kmem_cache_alloc_bulk+0x4b/0x320 [ 1731.776604] io_submit_sqes+0x7099/0x86e0 [ 1731.777069] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1731.777611] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1731.778128] ? lock_downgrade+0x6d0/0x6d0 [ 1731.778583] ? find_held_lock+0x2c/0x110 [ 1731.779023] ? io_submit_sqes+0x86e0/0x86e0 08:51:45 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:44 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:45 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1731.779489] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.780160] ? wait_for_completion_io+0x270/0x270 [ 1731.780680] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.781175] ? vfs_write+0x354/0xa70 [ 1731.781576] ? fput_many+0x2f/0x1a0 [ 1731.781966] ? ksys_write+0x1a9/0x260 [ 1731.782376] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.782946] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.783508] do_syscall_64+0x33/0x40 [ 1731.783904] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1731.784442] RIP: 0033:0x7fa5e05a4b19 [ 1731.784838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.786769] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.787585] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1731.788342] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.789102] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.789850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.790617] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:51:45 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:45 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:51:45 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:51:45 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:51:45 executing program 5: r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1731.958303] FAULT_INJECTION: forcing a failure. [ 1731.958303] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.959753] CPU: 0 PID: 10057 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1731.960484] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.961354] Call Trace: [ 1731.961640] dump_stack+0x107/0x167 [ 1731.962039] should_fail.cold+0x5/0xa [ 1731.962445] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1731.963017] should_failslab+0x5/0x20 [ 1731.963419] __kmalloc_node+0x76/0x350 [ 1731.963843] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1731.964386] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1731.964932] kmem_cache_alloc_bulk+0x182/0x320 [ 1731.965428] io_submit_sqes+0x7099/0x86e0 [ 1731.965894] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1731.966419] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1731.966985] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1731.967523] ? lock_downgrade+0x6d0/0x6d0 [ 1731.967976] ? find_held_lock+0x2c/0x110 [ 1731.968423] ? irqentry_enter+0x26/0x60 [ 1731.968864] ? io_submit_sqes+0x86e0/0x86e0 [ 1731.969339] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.969911] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1731.970486] ? trace_hardirqs_on+0x5b/0x180 [ 1731.970972] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1731.971557] ? ksys_write+0x1a4/0x260 [ 1731.971981] ? __sanitizer_cov_trace_pc+0x3c/0x60 [ 1731.972490] ? ksys_write+0x1a9/0x260 [ 1731.972916] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.973478] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.974060] do_syscall_64+0x33/0x40 [ 1731.974474] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1731.975041] RIP: 0033:0x7fa5e05a4b19 [ 1731.975451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.977467] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.978304] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1731.979096] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.979874] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.980651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.981429] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:51:45 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:45 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:51:45 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:03 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:03 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:03 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:03 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:03 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:03 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:52:03 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:03 executing program 5: r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1750.023666] FAULT_INJECTION: forcing a failure. [ 1750.023666] name failslab, interval 1, probability 0, space 0, times 0 [ 1750.026853] CPU: 0 PID: 10086 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1750.028477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1750.030413] Call Trace: [ 1750.031058] dump_stack+0x107/0x167 [ 1750.031920] should_fail.cold+0x5/0xa [ 1750.032812] ? create_object.isra.0+0x3a/0xa20 [ 1750.033881] should_failslab+0x5/0x20 [ 1750.034771] kmem_cache_alloc+0x5b/0x360 [ 1750.035730] ? mark_held_locks+0x9e/0xe0 [ 1750.036686] create_object.isra.0+0x3a/0xa20 [ 1750.037713] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1750.038913] kmem_cache_alloc_bulk+0x168/0x320 [ 1750.039995] io_submit_sqes+0x7099/0x86e0 [ 1750.041009] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1750.042174] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1750.043331] ? lock_downgrade+0x6d0/0x6d0 [ 1750.044304] ? find_held_lock+0x2c/0x110 [ 1750.045265] ? io_submit_sqes+0x86e0/0x86e0 [ 1750.046290] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1750.047433] ? wait_for_completion_io+0x270/0x270 [ 1750.048568] ? rcu_read_lock_any_held+0x75/0xa0 [ 1750.049654] ? vfs_write+0x354/0xa70 [ 1750.050532] ? fput_many+0x2f/0x1a0 [ 1750.051402] ? ksys_write+0x1a9/0x260 [ 1750.052309] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1750.053528] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1750.054747] do_syscall_64+0x33/0x40 [ 1750.055629] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1750.056824] RIP: 0033:0x7fa5e05a4b19 [ 1750.057696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1750.062000] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1750.063783] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1750.065447] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1750.067118] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1750.068763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1750.070409] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:52:03 executing program 5: r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:03 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:03 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:03 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:03 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:03 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:03 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:03 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:19 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:52:19 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:19 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:19 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:19 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:19 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:20 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:20 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1766.777506] FAULT_INJECTION: forcing a failure. [ 1766.777506] name failslab, interval 1, probability 0, space 0, times 0 [ 1766.779161] CPU: 0 PID: 10120 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1766.780079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1766.781165] Call Trace: [ 1766.781512] dump_stack+0x107/0x167 [ 1766.782025] should_fail.cold+0x5/0xa [ 1766.782530] ? create_object.isra.0+0x3a/0xa20 [ 1766.783220] should_failslab+0x5/0x20 [ 1766.783780] kmem_cache_alloc+0x5b/0x360 [ 1766.784349] ? mark_held_locks+0x9e/0xe0 [ 1766.784888] create_object.isra.0+0x3a/0xa20 [ 1766.785479] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1766.786188] kmem_cache_alloc_bulk+0x168/0x320 [ 1766.786821] io_submit_sqes+0x7099/0x86e0 [ 1766.787476] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1766.788207] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1766.788883] ? lock_downgrade+0x6d0/0x6d0 [ 1766.789443] ? find_held_lock+0x2c/0x110 [ 1766.789992] ? io_submit_sqes+0x86e0/0x86e0 [ 1766.790576] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1766.791248] ? wait_for_completion_io+0x270/0x270 [ 1766.791937] ? rcu_read_lock_any_held+0x75/0xa0 [ 1766.792592] ? vfs_write+0x354/0xa70 [ 1766.793103] ? fput_many+0x2f/0x1a0 [ 1766.793578] ? ksys_write+0x1a9/0x260 [ 1766.794113] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1766.794833] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1766.795587] do_syscall_64+0x33/0x40 [ 1766.796090] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1766.796773] RIP: 0033:0x7fa5e05a4b19 [ 1766.797275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1766.799726] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1766.800745] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1766.801686] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1766.802708] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1766.803775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1766.804707] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:52:20 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:20 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:20 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:20 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:20 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:20 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:20 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:52:20 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:20 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:20 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 1767.063393] FAULT_INJECTION: forcing a failure. [ 1767.063393] name failslab, interval 1, probability 0, space 0, times 0 [ 1767.065013] CPU: 0 PID: 10147 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1767.065894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1767.066965] Call Trace: [ 1767.067336] dump_stack+0x107/0x167 [ 1767.067810] should_fail.cold+0x5/0xa [ 1767.068307] ? create_object.isra.0+0x3a/0xa20 [ 1767.068894] should_failslab+0x5/0x20 [ 1767.069391] kmem_cache_alloc+0x5b/0x360 [ 1767.069923] create_object.isra.0+0x3a/0xa20 [ 1767.070486] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1767.071153] kmem_cache_alloc_bulk+0x168/0x320 [ 1767.071759] io_submit_sqes+0x7099/0x86e0 [ 1767.072331] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1767.072976] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1767.073622] ? lock_downgrade+0x6d0/0x6d0 [ 1767.074167] ? find_held_lock+0x2c/0x110 [ 1767.074706] ? io_submit_sqes+0x86e0/0x86e0 [ 1767.075331] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1767.075962] ? wait_for_completion_io+0x270/0x270 [ 1767.076629] ? rcu_read_lock_any_held+0x75/0xa0 [ 1767.077237] ? vfs_write+0x354/0xa70 [ 1767.077755] ? fput_many+0x2f/0x1a0 [ 1767.078233] ? ksys_write+0x1a9/0x260 [ 1767.078720] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1767.079388] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1767.080068] do_syscall_64+0x33/0x40 [ 1767.080625] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1767.081344] RIP: 0033:0x7fa5e05a4b19 [ 1767.081854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1767.084296] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1767.085293] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1767.086175] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1767.087175] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1767.088065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1767.088996] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:52:35 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:52:35 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:35 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:35 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:35 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:35 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:35 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:35 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1782.770522] FAULT_INJECTION: forcing a failure. [ 1782.770522] name failslab, interval 1, probability 0, space 0, times 0 [ 1782.772324] CPU: 1 PID: 10173 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1782.773438] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1782.774593] Call Trace: [ 1782.774993] dump_stack+0x107/0x167 [ 1782.775583] should_fail.cold+0x5/0xa [ 1782.776135] ? create_object.isra.0+0x3a/0xa20 [ 1782.776780] should_failslab+0x5/0x20 [ 1782.777314] kmem_cache_alloc+0x5b/0x360 [ 1782.777898] ? mark_held_locks+0x9e/0xe0 [ 1782.778473] create_object.isra.0+0x3a/0xa20 [ 1782.779097] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1782.779830] kmem_cache_alloc_bulk+0x168/0x320 [ 1782.780449] io_submit_sqes+0x7099/0x86e0 [ 1782.781035] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1782.781741] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1782.782418] ? lock_downgrade+0x6d0/0x6d0 [ 1782.782969] ? find_held_lock+0x2c/0x110 [ 1782.783556] ? io_submit_sqes+0x86e0/0x86e0 [ 1782.784155] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1782.784810] ? wait_for_completion_io+0x270/0x270 [ 1782.785483] ? rcu_read_lock_any_held+0x75/0xa0 [ 1782.786104] ? vfs_write+0x354/0xa70 [ 1782.786609] ? fput_many+0x2f/0x1a0 [ 1782.787105] ? ksys_write+0x1a9/0x260 [ 1782.787671] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1782.788362] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1782.789070] do_syscall_64+0x33/0x40 [ 1782.789572] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1782.790266] RIP: 0033:0x7fa5e05a4b19 [ 1782.790781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1782.793251] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1782.794256] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1782.795187] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1782.796168] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1782.797106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1782.798040] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:52:36 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:36 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:36 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:36 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:36 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:36 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:51 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:51 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:51 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:51 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:51 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:52:51 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:51 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:51 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1798.684511] FAULT_INJECTION: forcing a failure. [ 1798.684511] name failslab, interval 1, probability 0, space 0, times 0 [ 1798.686274] CPU: 0 PID: 10207 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1798.687231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1798.688367] Call Trace: [ 1798.688745] dump_stack+0x107/0x167 [ 1798.689267] should_fail.cold+0x5/0xa [ 1798.689778] ? create_object.isra.0+0x3a/0xa20 [ 1798.690350] should_failslab+0x5/0x20 [ 1798.690853] kmem_cache_alloc+0x5b/0x360 [ 1798.691394] ? mark_held_locks+0x9e/0xe0 [ 1798.691967] create_object.isra.0+0x3a/0xa20 [ 1798.692527] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1798.693235] kmem_cache_alloc_bulk+0x168/0x320 [ 1798.693873] io_submit_sqes+0x7099/0x86e0 [ 1798.694458] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1798.695134] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1798.695808] ? lock_downgrade+0x6d0/0x6d0 [ 1798.696348] ? find_held_lock+0x2c/0x110 [ 1798.696893] ? io_submit_sqes+0x86e0/0x86e0 [ 1798.697476] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1798.698115] ? wait_for_completion_io+0x270/0x270 [ 1798.698746] ? rcu_read_lock_any_held+0x75/0xa0 [ 1798.699407] ? vfs_write+0x354/0xa70 [ 1798.699934] ? fput_many+0x2f/0x1a0 [ 1798.700430] ? ksys_write+0x1a9/0x260 [ 1798.700947] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1798.701629] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1798.702321] do_syscall_64+0x33/0x40 [ 1798.702848] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1798.703568] RIP: 0033:0x7fa5e05a4b19 [ 1798.704055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1798.706466] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1798.707508] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1798.708468] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1798.709430] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1798.710424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1798.711396] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:52:51 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:51 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:52 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:52:52 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:52 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:52:52 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:52 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:52:52 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:52:52 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 1799.018619] FAULT_INJECTION: forcing a failure. [ 1799.018619] name failslab, interval 1, probability 0, space 0, times 0 [ 1799.020460] CPU: 0 PID: 10232 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1799.021427] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1799.022514] Call Trace: [ 1799.022881] dump_stack+0x107/0x167 [ 1799.023401] should_fail.cold+0x5/0xa [ 1799.023951] ? create_object.isra.0+0x3a/0xa20 [ 1799.024626] should_failslab+0x5/0x20 [ 1799.025174] kmem_cache_alloc+0x5b/0x360 [ 1799.025741] ? mark_held_locks+0x9e/0xe0 [ 1799.026296] create_object.isra.0+0x3a/0xa20 [ 1799.026911] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1799.027612] kmem_cache_alloc_bulk+0x168/0x320 [ 1799.028245] io_submit_sqes+0x7099/0x86e0 [ 1799.028840] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1799.029522] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1799.030197] ? lock_downgrade+0x6d0/0x6d0 [ 1799.030772] ? find_held_lock+0x2c/0x110 [ 1799.031341] ? io_submit_sqes+0x86e0/0x86e0 [ 1799.031970] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1799.032625] ? wait_for_completion_io+0x270/0x270 [ 1799.033280] ? rcu_read_lock_any_held+0x75/0xa0 [ 1799.033931] ? vfs_write+0x354/0xa70 [ 1799.034446] ? fput_many+0x2f/0x1a0 [ 1799.034936] ? ksys_write+0x1a9/0x260 [ 1799.035512] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1799.036243] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1799.036930] do_syscall_64+0x33/0x40 [ 1799.037440] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1799.038171] RIP: 0033:0x7fa5e05a4b19 [ 1799.038691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1799.041184] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1799.042254] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1799.043215] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1799.044223] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1799.045219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1799.046172] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:53:09 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:53:09 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:09 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:09 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:09 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:09 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:09 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:09 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1816.222222] FAULT_INJECTION: forcing a failure. [ 1816.222222] name failslab, interval 1, probability 0, space 0, times 0 [ 1816.224171] CPU: 1 PID: 10251 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1816.225158] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1816.226363] Call Trace: [ 1816.226749] dump_stack+0x107/0x167 [ 1816.227260] should_fail.cold+0x5/0xa [ 1816.227855] ? create_object.isra.0+0x3a/0xa20 [ 1816.228515] ? create_object.isra.0+0x3a/0xa20 [ 1816.229151] should_failslab+0x5/0x20 [ 1816.229689] kmem_cache_alloc+0x5b/0x360 [ 1816.230277] create_object.isra.0+0x3a/0xa20 [ 1816.230891] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1816.231625] kmem_cache_alloc_bulk+0x168/0x320 [ 1816.232318] io_submit_sqes+0x7099/0x86e0 [ 1816.232922] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1816.233611] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1816.234273] ? lock_downgrade+0x6d0/0x6d0 [ 1816.234867] ? find_held_lock+0x2c/0x110 [ 1816.235436] ? io_submit_sqes+0x86e0/0x86e0 [ 1816.236098] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1816.236796] ? wait_for_completion_io+0x270/0x270 [ 1816.237477] ? rcu_read_lock_any_held+0x75/0xa0 [ 1816.238157] ? vfs_write+0x354/0xa70 [ 1816.238705] ? fput_many+0x2f/0x1a0 [ 1816.239263] ? ksys_write+0x1a9/0x260 [ 1816.239835] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1816.240587] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1816.241346] do_syscall_64+0x33/0x40 [ 1816.241907] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1816.242629] RIP: 0033:0x7fa5e05a4b19 [ 1816.243153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1816.245752] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1816.246785] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1816.247828] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1816.248772] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1816.249753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1816.250724] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:53:09 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:09 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:09 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:09 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:09 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:09 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:09 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:09 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:25 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:25 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:25 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:25 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:25 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:25 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:53:25 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:25 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1832.223400] FAULT_INJECTION: forcing a failure. [ 1832.223400] name failslab, interval 1, probability 0, space 0, times 0 [ 1832.225182] CPU: 0 PID: 10292 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1832.226139] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1832.227302] Call Trace: [ 1832.227695] dump_stack+0x107/0x167 [ 1832.228349] should_fail.cold+0x5/0xa [ 1832.228880] should_failslab+0x5/0x20 [ 1832.229433] kmem_cache_alloc_bulk+0x4b/0x320 [ 1832.230054] io_submit_sqes+0x7099/0x86e0 [ 1832.230636] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1832.231388] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1832.232105] ? lock_downgrade+0x6d0/0x6d0 [ 1832.232665] ? find_held_lock+0x2c/0x110 [ 1832.233281] ? io_submit_sqes+0x86e0/0x86e0 [ 1832.233896] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1832.234558] ? wait_for_completion_io+0x270/0x270 [ 1832.235225] ? rcu_read_lock_any_held+0x75/0xa0 [ 1832.235863] ? vfs_write+0x354/0xa70 [ 1832.236451] ? fput_many+0x2f/0x1a0 [ 1832.236968] ? ksys_write+0x1a9/0x260 [ 1832.237527] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1832.238301] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1832.239029] do_syscall_64+0x33/0x40 [ 1832.239549] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1832.240295] RIP: 0033:0x7fa5e05a4b19 [ 1832.240820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1832.243537] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1832.244605] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1832.245604] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1832.246593] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1832.247571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1832.248614] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:53:25 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, 0x0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:25 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:25 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:25 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:25 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:25 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:25 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, 0x0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:25 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:53:25 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1832.537521] FAULT_INJECTION: forcing a failure. [ 1832.537521] name failslab, interval 1, probability 0, space 0, times 0 [ 1832.539587] CPU: 0 PID: 10315 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1832.540567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1832.541698] Call Trace: [ 1832.542063] dump_stack+0x107/0x167 [ 1832.542555] should_fail.cold+0x5/0xa [ 1832.543088] ? create_object.isra.0+0x3a/0xa20 [ 1832.543739] should_failslab+0x5/0x20 [ 1832.544290] kmem_cache_alloc+0x5b/0x360 [ 1832.544872] ? mark_held_locks+0x9e/0xe0 [ 1832.545433] create_object.isra.0+0x3a/0xa20 [ 1832.546098] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1832.546814] kmem_cache_alloc_bulk+0x168/0x320 [ 1832.547443] io_submit_sqes+0x7099/0x86e0 [ 1832.548050] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1832.548787] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1832.549463] ? lock_downgrade+0x6d0/0x6d0 [ 1832.550042] ? find_held_lock+0x2c/0x110 [ 1832.550610] ? io_submit_sqes+0x86e0/0x86e0 [ 1832.551241] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1832.551931] ? wait_for_completion_io+0x270/0x270 [ 1832.552593] ? rcu_read_lock_any_held+0x75/0xa0 [ 1832.553269] ? vfs_write+0x354/0xa70 [ 1832.553799] ? fput_many+0x2f/0x1a0 [ 1832.554306] ? ksys_write+0x1a9/0x260 [ 1832.554823] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1832.555560] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1832.556309] do_syscall_64+0x33/0x40 [ 1832.556815] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1832.557500] RIP: 0033:0x7fa5e05a4b19 [ 1832.558017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1832.560537] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1832.561586] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1832.562554] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1832.563544] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1832.564546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1832.565526] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:53:41 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:53:41 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:41 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:41 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:41 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:41 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:41 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, 0x0, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1848.014526] FAULT_INJECTION: forcing a failure. [ 1848.014526] name failslab, interval 1, probability 0, space 0, times 0 [ 1848.016269] CPU: 0 PID: 10325 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1848.017211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1848.018334] Call Trace: [ 1848.018709] dump_stack+0x107/0x167 [ 1848.019218] should_fail.cold+0x5/0xa [ 1848.019755] ? create_object.isra.0+0x3a/0xa20 [ 1848.020428] should_failslab+0x5/0x20 [ 1848.020963] kmem_cache_alloc+0x5b/0x360 [ 1848.021492] create_object.isra.0+0x3a/0xa20 [ 1848.022103] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1848.022806] kmem_cache_alloc_bulk+0x168/0x320 [ 1848.023470] io_submit_sqes+0x7099/0x86e0 [ 1848.024079] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1848.024812] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1848.025446] ? lock_downgrade+0x6d0/0x6d0 [ 1848.026037] ? find_held_lock+0x2c/0x110 [ 1848.026608] ? io_submit_sqes+0x86e0/0x86e0 [ 1848.027237] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1848.027922] ? wait_for_completion_io+0x270/0x270 [ 1848.028614] ? rcu_read_lock_any_held+0x75/0xa0 [ 1848.029283] ? vfs_write+0x354/0xa70 [ 1848.029792] ? fput_many+0x2f/0x1a0 [ 1848.030295] ? ksys_write+0x1a9/0x260 [ 1848.030815] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1848.031531] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1848.032298] do_syscall_64+0x33/0x40 [ 1848.032813] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1848.033521] RIP: 0033:0x7fa5e05a4b19 [ 1848.034059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1848.036600] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1848.037657] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1848.038623] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1848.039578] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1848.040620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1848.041606] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:53:41 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:41 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:41 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:41 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:41 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:41 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 1848.253482] FAULT_INJECTION: forcing a failure. [ 1848.253482] name failslab, interval 1, probability 0, space 0, times 0 [ 1848.255448] CPU: 1 PID: 10354 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1848.256471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1848.257635] Call Trace: [ 1848.258011] dump_stack+0x107/0x167 [ 1848.258533] should_fail.cold+0x5/0xa [ 1848.259120] ? create_object.isra.0+0x3a/0xa20 [ 1848.259764] should_failslab+0x5/0x20 [ 1848.260335] kmem_cache_alloc+0x5b/0x360 [ 1848.260898] ? mark_held_locks+0x9e/0xe0 [ 1848.261476] create_object.isra.0+0x3a/0xa20 [ 1848.262103] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1848.262810] kmem_cache_alloc_bulk+0x168/0x320 [ 1848.263456] io_submit_sqes+0x7099/0x86e0 [ 1848.264065] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1848.264813] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1848.265495] ? lock_downgrade+0x6d0/0x6d0 [ 1848.266054] ? find_held_lock+0x2c/0x110 [ 1848.266627] ? io_submit_sqes+0x86e0/0x86e0 [ 1848.267245] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1848.267919] ? wait_for_completion_io+0x270/0x270 [ 1848.268628] ? rcu_read_lock_any_held+0x75/0xa0 [ 1848.269285] ? vfs_write+0x354/0xa70 [ 1848.269827] ? fput_many+0x2f/0x1a0 [ 1848.270341] ? ksys_write+0x1a9/0x260 [ 1848.270884] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1848.271621] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1848.272411] do_syscall_64+0x33/0x40 [ 1848.272941] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1848.273639] RIP: 0033:0x7fa5e05a4b19 [ 1848.274151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1848.276616] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1848.277617] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1848.278596] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1848.279553] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1848.280567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1848.281576] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:53:55 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:55 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:55 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:53:55 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:53:55 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:55 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:55 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:55 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1862.782401] FAULT_INJECTION: forcing a failure. [ 1862.782401] name failslab, interval 1, probability 0, space 0, times 0 [ 1862.783850] CPU: 1 PID: 10375 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1862.784692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1862.785680] Call Trace: [ 1862.786007] dump_stack+0x107/0x167 [ 1862.786469] should_fail.cold+0x5/0xa [ 1862.786939] ? create_object.isra.0+0x3a/0xa20 [ 1862.787619] should_failslab+0x5/0x20 [ 1862.788080] kmem_cache_alloc+0x5b/0x360 [ 1862.788673] ? mark_held_locks+0x9e/0xe0 [ 1862.789256] create_object.isra.0+0x3a/0xa20 [ 1862.789885] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1862.790596] kmem_cache_alloc_bulk+0x168/0x320 [ 1862.791254] io_submit_sqes+0x7099/0x86e0 [ 1862.791743] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1862.792351] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1862.792950] ? io_submit_sqes+0x86e0/0x86e0 [ 1862.793473] ? recalibrate_cpu_khz+0x10/0x10 [ 1862.794010] ? ktime_get+0x158/0x1f0 [ 1862.794462] ? lapic_timer_set_periodic+0x60/0x60 [ 1862.795047] ? clockevents_program_event+0x131/0x360 [ 1862.795666] ? tick_program_event+0xa8/0x140 [ 1862.796203] ? hrtimer_interrupt+0x771/0x9b0 [ 1862.796710] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1862.797334] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1862.798003] do_syscall_64+0x33/0x40 [ 1862.798439] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1862.799049] RIP: 0033:0x7fa5e05a4b19 [ 1862.799496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1862.801757] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1862.802580] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1862.803441] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1862.804307] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1862.805173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1862.805947] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:53:56 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:56 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:53:56 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:53:56 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:53:56 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:53:56 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:53:56 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:11 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:11 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:54:11 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:11 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:54:11 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r3, 0x10000000) 08:54:11 executing program 5: syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:54:11 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:11 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) [ 1878.587568] FAULT_INJECTION: forcing a failure. [ 1878.587568] name failslab, interval 1, probability 0, space 0, times 0 [ 1878.590533] CPU: 1 PID: 10404 Comm: syz-executor.2 Not tainted 5.10.173 #1 [ 1878.591993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1878.593753] Call Trace: [ 1878.594312] dump_stack+0x107/0x167 [ 1878.595091] should_fail.cold+0x5/0xa [ 1878.595895] ? create_object.isra.0+0x3a/0xa20 [ 1878.596880] should_failslab+0x5/0x20 [ 1878.597689] kmem_cache_alloc+0x5b/0x360 [ 1878.598542] ? mark_held_locks+0x9e/0xe0 [ 1878.599378] create_object.isra.0+0x3a/0xa20 08:54:11 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1878.600277] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 08:54:11 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1878.601520] kmem_cache_alloc_bulk+0x168/0x320 [ 1878.602572] io_submit_sqes+0x7099/0x86e0 [ 1878.603451] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1878.604440] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1878.605438] ? lock_downgrade+0x6d0/0x6d0 [ 1878.606267] ? find_held_lock+0x2c/0x110 [ 1878.607074] ? io_submit_sqes+0x86e0/0x86e0 [ 1878.607960] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1878.608956] ? wait_for_completion_io+0x270/0x270 [ 1878.609905] ? rcu_read_lock_any_held+0x75/0xa0 [ 1878.610843] ? vfs_write+0x354/0xa70 [ 1878.611580] ? fput_many+0x2f/0x1a0 [ 1878.612316] ? ksys_write+0x1a9/0x260 [ 1878.613124] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1878.614160] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1878.615182] do_syscall_64+0x33/0x40 [ 1878.615946] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1878.617013] RIP: 0033:0x7fa5e05a4b19 [ 1878.617767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1878.621484] RSP: 002b:00007fa5ddb1a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1878.623014] RAX: ffffffffffffffda RBX: 00007fa5e06b7f60 RCX: 00007fa5e05a4b19 [ 1878.624441] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1878.625887] RBP: 00007fa5ddb1a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1878.627316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1878.628789] R13: 00007ffc8ff7a72f R14: 00007fa5ddb1a300 R15: 0000000000022000 08:54:11 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r3, 0x10000000) 08:54:11 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:54:11 executing program 5: syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:54:11 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:54:11 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:11 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:12 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:12 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:12 executing program 5: syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:54:12 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r3, 0x10000000) 08:54:12 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:54:12 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:54:12 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:12 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:54:12 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r3, 0x10000000) 08:54:12 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:12 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:54:29 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:54:29 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:29 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 08:54:29 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:54:29 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r3, 0x10000000) 08:54:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:54:29 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1895.875871] FAULT_INJECTION: forcing a failure. [ 1895.875871] name failslab, interval 1, probability 0, space 0, times 0 [ 1895.877517] CPU: 0 PID: 10480 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1895.878476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1895.879632] Call Trace: [ 1895.879987] dump_stack+0x107/0x167 [ 1895.880476] should_fail.cold+0x5/0xa [ 1895.881034] should_failslab+0x5/0x20 [ 1895.881573] kmem_cache_alloc_bulk+0x4b/0x320 [ 1895.882212] io_submit_sqes+0x7099/0x86e0 [ 1895.882796] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1895.883449] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1895.884109] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1895.884822] ? lock_downgrade+0x6d0/0x6d0 [ 1895.885396] ? find_held_lock+0x2c/0x110 [ 1895.885970] ? io_submit_sqes+0x86e0/0x86e0 [ 1895.886563] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1895.887195] ? wait_for_completion_io+0x270/0x270 [ 1895.887817] ? rcu_read_lock_any_held+0x75/0xa0 [ 1895.888433] ? vfs_write+0x354/0xa70 [ 1895.888978] ? fput_many+0x2f/0x1a0 [ 1895.889471] ? ksys_write+0x1a9/0x260 [ 1895.890006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1895.890721] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1895.891417] do_syscall_64+0x33/0x40 [ 1895.891923] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1895.892636] RIP: 0033:0x7fa3407dfb19 [ 1895.893173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1895.895627] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1895.896677] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1895.897707] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1895.898654] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1895.899620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1895.900594] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 08:54:29 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 08:54:29 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r3, 0x10000000) 08:54:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:54:29 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x58ab, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:54:29 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) [ 1896.144452] FAULT_INJECTION: forcing a failure. [ 1896.144452] name failslab, interval 1, probability 0, space 0, times 0 [ 1896.146179] CPU: 1 PID: 10503 Comm: syz-executor.7 Not tainted 5.10.173 #1 08:54:29 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) [ 1896.147058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1896.148361] Call Trace: [ 1896.148795] dump_stack+0x107/0x167 [ 1896.149290] should_fail.cold+0x5/0xa [ 1896.149793] ? create_object.isra.0+0x3a/0xa20 [ 1896.150395] should_failslab+0x5/0x20 [ 1896.150907] kmem_cache_alloc+0x5b/0x360 [ 1896.151438] create_object.isra.0+0x3a/0xa20 [ 1896.152011] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1896.152687] kmem_cache_alloc_bulk+0x168/0x320 [ 1896.153331] io_submit_sqes+0x7099/0x86e0 [ 1896.153867] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1896.154488] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1896.155165] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1896.155790] ? lock_downgrade+0x6d0/0x6d0 [ 1896.156299] ? find_held_lock+0x2c/0x110 [ 1896.156857] ? io_submit_sqes+0x86e0/0x86e0 [ 1896.157421] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1896.158064] ? wait_for_completion_io+0x270/0x270 [ 1896.158665] ? rcu_read_lock_any_held+0x75/0xa0 [ 1896.159258] ? vfs_write+0x354/0xa70 [ 1896.159740] ? fput_many+0x2f/0x1a0 [ 1896.160189] ? ksys_write+0x1a9/0x260 [ 1896.160669] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1896.161402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1896.162073] do_syscall_64+0x33/0x40 [ 1896.162540] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1896.163188] RIP: 0033:0x7fa3407dfb19 [ 1896.163653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1896.166039] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1896.167063] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1896.167969] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1896.168889] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1896.169781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1896.170678] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 08:54:29 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1896.202140] FAULT_INJECTION: forcing a failure. [ 1896.202140] name failslab, interval 1, probability 0, space 0, times 0 [ 1896.203773] CPU: 0 PID: 10507 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1896.204759] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1896.205859] Call Trace: [ 1896.206227] dump_stack+0x107/0x167 [ 1896.206722] should_fail.cold+0x5/0xa [ 1896.207240] should_failslab+0x5/0x20 [ 1896.207761] kmem_cache_alloc_bulk+0x4b/0x320 [ 1896.208358] io_submit_sqes+0x7099/0x86e0 [ 1896.208926] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1896.209586] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1896.210255] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1896.210898] ? lock_downgrade+0x6d0/0x6d0 [ 1896.211452] ? find_held_lock+0x2c/0x110 [ 1896.211996] ? io_submit_sqes+0x86e0/0x86e0 [ 1896.212574] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1896.213299] ? wait_for_completion_io+0x270/0x270 [ 1896.213956] ? rcu_read_lock_any_held+0x75/0xa0 [ 1896.214570] ? vfs_write+0x354/0xa70 [ 1896.215061] ? fput_many+0x2f/0x1a0 [ 1896.215546] ? ksys_write+0x1a9/0x260 [ 1896.216094] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1896.216832] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1896.217526] do_syscall_64+0x33/0x40 [ 1896.218041] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1896.218775] RIP: 0033:0x7fd42ac9bb19 [ 1896.219340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1896.222004] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1896.223085] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1896.224097] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1896.225160] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1896.226171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1896.227176] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:54:44 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) 08:54:44 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:44 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:54:44 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xab58, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:54:44 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 08:54:44 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 08:54:44 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:44 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1911.564495] FAULT_INJECTION: forcing a failure. [ 1911.564495] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.566230] CPU: 1 PID: 10530 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1911.567207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.568377] Call Trace: [ 1911.568749] dump_stack+0x107/0x167 [ 1911.569305] should_fail.cold+0x5/0xa [ 1911.569857] ? create_object.isra.0+0x3a/0xa20 [ 1911.570471] should_failslab+0x5/0x20 [ 1911.571046] kmem_cache_alloc+0x5b/0x360 [ 1911.571597] ? mark_held_locks+0x9e/0xe0 [ 1911.572164] create_object.isra.0+0x3a/0xa20 [ 1911.572792] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.573514] kmem_cache_alloc_bulk+0x168/0x320 [ 1911.574150] io_submit_sqes+0x7099/0x86e0 [ 1911.574751] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1911.575475] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1911.576171] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1911.576854] ? lock_downgrade+0x6d0/0x6d0 [ 1911.577474] ? find_held_lock+0x2c/0x110 [ 1911.578064] ? io_submit_sqes+0x86e0/0x86e0 [ 1911.578694] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1911.579378] ? wait_for_completion_io+0x270/0x270 [ 1911.580051] ? rcu_read_lock_any_held+0x75/0xa0 [ 1911.580712] ? vfs_write+0x354/0xa70 [ 1911.581249] ? fput_many+0x2f/0x1a0 [ 1911.581783] ? ksys_write+0x1a9/0x260 [ 1911.582339] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.583071] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.583793] do_syscall_64+0x33/0x40 [ 1911.584309] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1911.585006] RIP: 0033:0x7fa3407dfb19 [ 1911.585521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.587984] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.589054] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1911.590006] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1911.590956] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.591955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1911.592903] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 [ 1911.594866] FAULT_INJECTION: forcing a failure. [ 1911.594866] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.596556] CPU: 1 PID: 10526 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1911.597524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.598603] Call Trace: [ 1911.598954] dump_stack+0x107/0x167 [ 1911.599424] should_fail.cold+0x5/0xa [ 1911.599921] ? create_object.isra.0+0x3a/0xa20 [ 1911.600518] should_failslab+0x5/0x20 [ 1911.601035] kmem_cache_alloc+0x5b/0x360 [ 1911.601561] create_object.isra.0+0x3a/0xa20 [ 1911.602127] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.602823] kmem_cache_alloc_bulk+0x168/0x320 [ 1911.603459] io_submit_sqes+0x7099/0x86e0 [ 1911.604046] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1911.604713] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1911.605460] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1911.606138] ? lock_downgrade+0x6d0/0x6d0 [ 1911.606758] ? find_held_lock+0x2c/0x110 [ 1911.607330] ? io_submit_sqes+0x86e0/0x86e0 [ 1911.607946] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1911.608640] ? wait_for_completion_io+0x270/0x270 [ 1911.609411] ? rcu_read_lock_any_held+0x75/0xa0 [ 1911.610088] ? vfs_write+0x354/0xa70 [ 1911.610609] ? fput_many+0x2f/0x1a0 [ 1911.611104] ? ksys_write+0x1a9/0x260 [ 1911.611650] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.612394] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.613168] do_syscall_64+0x33/0x40 [ 1911.613690] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1911.614400] RIP: 0033:0x7fd42ac9bb19 [ 1911.614934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.617520] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.618562] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1911.619577] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1911.620570] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.621569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1911.622518] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:54:44 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xab580000, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:54:44 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:54:44 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:54:44 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:00 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) 08:55:00 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:00 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x58ab, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:55:00 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:55:00 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) 08:55:00 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 08:55:00 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:00 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1927.254148] FAULT_INJECTION: forcing a failure. [ 1927.254148] name failslab, interval 1, probability 0, space 0, times 0 [ 1927.255864] CPU: 1 PID: 10565 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1927.256880] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1927.258211] Call Trace: [ 1927.258647] dump_stack+0x107/0x167 [ 1927.259191] should_fail.cold+0x5/0xa [ 1927.259707] ? create_object.isra.0+0x3a/0xa20 [ 1927.260331] should_failslab+0x5/0x20 [ 1927.260895] kmem_cache_alloc+0x5b/0x360 [ 1927.261602] ? mark_held_locks+0x9e/0xe0 [ 1927.262182] create_object.isra.0+0x3a/0xa20 [ 1927.262769] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1927.263503] kmem_cache_alloc_bulk+0x168/0x320 [ 1927.264222] io_submit_sqes+0x7099/0x86e0 [ 1927.264808] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1927.265519] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1927.266274] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1927.267002] ? lock_downgrade+0x6d0/0x6d0 [ 1927.267529] ? find_held_lock+0x2c/0x110 [ 1927.268096] ? io_submit_sqes+0x86e0/0x86e0 [ 1927.268691] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1927.269434] ? wait_for_completion_io+0x270/0x270 [ 1927.270115] ? rcu_read_lock_any_held+0x75/0xa0 [ 1927.270754] ? vfs_write+0x354/0xa70 [ 1927.271281] ? fput_many+0x2f/0x1a0 [ 1927.271788] ? ksys_write+0x1a9/0x260 [ 1927.272318] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1927.273027] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1927.273761] do_syscall_64+0x33/0x40 [ 1927.274247] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1927.275011] RIP: 0033:0x7fa3407dfb19 [ 1927.275557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1927.278041] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1927.279122] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1927.280132] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1927.281131] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1927.282087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1927.283058] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 [ 1927.291441] FAULT_INJECTION: forcing a failure. [ 1927.291441] name failslab, interval 1, probability 0, space 0, times 0 [ 1927.293046] CPU: 1 PID: 10569 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1927.293921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1927.295187] Call Trace: [ 1927.295590] dump_stack+0x107/0x167 [ 1927.296082] should_fail.cold+0x5/0xa [ 1927.296604] ? create_object.isra.0+0x3a/0xa20 [ 1927.297235] should_failslab+0x5/0x20 [ 1927.297762] kmem_cache_alloc+0x5b/0x360 [ 1927.298339] ? mark_held_locks+0x9e/0xe0 [ 1927.298865] create_object.isra.0+0x3a/0xa20 [ 1927.299503] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1927.300193] kmem_cache_alloc_bulk+0x168/0x320 [ 1927.300790] io_submit_sqes+0x7099/0x86e0 [ 1927.301413] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1927.302064] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1927.302753] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1927.303407] ? lock_downgrade+0x6d0/0x6d0 [ 1927.303950] ? find_held_lock+0x2c/0x110 [ 1927.304505] ? io_submit_sqes+0x86e0/0x86e0 [ 1927.305095] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1927.305761] ? wait_for_completion_io+0x270/0x270 [ 1927.306408] ? rcu_read_lock_any_held+0x75/0xa0 [ 1927.307033] ? vfs_write+0x354/0xa70 [ 1927.307540] ? fput_many+0x2f/0x1a0 [ 1927.308034] ? ksys_write+0x1a9/0x260 [ 1927.308562] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1927.309323] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1927.309982] do_syscall_64+0x33/0x40 [ 1927.310485] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1927.311149] RIP: 0033:0x7fd42ac9bb19 [ 1927.311640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1927.314135] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1927.315148] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1927.316100] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1927.317078] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1927.318080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1927.319047] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:55:00 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:00 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:55:00 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0xab58, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:55:00 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:00 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) 08:55:23 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 08:55:23 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:23 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:23 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:55:23 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:55:23 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) 08:55:23 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:23 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0xab580000, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 1950.084308] FAULT_INJECTION: forcing a failure. [ 1950.084308] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.085950] CPU: 1 PID: 10601 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1950.086929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1950.088066] Call Trace: [ 1950.088446] dump_stack+0x107/0x167 [ 1950.088965] should_fail.cold+0x5/0xa [ 1950.089534] ? create_object.isra.0+0x3a/0xa20 [ 1950.090214] should_failslab+0x5/0x20 [ 1950.090747] kmem_cache_alloc+0x5b/0x360 [ 1950.091349] ? mark_held_locks+0x9e/0xe0 [ 1950.091924] create_object.isra.0+0x3a/0xa20 [ 1950.092528] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1950.093264] kmem_cache_alloc_bulk+0x168/0x320 [ 1950.093935] io_submit_sqes+0x7099/0x86e0 [ 1950.094510] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1950.095221] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1950.095937] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1950.096610] ? lock_downgrade+0x6d0/0x6d0 [ 1950.097178] ? find_held_lock+0x2c/0x110 [ 1950.097791] ? io_submit_sqes+0x86e0/0x86e0 [ 1950.098402] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1950.099071] ? wait_for_completion_io+0x270/0x270 [ 1950.099765] ? rcu_read_lock_any_held+0x75/0xa0 [ 1950.100433] ? vfs_write+0x354/0xa70 [ 1950.100951] ? fput_many+0x2f/0x1a0 [ 1950.101486] ? ksys_write+0x1a9/0x260 [ 1950.102075] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1950.102795] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1950.103540] do_syscall_64+0x33/0x40 [ 1950.104073] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1950.104786] RIP: 0033:0x7fd42ac9bb19 [ 1950.105312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1950.108074] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1950.109162] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1950.110244] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1950.111273] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1950.111317] FAULT_INJECTION: forcing a failure. [ 1950.111317] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.112276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1950.112286] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 [ 1950.116385] CPU: 0 PID: 10604 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1950.117384] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1950.118514] FAULT_INJECTION: forcing a failure. [ 1950.118514] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.118534] Call Trace: [ 1950.118560] dump_stack+0x107/0x167 [ 1950.120943] should_fail.cold+0x5/0xa [ 1950.121532] should_failslab+0x5/0x20 [ 1950.122109] kmem_cache_alloc_bulk+0x4b/0x320 [ 1950.122704] io_submit_sqes+0x7099/0x86e0 [ 1950.123281] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1950.123981] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1950.124679] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1950.125361] ? lock_downgrade+0x6d0/0x6d0 [ 1950.125983] ? find_held_lock+0x2c/0x110 [ 1950.126586] ? io_submit_sqes+0x86e0/0x86e0 [ 1950.127154] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1950.127816] ? wait_for_completion_io+0x270/0x270 [ 1950.128472] ? rcu_read_lock_any_held+0x75/0xa0 [ 1950.129094] ? vfs_write+0x354/0xa70 [ 1950.129606] ? fput_many+0x2f/0x1a0 [ 1950.130081] ? ksys_write+0x1a9/0x260 [ 1950.130598] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1950.131289] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1950.131948] do_syscall_64+0x33/0x40 [ 1950.132453] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1950.133163] RIP: 0033:0x7f30d6b2fb19 [ 1950.133666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1950.136019] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1950.137008] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1950.137982] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1950.139048] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1950.140036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1950.140997] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 1950.142046] CPU: 1 PID: 10598 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1950.143110] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1950.144278] Call Trace: [ 1950.144670] dump_stack+0x107/0x167 [ 1950.145195] should_fail.cold+0x5/0xa [ 1950.145785] ? create_object.isra.0+0x3a/0xa20 [ 1950.146415] should_failslab+0x5/0x20 [ 1950.146966] kmem_cache_alloc+0x5b/0x360 [ 1950.147565] ? mark_held_locks+0x9e/0xe0 [ 1950.148143] create_object.isra.0+0x3a/0xa20 [ 1950.148781] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1950.149526] kmem_cache_alloc_bulk+0x168/0x320 [ 1950.150184] io_submit_sqes+0x7099/0x86e0 [ 1950.150783] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1950.151484] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1950.152186] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1950.152880] ? lock_downgrade+0x6d0/0x6d0 [ 1950.153456] ? find_held_lock+0x2c/0x110 [ 1950.154055] ? io_submit_sqes+0x86e0/0x86e0 [ 1950.154687] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1950.155371] ? wait_for_completion_io+0x270/0x270 [ 1950.156072] ? rcu_read_lock_any_held+0x75/0xa0 [ 1950.156724] ? vfs_write+0x354/0xa70 [ 1950.157245] ? fput_many+0x2f/0x1a0 [ 1950.157790] ? ksys_write+0x1a9/0x260 [ 1950.158330] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1950.159060] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1950.159786] do_syscall_64+0x33/0x40 [ 1950.160301] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1950.160985] RIP: 0033:0x7fa3407dfb19 [ 1950.161487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1950.163995] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1950.164966] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1950.165926] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1950.166876] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1950.167837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1950.168816] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 08:55:23 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:23 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:55:38 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:38 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0xab58000000000000, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:55:38 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:55:38 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:38 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:38 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 08:55:38 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 08:55:38 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 1965.707174] FAULT_INJECTION: forcing a failure. [ 1965.707174] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.708905] CPU: 0 PID: 10634 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1965.709902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.711038] Call Trace: [ 1965.711431] dump_stack+0x107/0x167 [ 1965.711941] should_fail.cold+0x5/0xa [ 1965.712463] ? create_object.isra.0+0x3a/0xa20 [ 1965.713116] should_failslab+0x5/0x20 [ 1965.713648] kmem_cache_alloc+0x5b/0x360 [ 1965.714238] ? mark_held_locks+0x9e/0xe0 [ 1965.714787] create_object.isra.0+0x3a/0xa20 [ 1965.715395] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.716126] kmem_cache_alloc_bulk+0x168/0x320 [ 1965.716747] io_submit_sqes+0x7099/0x86e0 [ 1965.717345] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1965.718147] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.718383] FAULT_INJECTION: forcing a failure. [ 1965.718383] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.718874] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.718894] ? lock_downgrade+0x6d0/0x6d0 [ 1965.718905] ? find_held_lock+0x2c/0x110 [ 1965.718922] ? io_submit_sqes+0x86e0/0x86e0 [ 1965.718944] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.718960] ? wait_for_completion_io+0x270/0x270 [ 1965.718976] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.718989] ? vfs_write+0x354/0xa70 [ 1965.719008] ? fput_many+0x2f/0x1a0 [ 1965.725955] ? ksys_write+0x1a9/0x260 [ 1965.726475] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.727199] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.727930] do_syscall_64+0x33/0x40 [ 1965.728480] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1965.729189] RIP: 0033:0x7fd42ac9bb19 [ 1965.729744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.732391] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.733507] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1965.734551] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1965.735596] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.736582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1965.737596] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 [ 1965.738715] CPU: 1 PID: 10633 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1965.739769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.740909] Call Trace: [ 1965.741274] dump_stack+0x107/0x167 [ 1965.741826] should_fail.cold+0x5/0xa [ 1965.742367] ? create_object.isra.0+0x3a/0xa20 [ 1965.743004] should_failslab+0x5/0x20 [ 1965.743554] kmem_cache_alloc+0x5b/0x360 [ 1965.744113] create_object.isra.0+0x3a/0xa20 [ 1965.744728] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.745415] kmem_cache_alloc_bulk+0x168/0x320 [ 1965.746025] io_submit_sqes+0x7099/0x86e0 [ 1965.746564] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1965.747204] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.747842] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.748285] FAULT_INJECTION: forcing a failure. [ 1965.748285] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.748470] ? lock_downgrade+0x6d0/0x6d0 [ 1965.750708] ? find_held_lock+0x2c/0x110 [ 1965.751262] ? io_submit_sqes+0x86e0/0x86e0 [ 1965.751882] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.752567] ? wait_for_completion_io+0x270/0x270 [ 1965.753252] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.753893] ? vfs_write+0x354/0xa70 [ 1965.754404] ? fput_many+0x2f/0x1a0 [ 1965.754949] ? ksys_write+0x1a9/0x260 [ 1965.755531] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.756249] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.756984] do_syscall_64+0x33/0x40 [ 1965.757463] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1965.758170] RIP: 0033:0x7f30d6b2fb19 [ 1965.758695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.761256] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.762299] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1965.763224] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1965.764209] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.765157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1965.766148] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 1965.767182] CPU: 0 PID: 10635 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1965.768228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.769398] Call Trace: [ 1965.769811] dump_stack+0x107/0x167 [ 1965.770331] should_fail.cold+0x5/0xa [ 1965.770893] ? create_object.isra.0+0x3a/0xa20 [ 1965.771506] should_failslab+0x5/0x20 [ 1965.772039] kmem_cache_alloc+0x5b/0x360 [ 1965.772623] ? mark_held_locks+0x9e/0xe0 [ 1965.773198] create_object.isra.0+0x3a/0xa20 [ 1965.773888] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.774625] kmem_cache_alloc_bulk+0x168/0x320 [ 1965.775270] io_submit_sqes+0x7099/0x86e0 [ 1965.775873] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1965.776648] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.777370] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.778105] ? lock_downgrade+0x6d0/0x6d0 [ 1965.778713] ? find_held_lock+0x2c/0x110 [ 1965.779306] ? io_submit_sqes+0x86e0/0x86e0 [ 1965.779913] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.780613] ? wait_for_completion_io+0x270/0x270 [ 1965.781354] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.782054] ? vfs_write+0x354/0xa70 [ 1965.782584] ? fput_many+0x2f/0x1a0 [ 1965.783141] ? ksys_write+0x1a9/0x260 [ 1965.783682] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.784433] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.785228] do_syscall_64+0x33/0x40 [ 1965.785818] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1965.786541] RIP: 0033:0x7fa3407dfb19 [ 1965.787074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.789651] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.790794] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1965.791751] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1965.792726] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.793737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1965.794743] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 [ 1965.799268] FAULT_INJECTION: forcing a failure. [ 1965.799268] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.801013] CPU: 1 PID: 10623 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 1965.801964] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.803104] Call Trace: [ 1965.803477] dump_stack+0x107/0x167 [ 1965.803987] should_fail.cold+0x5/0xa [ 1965.804535] should_failslab+0x5/0x20 [ 1965.805069] kmem_cache_alloc_bulk+0x4b/0x320 [ 1965.805719] io_submit_sqes+0x7099/0x86e0 [ 1965.806298] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1965.806972] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.807667] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.808340] ? lock_downgrade+0x6d0/0x6d0 [ 1965.808895] ? find_held_lock+0x2c/0x110 [ 1965.809454] ? io_submit_sqes+0x86e0/0x86e0 [ 1965.810077] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.810739] ? wait_for_completion_io+0x270/0x270 [ 1965.811377] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.812024] ? vfs_write+0x354/0xa70 [ 1965.812508] ? fput_many+0x2f/0x1a0 [ 1965.812992] ? ksys_write+0x1a9/0x260 [ 1965.813513] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.814280] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.815021] do_syscall_64+0x33/0x40 [ 1965.815524] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1965.816218] RIP: 0033:0x7f04fc2c5b19 [ 1965.816715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.819188] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.820194] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 1965.821132] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1965.822109] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.823053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1965.823975] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:55:39 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:39 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:55:39 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:39 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 08:55:39 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x58ab) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:55:39 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) [ 1965.961147] FAULT_INJECTION: forcing a failure. [ 1965.961147] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.963069] CPU: 0 PID: 10649 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1965.964065] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.965244] Call Trace: [ 1965.965633] dump_stack+0x107/0x167 [ 1965.966174] should_fail.cold+0x5/0xa [ 1965.966722] ? create_object.isra.0+0x3a/0xa20 [ 1965.967399] should_failslab+0x5/0x20 [ 1965.967944] kmem_cache_alloc+0x5b/0x360 [ 1965.968526] ? mark_held_locks+0x9e/0xe0 [ 1965.969086] create_object.isra.0+0x3a/0xa20 [ 1965.969763] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.970491] kmem_cache_alloc_bulk+0x168/0x320 [ 1965.971128] io_submit_sqes+0x7099/0x86e0 [ 1965.971727] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1965.972413] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.973109] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1965.973828] ? lock_downgrade+0x6d0/0x6d0 [ 1965.974423] ? find_held_lock+0x2c/0x110 [ 1965.975019] ? io_submit_sqes+0x86e0/0x86e0 [ 1965.975648] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.976357] ? wait_for_completion_io+0x270/0x270 [ 1965.977062] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.977771] ? vfs_write+0x354/0xa70 [ 1965.978318] ? fput_many+0x2f/0x1a0 [ 1965.978823] ? ksys_write+0x1a9/0x260 [ 1965.979359] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.980101] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.980840] do_syscall_64+0x33/0x40 [ 1965.981392] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1965.982144] RIP: 0033:0x7fd42ac9bb19 [ 1965.982651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.985283] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.986404] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1965.987379] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1965.988346] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.989319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1965.990346] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:55:39 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:39 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:39 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xab58) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:55:39 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 1966.073477] FAULT_INJECTION: forcing a failure. [ 1966.073477] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.075245] CPU: 0 PID: 10655 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1966.076209] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.077360] Call Trace: [ 1966.077791] dump_stack+0x107/0x167 [ 1966.078341] should_fail.cold+0x5/0xa [ 1966.078878] ? create_object.isra.0+0x3a/0xa20 [ 1966.079504] should_failslab+0x5/0x20 [ 1966.080030] kmem_cache_alloc+0x5b/0x360 [ 1966.080640] ? mark_held_locks+0x9e/0xe0 [ 1966.081221] create_object.isra.0+0x3a/0xa20 [ 1966.081857] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1966.082545] kmem_cache_alloc_bulk+0x168/0x320 [ 1966.083158] io_submit_sqes+0x7099/0x86e0 [ 1966.083717] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1966.084380] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.085047] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.085788] ? lock_downgrade+0x6d0/0x6d0 [ 1966.086388] ? find_held_lock+0x2c/0x110 [ 1966.086976] ? io_submit_sqes+0x86e0/0x86e0 [ 1966.087581] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1966.088253] ? wait_for_completion_io+0x270/0x270 [ 1966.088935] ? rcu_read_lock_any_held+0x75/0xa0 [ 1966.089573] ? vfs_write+0x354/0xa70 [ 1966.090152] ? fput_many+0x2f/0x1a0 [ 1966.090672] ? ksys_write+0x1a9/0x260 [ 1966.091207] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 08:55:39 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) [ 1966.091918] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.092772] do_syscall_64+0x33/0x40 [ 1966.093276] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1966.094026] RIP: 0033:0x7fa3407dfb19 [ 1966.094550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.097103] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1966.098187] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1966.099170] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1966.100172] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1966.101177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1966.102245] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 08:55:39 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1966.162517] FAULT_INJECTION: forcing a failure. [ 1966.162517] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.164184] CPU: 1 PID: 10663 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1966.165089] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.166192] Call Trace: [ 1966.166531] dump_stack+0x107/0x167 [ 1966.167000] should_fail.cold+0x5/0xa [ 1966.167497] ? create_object.isra.0+0x3a/0xa20 [ 1966.168082] should_failslab+0x5/0x20 [ 1966.168593] kmem_cache_alloc+0x5b/0x360 [ 1966.169135] ? mark_held_locks+0x9e/0xe0 [ 1966.169670] create_object.isra.0+0x3a/0xa20 [ 1966.170301] FAULT_INJECTION: forcing a failure. [ 1966.170301] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.171822] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1966.171843] kmem_cache_alloc_bulk+0x168/0x320 [ 1966.171865] io_submit_sqes+0x7099/0x86e0 [ 1966.171890] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1966.174507] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.175228] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.175896] ? lock_downgrade+0x6d0/0x6d0 [ 1966.176451] ? find_held_lock+0x2c/0x110 [ 1966.177017] ? io_submit_sqes+0x86e0/0x86e0 [ 1966.177628] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1966.178340] ? wait_for_completion_io+0x270/0x270 [ 1966.179007] ? rcu_read_lock_any_held+0x75/0xa0 [ 1966.179688] ? vfs_write+0x354/0xa70 [ 1966.180213] ? fput_many+0x2f/0x1a0 [ 1966.180707] ? ksys_write+0x1a9/0x260 [ 1966.181262] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1966.182028] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.182783] do_syscall_64+0x33/0x40 [ 1966.183321] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1966.184042] RIP: 0033:0x7fd42ac9bb19 [ 1966.184564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.187145] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1966.188216] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1966.189212] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1966.190246] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1966.191246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1966.192257] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 [ 1966.193311] CPU: 0 PID: 10659 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1966.194397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.195517] Call Trace: [ 1966.195911] dump_stack+0x107/0x167 [ 1966.196431] should_fail.cold+0x5/0xa [ 1966.196954] ? create_object.isra.0+0x3a/0xa20 [ 1966.197585] ? create_object.isra.0+0x3a/0xa20 [ 1966.198277] should_failslab+0x5/0x20 [ 1966.198805] kmem_cache_alloc+0x5b/0x360 [ 1966.199383] create_object.isra.0+0x3a/0xa20 [ 1966.200003] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1966.200714] kmem_cache_alloc_bulk+0x168/0x320 [ 1966.201338] io_submit_sqes+0x7099/0x86e0 [ 1966.201950] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1966.202649] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.203343] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.204018] ? lock_downgrade+0x6d0/0x6d0 [ 1966.204598] ? find_held_lock+0x2c/0x110 [ 1966.205171] ? io_submit_sqes+0x86e0/0x86e0 [ 1966.205818] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1966.206487] ? wait_for_completion_io+0x270/0x270 [ 1966.207178] ? rcu_read_lock_any_held+0x75/0xa0 [ 1966.207843] ? vfs_write+0x354/0xa70 [ 1966.208375] ? fput_many+0x2f/0x1a0 [ 1966.208841] ? ksys_write+0x1a9/0x260 [ 1966.209392] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1966.210165] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.210914] do_syscall_64+0x33/0x40 [ 1966.211480] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1966.212239] RIP: 0033:0x7f30d6b2fb19 [ 1966.212763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.215481] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1966.216577] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1966.217568] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1966.218621] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1966.219635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1966.220620] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 1966.234579] FAULT_INJECTION: forcing a failure. [ 1966.234579] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1966.236419] CPU: 1 PID: 10666 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 1966.237377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.238604] Call Trace: [ 1966.238990] dump_stack+0x107/0x167 [ 1966.239512] should_fail.cold+0x5/0xa [ 1966.240062] __alloc_pages_nodemask+0x182/0x690 [ 1966.240726] ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230 [ 1966.241590] alloc_pages_current+0x187/0x280 [ 1966.242229] allocate_slab+0x26f/0x380 [ 1966.242821] ___slab_alloc+0x470/0x700 [ 1966.243353] ? io_submit_sqes+0x7099/0x86e0 [ 1966.243980] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 1966.244613] kmem_cache_alloc_bulk+0x1ec/0x320 [ 1966.245244] io_submit_sqes+0x7099/0x86e0 [ 1966.245847] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1966.246527] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.247222] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1966.247909] ? lock_downgrade+0x6d0/0x6d0 [ 1966.248473] ? find_held_lock+0x2c/0x110 [ 1966.248999] ? io_submit_sqes+0x86e0/0x86e0 [ 1966.249560] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1966.250207] ? wait_for_completion_io+0x270/0x270 [ 1966.250843] ? rcu_read_lock_any_held+0x75/0xa0 [ 1966.251467] ? vfs_write+0x354/0xa70 [ 1966.251964] ? fput_many+0x2f/0x1a0 [ 1966.252443] ? ksys_write+0x1a9/0x260 [ 1966.252944] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1966.253645] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.254345] do_syscall_64+0x33/0x40 [ 1966.254836] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1966.255491] RIP: 0033:0x7f04fc2c5b19 [ 1966.255976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.258440] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1966.259539] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 1966.260546] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1966.261591] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1966.262584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1966.263505] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:55:39 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:39 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:55 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 08:55:55 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:55 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:55:55 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 08:55:55 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xab580000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 1982.322041] FAULT_INJECTION: forcing a failure. [ 1982.322041] name failslab, interval 1, probability 0, space 0, times 0 [ 1982.323688] CPU: 0 PID: 10686 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1982.324642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1982.325785] Call Trace: [ 1982.326179] dump_stack+0x107/0x167 [ 1982.326693] should_fail.cold+0x5/0xa [ 1982.327214] ? create_object.isra.0+0x3a/0xa20 [ 1982.327844] should_failslab+0x5/0x20 [ 1982.328384] kmem_cache_alloc+0x5b/0x360 [ 1982.328957] ? mark_held_locks+0x9e/0xe0 [ 1982.329529] create_object.isra.0+0x3a/0xa20 [ 1982.330179] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1982.330877] kmem_cache_alloc_bulk+0x168/0x320 [ 1982.331531] io_submit_sqes+0x7099/0x86e0 [ 1982.332128] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1982.332826] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.333533] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.334256] ? lock_downgrade+0x6d0/0x6d0 [ 1982.334832] ? find_held_lock+0x2c/0x110 [ 1982.335406] ? io_submit_sqes+0x86e0/0x86e0 [ 1982.336008] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1982.336678] ? wait_for_completion_io+0x270/0x270 [ 1982.337358] ? rcu_read_lock_any_held+0x75/0xa0 [ 1982.338047] ? vfs_write+0x354/0xa70 [ 1982.338561] ? fput_many+0x2f/0x1a0 [ 1982.339063] ? ksys_write+0x1a9/0x260 [ 1982.339591] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1982.340320] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1982.341054] do_syscall_64+0x33/0x40 [ 1982.341556] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1982.342267] RIP: 0033:0x7fa3407dfb19 [ 1982.342772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1982.345253] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1982.346323] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1982.347281] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1982.348234] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1982.349174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1982.350151] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 08:55:55 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:55:55 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:55:55 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1982.361476] FAULT_INJECTION: forcing a failure. [ 1982.361476] name failslab, interval 1, probability 0, space 0, times 0 [ 1982.363150] CPU: 0 PID: 10690 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1982.364099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1982.365244] Call Trace: [ 1982.365623] dump_stack+0x107/0x167 [ 1982.366202] should_fail.cold+0x5/0xa [ 1982.366721] ? create_object.isra.0+0x3a/0xa20 [ 1982.367360] should_failslab+0x5/0x20 [ 1982.367876] kmem_cache_alloc+0x5b/0x360 [ 1982.368440] ? mark_held_locks+0x9e/0xe0 [ 1982.369018] create_object.isra.0+0x3a/0xa20 [ 1982.369625] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1982.370362] kmem_cache_alloc_bulk+0x168/0x320 [ 1982.370992] io_submit_sqes+0x7099/0x86e0 [ 1982.371565] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1982.372252] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.372930] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.373583] ? lock_downgrade+0x6d0/0x6d0 [ 1982.374171] ? find_held_lock+0x2c/0x110 [ 1982.374726] ? io_submit_sqes+0x86e0/0x86e0 [ 1982.375333] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1982.376004] ? wait_for_completion_io+0x270/0x270 [ 1982.376641] ? rcu_read_lock_any_held+0x75/0xa0 [ 1982.377275] ? vfs_write+0x354/0xa70 [ 1982.377797] ? fput_many+0x2f/0x1a0 [ 1982.378360] ? ksys_write+0x1a9/0x260 [ 1982.378889] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1982.379593] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1982.380329] do_syscall_64+0x33/0x40 [ 1982.380853] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1982.381552] RIP: 0033:0x7fd42ac9bb19 [ 1982.382096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1982.384688] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1982.385786] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1982.386815] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1982.387813] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1982.388821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1982.389849] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 [ 1982.403102] FAULT_INJECTION: forcing a failure. [ 1982.403102] name failslab, interval 1, probability 0, space 0, times 0 [ 1982.404399] CPU: 0 PID: 10698 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1982.405130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1982.406153] Call Trace: [ 1982.406518] dump_stack+0x107/0x167 [ 1982.407015] should_fail.cold+0x5/0xa [ 1982.407558] ? create_object.isra.0+0x3a/0xa20 [ 1982.408196] should_failslab+0x5/0x20 [ 1982.408723] kmem_cache_alloc+0x5b/0x360 [ 1982.409284] ? mark_held_locks+0x9e/0xe0 [ 1982.409840] create_object.isra.0+0x3a/0xa20 [ 1982.410507] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1982.411225] kmem_cache_alloc_bulk+0x168/0x320 [ 1982.411899] io_submit_sqes+0x7099/0x86e0 [ 1982.412489] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1982.413202] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.413926] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.414620] ? lock_downgrade+0x6d0/0x6d0 [ 1982.415198] ? find_held_lock+0x2c/0x110 [ 1982.415792] ? io_submit_sqes+0x86e0/0x86e0 [ 1982.416420] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1982.417105] ? wait_for_completion_io+0x270/0x270 [ 1982.417782] ? rcu_read_lock_any_held+0x75/0xa0 [ 1982.418476] ? vfs_write+0x354/0xa70 [ 1982.418987] ? fput_many+0x2f/0x1a0 [ 1982.419498] ? ksys_write+0x1a9/0x260 [ 1982.420028] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1982.420747] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1982.421464] do_syscall_64+0x33/0x40 [ 1982.422000] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1982.422704] RIP: 0033:0x7f30d6b2fb19 [ 1982.423214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1982.425753] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1982.426834] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1982.427818] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1982.428802] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1982.429785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1982.430822] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 1982.442753] FAULT_INJECTION: forcing a failure. [ 1982.442753] name failslab, interval 1, probability 0, space 0, times 0 [ 1982.444627] CPU: 1 PID: 10700 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 1982.445570] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1982.446767] Call Trace: [ 1982.447134] dump_stack+0x107/0x167 [ 1982.447600] should_fail.cold+0x5/0xa [ 1982.448090] ? create_object.isra.0+0x3a/0xa20 [ 1982.448721] should_failslab+0x5/0x20 [ 1982.449235] kmem_cache_alloc+0x5b/0x360 [ 1982.449791] create_object.isra.0+0x3a/0xa20 [ 1982.450430] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1982.451137] kmem_cache_alloc_bulk+0x168/0x320 [ 1982.451781] io_submit_sqes+0x7099/0x86e0 [ 1982.452350] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1982.452983] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.453635] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.454333] ? lock_downgrade+0x6d0/0x6d0 [ 1982.454899] ? find_held_lock+0x2c/0x110 [ 1982.455466] ? io_submit_sqes+0x86e0/0x86e0 [ 1982.456071] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1982.456729] ? wait_for_completion_io+0x270/0x270 [ 1982.457367] ? rcu_read_lock_any_held+0x75/0xa0 [ 1982.458050] ? vfs_write+0x354/0xa70 [ 1982.458537] ? fput_many+0x2f/0x1a0 [ 1982.459034] ? ksys_write+0x1a9/0x260 [ 1982.459548] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1982.460242] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1982.460931] do_syscall_64+0x33/0x40 [ 1982.461438] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1982.462178] RIP: 0033:0x7f04fc2c5b19 [ 1982.462688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1982.465020] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1982.466097] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 1982.467075] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1982.468050] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1982.469005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1982.469984] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:55:55 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) [ 1982.535283] FAULT_INJECTION: forcing a failure. [ 1982.535283] name failslab, interval 1, probability 0, space 0, times 0 [ 1982.536974] CPU: 0 PID: 10706 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1982.537961] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1982.539115] Call Trace: [ 1982.539491] dump_stack+0x107/0x167 [ 1982.540015] should_fail.cold+0x5/0xa [ 1982.540558] ? create_object.isra.0+0x3a/0xa20 [ 1982.541206] should_failslab+0x5/0x20 [ 1982.541753] kmem_cache_alloc+0x5b/0x360 [ 1982.542363] ? mark_held_locks+0x9e/0xe0 [ 1982.542931] create_object.isra.0+0x3a/0xa20 [ 1982.543536] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1982.544224] kmem_cache_alloc_bulk+0x168/0x320 [ 1982.544870] io_submit_sqes+0x7099/0x86e0 [ 1982.545459] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1982.546165] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.546823] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1982.547487] ? lock_downgrade+0x6d0/0x6d0 [ 1982.548067] ? find_held_lock+0x2c/0x110 [ 1982.548645] ? io_submit_sqes+0x86e0/0x86e0 [ 1982.549233] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1982.549971] ? wait_for_completion_io+0x270/0x270 [ 1982.550644] ? rcu_read_lock_any_held+0x75/0xa0 [ 1982.551287] ? vfs_write+0x354/0xa70 [ 1982.551801] ? fput_many+0x2f/0x1a0 [ 1982.552321] ? ksys_write+0x1a9/0x260 [ 1982.552874] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1982.553625] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1982.554397] do_syscall_64+0x33/0x40 [ 1982.554936] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1982.555660] RIP: 0033:0x7fa3407dfb19 [ 1982.556186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1982.558836] RSP: 002b:00007fa33dd55188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1982.559958] RAX: ffffffffffffffda RBX: 00007fa3408f2f60 RCX: 00007fa3407dfb19 [ 1982.561024] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1982.562050] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1982.563091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1982.564084] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 08:56:11 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(0x0, 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:11 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:11 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) 08:56:11 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:56:11 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xab58000000000000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:56:11 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) 08:56:11 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1998.756309] FAULT_INJECTION: forcing a failure. [ 1998.756309] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1998.758846] CPU: 0 PID: 10718 Comm: syz-executor.7 Not tainted 5.10.173 #1 [ 1998.760084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1998.761491] Call Trace: [ 1998.761967] dump_stack+0x107/0x167 [ 1998.762621] should_fail.cold+0x5/0xa [ 1998.763283] _copy_to_user+0x2e/0x180 [ 1998.763933] simple_read_from_buffer+0xcc/0x160 [ 1998.764731] proc_fail_nth_read+0x198/0x230 [ 1998.765434] ? proc_sessionid_read+0x230/0x230 [ 1998.766244] ? security_file_permission+0x24e/0x570 [ 1998.767082] ? perf_trace_initcall_start+0x101/0x380 [ 1998.767919] ? proc_sessionid_read+0x230/0x230 [ 1998.768696] vfs_read+0x228/0x580 [ 1998.769308] ksys_read+0x12d/0x260 [ 1998.769936] ? vfs_write+0xa70/0xa70 [ 1998.770603] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1998.771518] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1998.772406] do_syscall_64+0x33/0x40 [ 1998.773042] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1998.773925] RIP: 0033:0x7fa34079269c [ 1998.774656] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1998.774876] FAULT_INJECTION: forcing a failure. [ 1998.774876] name failslab, interval 1, probability 0, space 0, times 0 [ 1998.777787] RSP: 002b:00007fa33dd55170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1998.777843] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa34079269c [ 1998.777853] RDX: 000000000000000f RSI: 00007fa33dd551e0 RDI: 0000000000000004 [ 1998.777863] RBP: 00007fa33dd551d0 R08: 0000000000000000 R09: 0000000000000000 [ 1998.777872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1998.777883] R13: 00007ffcd5f0c66f R14: 00007fa33dd55300 R15: 0000000000022000 [ 1998.787203] CPU: 1 PID: 10719 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1998.788151] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1998.789281] Call Trace: [ 1998.789642] dump_stack+0x107/0x167 [ 1998.790175] FAULT_INJECTION: forcing a failure. [ 1998.790175] name failslab, interval 1, probability 0, space 0, times 0 [ 1998.791376] should_fail.cold+0x5/0xa [ 1998.791787] ? create_object.isra.0+0x3a/0xa20 [ 1998.792285] should_failslab+0x5/0x20 [ 1998.792682] kmem_cache_alloc+0x5b/0x360 [ 1998.793115] ? mark_held_locks+0x9e/0xe0 [ 1998.793544] create_object.isra.0+0x3a/0xa20 [ 1998.794013] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1998.794573] kmem_cache_alloc_bulk+0x168/0x320 [ 1998.795061] io_submit_sqes+0x7099/0x86e0 [ 1998.795499] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1998.796028] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1998.796550] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1998.797073] ? io_submit_sqes+0x86e0/0x86e0 [ 1998.797569] ? recalibrate_cpu_khz+0x10/0x10 [ 1998.798037] ? ktime_get+0x158/0x1f0 [ 1998.798611] ? lapic_timer_set_periodic+0x60/0x60 [ 1998.799250] ? clockevents_program_event+0x131/0x360 [ 1998.799908] ? tick_program_event+0xa8/0x140 [ 1998.800526] ? hrtimer_interrupt+0x771/0x9b0 [ 1998.801118] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1998.801828] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1998.802591] do_syscall_64+0x33/0x40 [ 1998.803081] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1998.803780] RIP: 0033:0x7f30d6b2fb19 [ 1998.804302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1998.806899] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1998.807953] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1998.808916] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1998.809897] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1998.810907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1998.811901] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 1998.812900] CPU: 0 PID: 10723 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1998.814216] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1998.815606] Call Trace: [ 1998.816099] dump_stack+0x107/0x167 [ 1998.816714] should_fail.cold+0x5/0xa [ 1998.817378] ? create_object.isra.0+0x3a/0xa20 [ 1998.818212] should_failslab+0x5/0x20 [ 1998.818875] kmem_cache_alloc+0x5b/0x360 [ 1998.819570] ? mark_held_locks+0x9e/0xe0 [ 1998.820268] create_object.isra.0+0x3a/0xa20 [ 1998.821030] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1998.821926] kmem_cache_alloc_bulk+0x168/0x320 [ 1998.822738] io_submit_sqes+0x7099/0x86e0 [ 1998.823455] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1998.824309] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1998.825114] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1998.825936] ? lock_downgrade+0x6d0/0x6d0 [ 1998.826667] ? find_held_lock+0x2c/0x110 [ 1998.827367] ? io_submit_sqes+0x86e0/0x86e0 [ 1998.828111] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1998.828927] ? wait_for_completion_io+0x270/0x270 [ 1998.829706] ? rcu_read_lock_any_held+0x75/0xa0 [ 1998.830507] ? vfs_write+0x354/0xa70 [ 1998.831152] ? fput_many+0x2f/0x1a0 [ 1998.831781] ? ksys_write+0x1a9/0x260 [ 1998.832459] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1998.833355] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1998.834289] do_syscall_64+0x33/0x40 [ 1998.834934] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1998.835802] RIP: 0033:0x7fd42ac9bb19 [ 1998.836442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1998.839571] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1998.840867] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1998.842077] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1998.843327] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1998.844512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1998.845700] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:56:11 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:56:12 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 1998.915334] FAULT_INJECTION: forcing a failure. [ 1998.915334] name failslab, interval 1, probability 0, space 0, times 0 [ 1998.917075] CPU: 1 PID: 10731 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 1998.918009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1998.919184] Call Trace: [ 1998.919569] dump_stack+0x107/0x167 [ 1998.920082] should_fail.cold+0x5/0xa [ 1998.920607] ? create_object.isra.0+0x3a/0xa20 08:56:12 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 1998.921257] should_failslab+0x5/0x20 [ 1998.922053] kmem_cache_alloc+0x5b/0x360 [ 1998.922642] create_object.isra.0+0x3a/0xa20 [ 1998.923220] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1998.923919] kmem_cache_alloc_bulk+0x168/0x320 [ 1998.924550] io_submit_sqes+0x7099/0x86e0 [ 1998.925205] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1998.925917] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1998.926631] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1998.927272] ? io_submit_sqes+0x86e0/0x86e0 [ 1998.927870] ? recalibrate_cpu_khz+0x10/0x10 [ 1998.928476] ? ktime_get+0x158/0x1f0 [ 1998.929007] ? lapic_timer_set_periodic+0x60/0x60 [ 1998.929657] ? clockevents_program_event+0x131/0x360 [ 1998.930413] ? tick_program_event+0xa8/0x140 [ 1998.930999] ? hrtimer_interrupt+0x771/0x9b0 [ 1998.931626] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1998.932356] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1998.933086] do_syscall_64+0x33/0x40 [ 1998.933593] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1998.934416] RIP: 0033:0x7f04fc2c5b19 [ 1998.934917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1998.937402] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1998.938477] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 1998.939419] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1998.940387] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1998.941370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1998.942354] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:56:12 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1998.999950] FAULT_INJECTION: forcing a failure. [ 1998.999950] name failslab, interval 1, probability 0, space 0, times 0 [ 1999.001625] CPU: 0 PID: 10735 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1999.002569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.003726] Call Trace: [ 1999.004116] dump_stack+0x107/0x167 [ 1999.004638] should_fail.cold+0x5/0xa [ 1999.005196] ? create_object.isra.0+0x3a/0xa20 [ 1999.005847] should_failslab+0x5/0x20 [ 1999.006413] kmem_cache_alloc+0x5b/0x360 [ 1999.006976] ? mark_held_locks+0x9e/0xe0 [ 1999.007558] create_object.isra.0+0x3a/0xa20 [ 1999.008208] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1999.008998] kmem_cache_alloc_bulk+0x168/0x320 [ 1999.009661] io_submit_sqes+0x7099/0x86e0 [ 1999.010237] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1999.010906] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.011579] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.012288] ? io_submit_sqes+0x86e0/0x86e0 [ 1999.012891] ? recalibrate_cpu_khz+0x10/0x10 [ 1999.013500] ? ktime_get+0x158/0x1f0 [ 1999.014041] ? lapic_timer_set_periodic+0x60/0x60 [ 1999.014752] ? clockevents_program_event+0x131/0x360 [ 1999.015434] ? tick_program_event+0xa8/0x140 [ 1999.016014] ? hrtimer_interrupt+0x771/0x9b0 [ 1999.016575] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.017266] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.018001] do_syscall_64+0x33/0x40 [ 1999.018564] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.019270] RIP: 0033:0x7f30d6b2fb19 [ 1999.019787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1999.022392] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1999.023430] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1999.024386] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1999.025352] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.026335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1999.027306] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:56:12 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.pending_reads\x00', 0x18000, 0x8) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r4, 0x8930, &(0x7f0000000b40)={'sit0\x00', 0x0}) r5 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000001c0)=0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x2344, 0x28, 0x100, 0x70bd28, 0x25dfdbfc, {0xd}, [@generic="0046cad55181c791b4bcd6ae7de7806e5a177f67f1977606ab337680eb8f1e19bb6c2e614b9bcb948154469df44374bfc21e4ceaaa1efaeb9ba4a29ca039cdf002fbe236a7b2b149586cf05e5dbc284ed3422a806045f59799b256931a669a820f20e1ea4e25e0", @nested={0x1024, 0x6a, 0x0, 0x1, [@typed={0xc, 0x92, 0x0, 0x0, @u64=0x40}, @generic="1c8f92a0745d59c963e528459f34558c6ad00d30430edadc59f09bef73cf8dca58a91209d8955666062d5bb60a2cfd631404f63447a9a814190a5c05f245f8f43ceb02aba7be67cb46dd715b94a0eca2d80a265688726c0b0ac807b54cdf21f366f0dc78e180dcc5a7b67f111cf41158b3b7e2eeae02d2c61da4e8e96e6f969b02f26ac53c7b34149c19d0c3eeb1a2fe27bf28c847b9462676baab3447643a9ad60b017694fce517e73d29d321ba0cfef0395e4bb4483d3b6bdab3d6dbcda22b42fb30bdc337907e26f617b66debe1a840aaaa9b8b3990ed4f7dc9b358ad886e012adaf89be90bc99611f99635e94c8045ebe5a22fcf7ba246f63e15f6d4ab57ee7f01231fce356dc48f8ca771bc626005869384e378d2ad27150f8e80628c1ce481e2a98ef50109bc47a7ff2cc43555fe09b6a66c5614346d09266a1ce002cb351ed066f49f46e5a3796ffcd6c483053a9c92924cae4a4fa57bfd163bfbf1578114c4456cae12bde7e07ce51ac820a00ec4e4ba2e48c9798125d7abb85ec40c8ec7170426d8a29cdff0c317b9bdbb2d76a72d7eb6d61dc525267da2357ac0eb35aa52aee64a5eb5164c95566e02284df88b34e52c91e12bb4409b6288493492b224a6f5b0f32b044199ebb31b30559e5ad34253e67797347f8ef75e80433c626fd15f67713ab7776dbdd8e033c09f20e408d50d6e1cd59be8b0cc65c59734e74cda6c3ae9cdc3bf1605b95d61e17ec951da1ba6c6bc6e6f3ab4928889a76315114fde007441d58fd676e951b901c3d2127b1b9400221068a43e57c8e117135b365e44df4d27bc6c15a187d4b616a4a194743b77d171b11a1155c2144e7d429f95cc3d07efa578ae35cec09d4a91885c288f450754478b6cad82cfefb5a792794920cdbd4f85aecfa6dcdbe1d8b6c2d81085fc5faecfedbca73bf6b55db1b1f7187953d43c1da164a297821142221c99f65c01db215355687e1d02e13690f58e3dd5041665095688e23352b7579aa2e84a951355f782b949a829835a23b2cb5791c5997ecf1a8b344d4f51e60f23416422989aa621b8612d3119f21f456d5a752be67f69095434bdd81284ee1fd2952421aa25218226092e99cadc952a030dc1c58198dede573a9566526bff746b4fa4bfbcea6a3a042f240ca02a41ff416fc4fcec74b67e0beca7799dd58cb12d9759461b0074aec9ca026354b67da8616d932096985a4507de76a99efc34d0b1de47262951207fc2539fc4445d41ffd7ae6cde0a39d3fd555048b35582fcb4eafd918200c73a1364ba1cd9cd46f7c2da81f7f7e1ebf0fef5b590351737cc7ae0b7ec94aa0b9f83876d47dfa0adbd0d34799eaebaa16d8933103d49fa031ca957310453228f335e2f82d8adb9df0b161ba630af62993a2e9a1f983a6c413c17dedf42febe434f55ecdfb15acaf28760d00e770f744681f17f6e777ac77061226dbb53015fcbacfbeb80e8fd73750c3854644848c8a0d514ad2a4ac7847df7c57fa2689407d57e55768bba235eb1ec43b0cebf751f235ba4f17c9ce2e4815e019f6153cdd2fae3d353a6d45745029a23e515e433b355e9427288e0071db1185e262bbf6d3c3d5e16b477192b3b2785db34c6f0960429c56254512a16ad961643c2a9c1e8f99e39f60dbdf4860b1d6313c84533efc7df1561d0d0d0bd60a1fd0e667c166c3258bc62b00fc7e6f82b8649bd804cb9d2b2fa44fb36a216a03df74f9591a12df3c2f5b4159fbdbf19eab8c43cd07b2421dfdfb80cff29b4899bb7c2d8f4b6b5abc147091b56c7d330229eedc9d6f8bb5193806df6518248dddc35a97d6a05d3104f68d446e7ec957ca8a6f218fcf829057530b55274631c502bcca6da3cafdd5b1e9758cdf6d3734adea1aa91d7332d2d86a499e1aad90a7444c10f8415f15710c64514051faeb5d404c6cc5c148c394d3c043707107fe6db33226db909368e58d4d8104ba022aae4b2dc1b6be8f041061a1bb55149dd6c973b9bf12bd886ad806f63c991795dca40ef9657b287a5ae5cb01d45e2b537925c98ce91ab218c4ef03c8ede2bd2342474de4a5e7bf99dad048c9ec44127b965e22cfc372804a6750af231bc989bfae773e23dcefe026fac66c7bf4b055d531242159fa3c1ce537cec5bf3437329d9f6fb815e9243d0eb97a09cc03cbfac8cde0bfc9c7fa5b56ba3c6f11707da3d3022f69be96a221b19c0757dd99be58330e7989952fd231c4f1bb838d460382a221cfb5b41e74c0aec1177954c317766303fb487f68089d3d5f2717ddb91799205a4fcfba5911efb24659e91b7c4827d99752535263387b016ec05f937efb8ef0ef35ce86b76d10252ff2f2ee8853a9568a728dc775bbed37cf816847091410b6c3b1e837e4bbfea4ea6d1dc1355462e5b424b9ef135b9065577a8408370ecb70d7c94f7bcb3a78f543fa4da7e00670cda51d68c3d71893a67d9ea63a3523b5b53f58c670831fe199bab9fcf55860dc2b2a87d89260078bfea694b9fbdcd09fae45f30a62967e9f5bd1a5b01bdc31443e63a98f88fc50e5a3c1ef05dff704c8692850992465a00f16f3d55c135123d7d53d160eeea7ffbc4490c826b32ee3ba34349d1515e8fce9f4170fa98f1e05f61dfabb8b31d1adb03bf98d2bf9f68883f3a60615375bf57828f2786f1ead1e2fbdbe28032a422fc23cf34b50666feac6f12161ecc273e2f80d91c6235af8a641b0b5e1e288f45b380dfae1dc686b57c0e09b386ca860833f101aa7ebb1e513c1a16e080df920361b0425e6c16f11974f4e33046126a4e4a4640a2b3ad788a816b9de8b0b76476bddd1ead137ceac9a18ab7be03b2a8a9597a7c6df30519f49b19c8ea302759340985c61c1a0399e6ff6a8cf29813e1d8881e6d471968e4a082408c40f7fe37d5887544ae57eae0e99548685b18e2570bbfac0741aa8e21409705eb75b206c96e5fa6677930867dcdae3864c7b49ebde8816b71afd441b7374c8fb6865f70f5205d211b2dcbeedb65093858da2c164561eac79b603492fc5f15141d465dfed31a75c22556199df8c50f131ed27d6a9cc73e15e345b28fa24b82dc56abaf71ca4b5b7e9b91543695e7b4863807b95f10dc509f9257446af8fe1cad4ebe3a7c4a10dc09e47327594d97e441be13db2671b0ff8516e0f024da74960d6909656c45f1fe6032459beb9d307a8f5efad11c2d36780fdd4ddbfc02255f0931e09b7b0e667dd57292f263975b000754e66daf73181e582b97f92e58df145badd89189499adfdd9616889cd8d0578fbd2137b3b2de65dcb5e988d5eb48f5709a3fe85553e1462685f1a54ee05d9ceafa78ddba37c887fa520649850d8b9060e0e250da9e35a76cd4bc4f910ec03130eee62c89d7de151b3c772f88b1efa8f072f0d3bcdb54bb27e58cbd340348e5a89a27d8a358d30be4007b174fb0364263e57ec068e9988c872265b0e47dddeec52628fc0e0098ea9cef962a4617f5489331f0bad77aecdf0f376416e3d2803d560db012af3ca2926c316a64112b3092bf243f4580496ed4cfbacce7562286e3a82388d68cab7571d77c947b4a75014b85ed7d226062e0b758bdfa1461b27e3468bdb7ab218341587f7ff14d10b5d37516e8d5c600b2d4c961b798adea47ccd4f88bf3eafcd893e1207f49c300275a3cf5786ed89c296fbc8489c965739f8cd2ad2f9df190ffac5cc29479f7bf427c7665d52ba036ee414e4d176d09e26c0cf61c5379f632b3265315b4ee2434329101be71e6e4645e605459c9946110714738114c8ad32bc79a00c369901bdf759b4ed11d4c2da211b87a735e3001951c5f6ea72a9a1c7d516b03fd37f6a7671bca6da54c8698f12e5eba05caba8405ac202da16e5e07ff3865b47b706cf71243e8955a9c6aafe5c9b165b7c24a085dd73b43b191a2a9e1488783b7146c5b89a1a5633953d3f9a0d806f40d69d1cb11312a87848da7dd333db28049af01640c5fce2b8227f734f631604a3df2a74b9ba799153429c4fb38b1b25ae041a7bd885fddd93e02f05f30eed6f413651b356030a2e99bef498a06d2a27e9ad265c56899ff96048eca1800f77c82cf5487dd8e1a4383cb4c42da144f0d9979e5109b62c28067a3f5e5033fcd9304e92b3d8bfd058920bfdfa89a9742c43d094252694d5867b7d25034e0260c0dc186b40edefb3c11864949fa06646a99b2cd79a7b60f20acbf4f8a7b74bbb3f9d8d8b98788b6284dfa5c8b780f70d0437af77cf94335f554119f91421ae254f48c99072da0fa5a28902f81740e08b9d5956533da99b8931a9e292f520a937ad40ea51dc451d967906a896150e1fa39c2a2e3a39318e2067abeb974477e571f1dc2b7adc5e5378d9c25393339a77098c4cd7ba756b877cb3a593a736e4444a6858114ac29fde00e4286fdc6d87d0aa560ad70a8e166ab617c28d71812aaece789fa3c94e6c677e7ce6853bb39eb9c414ffb01c0a29893628f596ba012438de8186e501292fbe32e9779f396dfe1dbd3aeb38433ee3db357427e982db744c306ff48c7d3a8c609da2b15e67042c4e0d369cf56ffacce2178b2765b74e930f5a6b8e7ca3a838a221b16c913c880ad28e1070e8dc6debbba47290b6b4270dc6ed1249d448bde09b57c2d665d2a646de17d54b7f629220d1595a9f9ad7baf161fc03348f395346fb61702c1c9c34cd05cff7dd2459bc42c6ca3d435b60ffa411059f4c76c9e2798c403331b2c177b47b7bcd3983223a5d7281f22f7c2a4e21f7021fd7c90c6afb490b20eebebdc1c508ccc293d958108b29f85727cdad1c0785611996d164273f298d5e900b57ff645e79f67d2a93ef9f3264613508f4bf02f1dfd8c8deda80b3d402c77c4832f9c4bf43f43f9b0f8d01a5bc108d57be4f510cfb1c7c2199f694f6e5541dd6de2b8be176685991a2c99116009702fa3b08942bb5c553823dddd3ae864fb7dc29d4ffe80023f32ccdbd6e54da283b9bef8cbc07bbbe6f039ca51dbc14367e9eb14dc071f320e2ee096f52b621c3300b6910b8b7aee3fda6c05081e49271bf243a8821481b97200c29b4b439063d7514c4437078355d8568ccc237b54ba9e30c12f1f6b1153d3eb4466e15c8e1914d3ad6f325e9bab496da060c49f3251af527937b2ead846b762af6a5f6848aa51381b3ee7b0cb61dacf5a5ad2e21a30f0fbde2ab2bab118b37d10aa5a56f81393a275fcfe4e6505611e806f233080c36b4c83c9f260c7e1ca0834446182087a86b237f274e1f17ac058a6d9f5b0299d47069b536200b52f5f386afa0614b1ea7d18f67f8ca5a5a060c12e01f210f82e71c4ebdd9c26840b5856f8c675709c78be671ed5e1dde7997190455fd7ba14e41c774f9edaa694296e6a242808053303c20016a359a00d1f7ad501895dff058d311a71f856eb5ee3bd95da18d32a96fc9d77662dd977ba3aa03d3b45256e5fa62cea19cdf25fe98a63651c6a88dec27ec60973310c8d3c36f11777237096d9bb7f72fe12dc13dcef634097c36dd935db4a5dce284ed2aa0b8eabf8e4da157f4a6c1afb680e44af4833206b1f863f85ee66a70bd96bc214a6e0201b38431f592c2ec0baf143b50a399d934225474c4fa3ba2ef166e86382c55d5acee4f9f1351766718f544301ad1bb756d9ae8c95359b1a22d75bccb8124f9d767adeed9eea9aeb3298ecc574440c730aff27f419570b7f010fdb0cb923119846ff0404b59d143c4297bb21d51d2a922188157a327b1cb9975b45aeaa585beb870a8d77765a75e030e2cf61700692b895029a", @generic="76bcd5cafa3a1248", @typed={0xa, 0x36, 0x0, 0x0, @str='wlan0\x00'}]}, @nested={0xeb, 0x26, 0x0, 0x1, [@typed={0x8, 0x87, 0x0, 0x0, @fd=r4}, @generic="439348b069d15b6eac78e7bcf3fb1c7214e2bab1d7473b1fa216df64d5373c417d83363a4c843b7c3fa5eb59bb11dfc05d4726818506f05cde6226a73357da0f8d0a44d1cbd9adf47ece0ef89ef1fb89639404e2f26f1b561b9aec1fa6152bedfdbf838b1c25fd171515bee22d967b125dbe374ce6627c63a8a3195c12feea18ac9dcc1f6251c4975a499f239b6841bf46c0256aaad40c16bb5a3f5ef1a7ea60bc9ec61a08328e4bdcbb685c29c8760ae32f532a5680cba2596e7660da5ca0932b4cbd31578f7d4391230a9a024eecb0dd070a31afa02508a7e935a4ab7f97"]}, @typed={0x8, 0x3b, 0x0, 0x0, @fd=r5}, @typed={0x6, 0x3, 0x0, 0x0, @str='-\x00'}, @typed={0x103, 0x11, 0x0, 0x0, @binary="a67f5f8193b725086076216332592de612db3ee90b96ac8a6a8716820477a4ab9093677497bb1cd0bb4881710f29e346a2d657ceec71e432d0e8ddca0cf167a26f474c4e2426c70e426f590115e833713c56a12889ce1865e097351a2e62086c1287649c10dcc7d700953a44f308682132bdfa011ca2fcd0ef504403b983c7f5aa91034c45863cdc32d79f7c99fe702c79f4abe7462833c611609d5efd8a3a6bbd9f3ca87c0f52162415418edc34776249743701c1c210568253abb01b7c76d669d9e5547dd6bdfe687a02dfb9e40c716c650e86f5a6967bea4493a0265e21cdf28886daba4c0108ab03dead7b53803cc6747ac1917256392c61a0e9d55bf7"}, @generic="8ceba43122b16cf7ab7a98c62816f73d3faa72d1b690806c26ec7bb5d0b635f10a0f54cf249bba3e3b5272c6ae645e717011299f8c8df2b13a2845223f52366d814f7756b02c7012bd5b39feddf3c435e11ac32bb5843bbbc7c07aad5bf9b708eea350a22215b85169af8ca88ec60a886a97d8b6c0f3816a748d6e128e9c5c27c3d554abfede4f478b4fa0a29e0fd25a3e242dd8bc3b33817bf0e0", @typed={0x8, 0x89, 0x0, 0x0, @uid=r6}, @generic="e8923672ffc6281adadfac1cdb1b1ed40f409b00487c3bdfc89a01342ff4a071264028c1c204238ee17d832069c654973e664a0132674067545b3e6442421776c97eb6e70e01a5aa000869cee938f24cb3dabf8deca607b386f4f8eafae3368f3a91e2ffb976285b1abdcfcfff2de1eb290ace0fd124802d77a4a0b5ad89774115ed2f6c94bdbb43fb0bd5bfb21dea4bdb0e8606e452ff3cfdfc4cebfd8fe76d248b042a919156bd01b85e5f867c5be97a394c19b794e9add356eb44044eb4780ed8b8a51930f5153f200f035ec6a53b5321383102aa4ebb3044695d88cd0cf5a63d88c8eb40af2ebee7efec34f8224c679d31bd501cb4ed2c37e9f89914eccbafe027188cbfeaf6b9e6cd71c52e2e363d7ecc7a66082e494c97d9ae397d17eec35f849eb9cb44308a599e4e79b5307ca3fddfa55ac0755008d6296b6691fa1ba89e03a9ffbda1ab24f398e6e152952d9bdfbf45c3427908f3753f6b8fab4948cf068570a9691ddd1d60d94c67d0a134f8b593c2b99d8399c87fcc55c5a6c35dd66e9e6f3530464d1f002b7b70fa8a7fec18ccdde7e83ef70a70869750257323783daf70db404a76f156d325878a7a8c9e473d70223d0cef832ace559cc626cdba30cacd85dd806463a30c21360f5d0848327373e3558267dbee846e75ced7cedbdfae2ae33cd393de6f979fca091c834c5669f8dba89be82c9bdab4221513e5771c226c7917dd2f9a8830a10087b83c6ed1f6df69f56e779e48add8fa30c607edfe714ee5da959c5cdb3335d5fc536b99c23ed3e6441be4d3296971a9b7d95e5460381326d6b15598d8e66f3fcc60430da7fb608b88640114f9a8ea4e408f7ebfd252bf0beb5c53e79f911a86ae7f58886a07ceece449e5781e9409410742c774207656c6dc2c65174ba0351b193d02c3216fd0d776979aa95d656ebe877154fea300dade8d923f00733e6fcf427127fd37cb9c16e3f3d06bea40cd08bd19b41d8146f6e64b9826ad52f9ce827eb14fd789409cf1060af8090358baaaae5073f5779e07309e987e73b0ad378b5f1ab3dd62e5937de279d08f2a5b942eb276410f5081fb8a32659da18bfa61307efe8d1fc435d90162c4b08585cd35f0b500c61527770f0f5f0bae97ae4b0b9e9f6b1928253074f83396c6e1c538bc03e2f2f9a8218b29149572d9ccc2159d6acb0441fc851d892fdac3de8d82d17f842c980f2434c0871f767e1de7e16b6e197c76cdfc8b4cb8c73935a9ebc14dca989d9d43b80d09c09a3114d33f176d0ebe7184e6c554c5d1173c2d343b41b606c61634e6a0c7ca6e8d7921bc8e424446c053b40c33bde8c31d589585b440dece1b188a402e83a7740534c111314537a79eaaf21169b14300946ae560a679a8be7446db87bd76f975cc37542af9347fc9b5352d3d8bc15586ef6f96a2eefa48fe5cff8293f18cd2c1d4c7596b26624fe31fa93e15884cc0a3389621e9c770e09727564bb9bde991bbb681c6285391a704454dbd49f8889a5a6492c7e69c1b1dc1da766e47f8d74f13b0ccc77536796503c520663f50111a67d2af7e9f75a67638b27db17c5d1ef296a00c095d67bd24d2073c6906e11a142a7d8eed1d6594ba659edf8464cb6ed932935dd692841ff623c7eb083706f6e1f005b515e7fca88916c598d0d946fe67eca7c992c50c21b1f6d22659418e9c2756f7f27a35b5362c928750d174de867df3af79ac7c25465a647c9a7013ab355194584e1a3a2fc64e78afe0726732e0070addc0cffcac46aec4d8b2489fa82c46d0ec64d2fd875fa33d50268a2be08b9c331381ae96162c6a1741ce2680cbbc28e9a4c898c455673058a0385d5c96cf43a7efd0bdce3cc03e6315d9a52342fe8582c1c17acf2bac4c51b295c0b3c1978fcbf8fd103b974a53a920f52a4ba9de6acdf52a9c569f910d93b53c62768fd10ca499374c1f2a7008a6b7b10ad04093f7f3f865bc8ee335f3148707037e2e582a2489883c84cbb1a058050af8ad89fbe2d2662923b857bddbfa06bae5b1599220f585788ee1a91246f3e1cad9cc5f638797c66aa71f48dda135226b367e764e2447cc750f611720a4460ffe1dce002b3e452de523983e7311f30219de2821b4f6ebc56d2259519dd40cea34c737bbf8b21f460af50a3e634d74da0c99e966739bd4490d206040cca663910533bde9c94fb98ca80762d6f5fb8530cc0e540372312e1d65d9c9098d0fcf03934ac70dd9d0d712d4316348e47fb3aaf060639a3c7452ba16ec7304ab750187e0d34c75161d7e3a8f9fff35df49afa8a3881bd77ba03f944f95c3b9ef742c3df452eac35075453bbb2114900b0730fc026ac8bad14fae75bf8e10208a3938624451fb06c8b38eb6516fd8a0e9727bcf7351f184d90e929f2d9e5931bcc0a11a6df935c273f9f2a504180388204bf870934637eb51fa28a4d0c80fdd6cb0a8728c7117998a79a1d5b99375f6d18643259362e93cda5dd1a20377a7b73497d8de0a51e51f02a4fba0db551e01dbb39aa5ba0d0d3623e459e8d8d0022cef59209a344e27858dc993c6c343d5976c5e2db4627a124466bdfe3338252ca931597720a0dfb98a5407897c379f098f5705beb075fa7da815e3ad98e1d1ddaaf6a95765f38f0990e00c60b68c1373d2a7e8c628110bb4d811493100e825b62ba0f78a7dcf2453d8006444072c13eb2aea4815659b50e8ba06f86416f88a5dd4ce6f1c09a226adc63f541170ef8ebabc6ddcecce23f812939694ac8bc78c0723f3929271f9befbd0efa604bd3b843eeb3f5076de7ce38806cf189329f124427491c602aa7b6387cbe345f38e605fab44d08137b0750aa070c3ae022a113e5f26972a8b4e1e40ebe41eadc4fbc6bccf65932f9d92c4bbaa773ff72a742fbcfe3048ce94647e866d71bdbaabc490f719dfcd247c8bd0b3c476a9d59509d6255bf63cb26e2bd1307a3d82abeae356d063a0ba245c91ffc9006e8040cdf79f90f1a66464eff377adb5765a342ab78deb0f40f76b8363ffdcf57c2cb5566ed6ec5340780b79cc5bcff47d27cad6d9084bfcab262527568c2427c60a2e82aae1f61d7839b94ba8b0625ec28ade0a38475cd2425482190d6a05c0e93b920e275c639365326f63cca16f6d28b115ce3b2bc6c2e76ca23a36fa159677702e3a5352fe3d2e5f6c8d6a3067a6d97b14534f4a05b44e7bc1c20514441e581a91bab21c7180357e09e37c01701169235265549aeade489813fafea010c4c4f3b14cf29a20ed8c2535490a8bf97e1e71319c2f8c33451e7b413f28abb672be6ce65e7b8d9fd4858f769608fde84c4fef4baa4f9c4b1c2c7d7fd8018dbb6c549b534eee5afd889837930366e2e4e903137ce1a84cbd92cd59fe0aaa0184e3d85bb41d02878f17fe9a1806b8b226628346bf7c1ab1ac83c09ea6c0dc476d135b3a26fe0eff34f42d059e46c83546ae7cce93abb94aea86757df869c1a32e0b74a63776eb092506c9ebabe80d9c7396a1f69b489a3bd0353b4ef99775d856487e72e215b761e2f262dff6200a5a4eee96dcb53667673e29277775d129bb1921add2df2a4cdaa8da83bd97ca652cc20b5eac2b02a941d62eed116bd806741404a7fdcfde2de0a10dd1da2b84f4bd9be1b46af76e8776d80b2ddc9c14c6ed14ff4e36055b8e53cfa7d6e57eebba8b328155045f75bfdb38e4a507c7270b139d5910fef276bb8dfb71b45708cdf742789f8b015f4f14aa2a631cc7d525c7228d5b28fb3ef011654beeda9bee6389316ef6a0930679adfaa06fe52316a3d76b769c0c58dcc852400da3bf730cd1920dc1ab9507250954de62d5af526130459236b42fbd9b8b4a4a3c90eada6debe06e58a466a9d0ef04d71966fe346e0fe7ea92f0c2574d091f868f10ae46c7c6f344cdd36f4948bc1d035d8d1987064cac2e8214f8c55e5f175e84b662e1c31e828b1adbac8bdc1872a8acea2e05d7a5346bedab46f0bb525f0cd43c615c75377a76e13db5bccc0b0af4a2887a7415617e09531251e2a54bc086b4076b996a07452d94ee7b628a54a594071d2397a883ffffa98b9ce7be1191305b6d63afea43287c24067c62644610a66b440ac751076d07073d933c4d51e93598b6885211dfb1c1a1abcd5a986d7d44aa6a6a1bdb160f3fa32c6287f182064dce26ff5bba1fa0bfb8c68c58022c649d5d3a203f4b0e5f4d7a1646e95513645267fb0c4256c813297b3ac8ab9e44d708dd09eae9e417ec655131ff1bc6d27793ef1800163a27c10d4c163781d367bbcc0a4faf5406a40d6158280e964757bb52f88b92b8cecf82f3ddfee38c7118aa01e5fa345a4a84c1b0978e82e402c82298af76d5daede441a8018ea2e138558e30420f8a5af4ea10d0be60af97d2836cece6056770941fbcccf8eaee06190db2feafdc7ee06b93c35e4f41c05b8dd62e4e6f8bdbbb620dafc20a0838c7e96852685f487fce88f1b73d80cc044c419126b1b33d1f364b45c409e8bba88aaad5c8c240c6932566d7cdc6c0efe1d2b527c04cec804fe80695a241c1f831c1fcb15d3e31742ec682c6323e18c8c47ecebeb9600f1191290d4350d8ec0517a6396abe8eb584c2e1671eeaa085a435079cafa922f6b8a5d94d6d485a5cf2c4069473cc1802d53b17ba119238aa596e134925a8c870cac3bc2598b1ce0cee2f339f9b361e28a7def3e81361b9a70cbb7e17bc62e792d0d4a2462bf21a54fe3852d306a03bfeadab44e9d5cfd498c3e5efeb58dc1d40f1565120e72fdda42ea9f853f087c979008c6ebd414e3ee1f1b04d66306c37b512bd41ffed1fdd3afccc9d73007fdb389e90b36097789c6d51f8f31a497527a4c0a5f4060267987a3589d0574b85c93a2eb13498ca4f181c3a9e4ed66b5c7cc9ab5ffe2cac0561b53c526c275bbbc86a0f18f76b06954ccd5ddfefd38ee2b9ac95231809ab425745952a28c4de6525a41ad8e3307b4a5715804165f8229f57443ed6d4c119df8c4b52ffce741af4548c60d380ef5cadec87be79b6899bc09b3f0230f6375ad14aff36b1713fadc3050390090eca85e62ce453d8854704ee9d1a34e934bbfb3dddf470b85ac3efc440f07db9b8b93390444b5419fe244a999053ffc4e66babe31bead044b957a625e66cf0455cf62d498705b2c4f14f0f437f550cb85a3e40342b3dc47d216511325131e96d07c5c09db76cbce0ce6696982e520e787e98a13f7a2b10323148a879b8362e1a9adf16d326f92acd5b54c3376ccea29f4654549648020b41b75c88690c58478cca92f00a55a37697e04255a92b5345ca7a051bc99f540525c95826f741022c63ab0ac1e8c32349e26cbaeb901863c3502328f5843313be0aec3bc0e4df1dd8633dac8fe0a07b2d25b4f53566e0d5db49da16929e6ee4b8807667e7daf20f6dc8b3bc6a98ea12c3b58030f90ed31694ba16521b5dd331fcfa11ef0593a321dd165152a69bc2822a7755096c11bbf896560726028dec36105aae72f1639c658f177ef7fee48d7558e38edeff6f95b02fac6bf5a8fc567535e6648d862e6b263300a06ea0fadc38f94395dec8f8c422058bb433b8daf2b5a50eb4d507d197dcfd5262536776d83d11ff1e8924c6b9a98c803b820ef37754a323214cdc8db16c5b115c88a2937839b258a8e7c8bf1f1e16898bb8b2cd45516f140be0c231e2c9e4f82a117eb836f04cf83f12ce4e9c01a8206aae715a63f9ac1a39b73fb5ca4715f8e8ed780da16db10ce057973cae8b7cd690e9b2f195dcce994c10b0fed0efedd3b5e1abde6bccc3"]}, 0x2344}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index, 0x4, &(0x7f0000000000)=[{&(0x7f0000000180)=""/105, 0x69}], 0x1, 0x11, 0x1, {0x0, r8}}, 0x1f) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x5, 0x0, r3, 0x0, &(0x7f0000000000)='./file0\x00', 0x4, 0x20080, 0x12345, {0x0, r8}}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:56:12 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) [ 1999.159565] FAULT_INJECTION: forcing a failure. [ 1999.159565] name failslab, interval 1, probability 0, space 0, times 0 [ 1999.161169] CPU: 0 PID: 10747 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1999.162144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.163376] Call Trace: [ 1999.163760] dump_stack+0x107/0x167 [ 1999.164266] should_fail.cold+0x5/0xa [ 1999.164787] ? create_object.isra.0+0x3a/0xa20 [ 1999.165391] should_failslab+0x5/0x20 [ 1999.165904] kmem_cache_alloc+0x5b/0x360 [ 1999.166507] ? mark_held_locks+0x9e/0xe0 [ 1999.167088] create_object.isra.0+0x3a/0xa20 [ 1999.167694] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1999.168392] kmem_cache_alloc_bulk+0x168/0x320 [ 1999.169017] io_submit_sqes+0x7099/0x86e0 [ 1999.169570] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1999.170248] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.170921] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.171572] ? lock_downgrade+0x6d0/0x6d0 [ 1999.172127] ? find_held_lock+0x2c/0x110 [ 1999.172673] ? io_submit_sqes+0x86e0/0x86e0 [ 1999.173287] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1999.173954] ? wait_for_completion_io+0x270/0x270 [ 1999.174673] ? rcu_read_lock_any_held+0x75/0xa0 [ 1999.175297] ? vfs_write+0x354/0xa70 [ 1999.175799] ? fput_many+0x2f/0x1a0 [ 1999.176302] ? ksys_write+0x1a9/0x260 [ 1999.176808] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.177509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.178236] do_syscall_64+0x33/0x40 [ 1999.178745] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.179452] RIP: 0033:0x7fd42ac9bb19 [ 1999.179965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1999.182439] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1999.183427] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1999.184398] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1999.185383] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.186428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1999.187406] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:56:12 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:12 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:56:12 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1999.313661] FAULT_INJECTION: forcing a failure. [ 1999.313661] name failslab, interval 1, probability 0, space 0, times 0 [ 1999.315452] CPU: 1 PID: 10755 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 1999.316365] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.317542] Call Trace: [ 1999.317899] dump_stack+0x107/0x167 [ 1999.318408] should_fail.cold+0x5/0xa [ 1999.318919] ? create_object.isra.0+0x3a/0xa20 [ 1999.319541] should_failslab+0x5/0x20 [ 1999.320092] kmem_cache_alloc+0x5b/0x360 [ 1999.320639] ? mark_held_locks+0x9e/0xe0 [ 1999.321170] create_object.isra.0+0x3a/0xa20 [ 1999.321803] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1999.322544] kmem_cache_alloc_bulk+0x168/0x320 [ 1999.323165] io_submit_sqes+0x7099/0x86e0 [ 1999.323749] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1999.324430] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.325090] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.325763] ? lock_downgrade+0x6d0/0x6d0 [ 1999.326342] ? find_held_lock+0x2c/0x110 [ 1999.326898] ? io_submit_sqes+0x86e0/0x86e0 [ 1999.327467] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1999.328123] ? wait_for_completion_io+0x270/0x270 [ 1999.328767] ? rcu_read_lock_any_held+0x75/0xa0 [ 1999.329353] ? vfs_write+0x354/0xa70 [ 1999.329840] ? fput_many+0x2f/0x1a0 [ 1999.330354] ? ksys_write+0x1a9/0x260 [ 1999.330854] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.331558] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.332252] do_syscall_64+0x33/0x40 [ 1999.332755] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.333447] RIP: 0033:0x7f04fc2c5b19 [ 1999.333941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1999.336376] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1999.337367] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 1999.338347] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1999.339270] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.340168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1999.341076] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 1999.389105] FAULT_INJECTION: forcing a failure. [ 1999.389105] name failslab, interval 1, probability 0, space 0, times 0 [ 1999.390863] CPU: 1 PID: 10760 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1999.391824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.392967] Call Trace: 08:56:12 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:12 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:56:12 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a71, &(0x7f0000000940)={0x0, 0x8f15, 0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000009, 0x80010, r0, 0x8000000) syz_io_uring_setup(0x4, &(0x7f0000000740), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r7, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0}}, 0x0) r8 = fsmount(0xffffffffffffffff, 0x0, 0x1) syz_io_uring_submit(r4, r6, &(0x7f0000000400)=@IORING_OP_STATX={0x15, 0x1, 0x0, r8, &(0x7f0000000300), &(0x7f00000008c0)='./file0\x00', 0x400, 0x0, 0x1}, 0x1) r9 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x200000f, 0x810, r0, 0x10000000) r10 = syz_io_uring_setup(0x2a93, &(0x7f0000000140)={0x0, 0xa047, 0x0, 0x2, 0xfc}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_submit(r1, r9, &(0x7f0000000240)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000000)={0x2001}, r10, 0x1, 0x0, 0x1}, 0x7) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000900)=@IORING_OP_FALLOCATE={0x11, 0x2, 0x0, @fd, 0x96, 0x0, 0x1f, 0x0, 0x1}, 0x1f) syz_io_uring_submit(r5, r2, &(0x7f0000000700)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)={&(0x7f0000000500)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000440)=""/18, 0x12}, {&(0x7f0000000580)=""/49, 0x31}, {&(0x7f00000005c0)=""/162, 0xa2}], 0x3, &(0x7f00000007c0)=""/213, 0xd5}, 0x0, 0x0, 0x1, {0x2, r11}}, 0xffffffe0) [ 1999.393337] dump_stack+0x107/0x167 [ 1999.394031] should_fail.cold+0x5/0xa [ 1999.394530] ? create_object.isra.0+0x3a/0xa20 [ 1999.395137] should_failslab+0x5/0x20 [ 1999.395634] kmem_cache_alloc+0x5b/0x360 [ 1999.396109] ? mark_held_locks+0x9e/0xe0 [ 1999.396591] create_object.isra.0+0x3a/0xa20 [ 1999.397116] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 08:56:12 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x2, 0x0, 0x0, 0x0) [ 1999.397763] kmem_cache_alloc_bulk+0x168/0x320 [ 1999.398626] io_submit_sqes+0x7099/0x86e0 [ 1999.399240] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1999.399893] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.400584] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.401345] ? lock_downgrade+0x6d0/0x6d0 [ 1999.401900] ? find_held_lock+0x2c/0x110 [ 1999.402488] ? io_submit_sqes+0x86e0/0x86e0 [ 1999.403071] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1999.403700] ? wait_for_completion_io+0x270/0x270 [ 1999.404398] ? rcu_read_lock_any_held+0x75/0xa0 [ 1999.405020] ? vfs_write+0x354/0xa70 [ 1999.405533] ? fput_many+0x2f/0x1a0 [ 1999.406036] ? ksys_write+0x1a9/0x260 [ 1999.406609] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.407310] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.407997] do_syscall_64+0x33/0x40 [ 1999.408505] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.409189] RIP: 0033:0x7f30d6b2fb19 [ 1999.409701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1999.412243] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1999.413268] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1999.414233] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1999.415189] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.416139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1999.417073] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:56:12 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) [ 1999.467058] FAULT_INJECTION: forcing a failure. [ 1999.467058] name failslab, interval 1, probability 0, space 0, times 0 [ 1999.468692] CPU: 1 PID: 10766 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1999.469619] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.470795] Call Trace: [ 1999.471171] dump_stack+0x107/0x167 [ 1999.471674] should_fail.cold+0x5/0xa [ 1999.472196] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1999.472900] should_failslab+0x5/0x20 [ 1999.473411] __kmalloc_node+0x76/0x350 [ 1999.473955] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1999.474652] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1999.475311] ? trace_hardirqs_on+0x5b/0x180 [ 1999.475898] kmem_cache_alloc_bulk+0x182/0x320 [ 1999.476522] io_submit_sqes+0x7099/0x86e0 [ 1999.477071] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1999.477727] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.478405] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.479028] ? lock_downgrade+0x6d0/0x6d0 [ 1999.479580] ? find_held_lock+0x2c/0x110 [ 1999.480129] ? io_submit_sqes+0x86e0/0x86e0 [ 1999.480698] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1999.481349] ? wait_for_completion_io+0x270/0x270 [ 1999.482008] ? rcu_read_lock_any_held+0x75/0xa0 [ 1999.482635] ? vfs_write+0x354/0xa70 [ 1999.483125] ? fput_many+0x2f/0x1a0 [ 1999.483641] ? ksys_write+0x1a9/0x260 [ 1999.484153] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.484848] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.485518] do_syscall_64+0x33/0x40 [ 1999.486008] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.486747] RIP: 0033:0x7fd42ac9bb19 [ 1999.487243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1999.489744] RSP: 002b:00007fd428211188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1999.490855] RAX: ffffffffffffffda RBX: 00007fd42adaef60 RCX: 00007fd42ac9bb19 [ 1999.491849] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1999.492840] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.493825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1999.494801] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:56:12 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:12 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x3, 0x0, 0x0, 0x0) 08:56:12 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:56:12 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:12 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x4, 0x7, 0x1f, 0x80, 0x0, 0x0, 0x8004, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000000), 0x1}, 0x40032, 0xff, 0x20, 0x3, 0x10000, 0x6, 0x0, 0x0, 0x5, 0x0, 0x10000}, 0x0, 0xa, 0xffffffffffffffff, 0xa) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0xee00, 0xffffffffffffffff}}, './file0\x00'}) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_OPENAT2={0x1c, 0x1, 0x0, r4, &(0x7f00000001c0)={0x4000, 0x101, 0x2}, &(0x7f0000000240)='./file0\x00', 0x18, 0x0, 0x23456}, 0x5) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:56:12 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) [ 1999.709712] FAULT_INJECTION: forcing a failure. [ 1999.709712] name failslab, interval 1, probability 0, space 0, times 0 [ 1999.711429] CPU: 1 PID: 10784 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 1999.712369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.713498] Call Trace: [ 1999.713850] dump_stack+0x107/0x167 [ 1999.714347] should_fail.cold+0x5/0xa [ 1999.714853] ? create_object.isra.0+0x3a/0xa20 [ 1999.715486] should_failslab+0x5/0x20 [ 1999.716036] kmem_cache_alloc+0x5b/0x360 [ 1999.716583] ? mark_held_locks+0x9e/0xe0 [ 1999.717185] create_object.isra.0+0x3a/0xa20 [ 1999.717803] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1999.718610] kmem_cache_alloc_bulk+0x168/0x320 [ 1999.719278] io_submit_sqes+0x7099/0x86e0 [ 1999.719850] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1999.720602] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.721287] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.721968] ? lock_downgrade+0x6d0/0x6d0 [ 1999.722540] ? find_held_lock+0x2c/0x110 [ 1999.723122] ? io_submit_sqes+0x86e0/0x86e0 [ 1999.723735] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1999.724412] ? wait_for_completion_io+0x270/0x270 [ 1999.725094] ? rcu_read_lock_any_held+0x75/0xa0 [ 1999.725378] FAULT_INJECTION: forcing a failure. [ 1999.725378] name failslab, interval 1, probability 0, space 0, times 0 [ 1999.725711] ? vfs_write+0x354/0xa70 [ 1999.725732] ? fput_many+0x2f/0x1a0 [ 1999.725747] ? ksys_write+0x1a9/0x260 [ 1999.725771] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.729611] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.730359] do_syscall_64+0x33/0x40 [ 1999.730928] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.731633] RIP: 0033:0x7f30d6b2fb19 [ 1999.732216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1999.734858] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1999.736045] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 1999.737032] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1999.738011] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.739055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1999.740021] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 1999.741031] CPU: 0 PID: 10782 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 1999.742071] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.743322] Call Trace: [ 1999.743726] dump_stack+0x107/0x167 [ 1999.744276] should_fail.cold+0x5/0xa [ 1999.744819] ? create_object.isra.0+0x3a/0xa20 [ 1999.745467] should_failslab+0x5/0x20 [ 1999.745990] kmem_cache_alloc+0x5b/0x360 [ 1999.746632] ? mark_held_locks+0x9e/0xe0 [ 1999.747233] create_object.isra.0+0x3a/0xa20 [ 1999.747841] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1999.748601] kmem_cache_alloc_bulk+0x168/0x320 [ 1999.749294] io_submit_sqes+0x7099/0x86e0 [ 1999.749892] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1999.750661] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.751330] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 1999.752015] ? lock_downgrade+0x6d0/0x6d0 [ 1999.752591] ? find_held_lock+0x2c/0x110 [ 1999.753199] ? io_submit_sqes+0x86e0/0x86e0 [ 1999.753840] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1999.754573] ? wait_for_completion_io+0x270/0x270 [ 1999.755278] ? rcu_read_lock_any_held+0x75/0xa0 [ 1999.755920] ? vfs_write+0x354/0xa70 [ 1999.756291] FAULT_INJECTION: forcing a failure. [ 1999.756291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1999.756420] ? fput_many+0x2f/0x1a0 [ 1999.758478] ? ksys_write+0x1a9/0x260 [ 1999.759000] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.759729] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.760445] do_syscall_64+0x33/0x40 [ 1999.760993] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.761693] RIP: 0033:0x7f04fc2c5b19 [ 1999.762271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1999.764799] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1999.765898] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 1999.766985] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1999.767962] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.768903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1999.769948] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 1999.770984] CPU: 1 PID: 10788 Comm: syz-executor.5 Not tainted 5.10.173 #1 [ 1999.771973] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1999.773129] Call Trace: [ 1999.773534] dump_stack+0x107/0x167 [ 1999.774096] should_fail.cold+0x5/0xa [ 1999.774656] _copy_to_user+0x2e/0x180 [ 1999.775174] simple_read_from_buffer+0xcc/0x160 [ 1999.775804] proc_fail_nth_read+0x198/0x230 [ 1999.776427] ? proc_sessionid_read+0x230/0x230 [ 1999.777055] ? security_file_permission+0x24e/0x570 [ 1999.777724] ? perf_trace_initcall_start+0x101/0x380 [ 1999.778505] ? proc_sessionid_read+0x230/0x230 [ 1999.779183] vfs_read+0x228/0x580 [ 1999.779680] ksys_read+0x12d/0x260 [ 1999.780188] ? vfs_write+0xa70/0xa70 [ 1999.780704] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1999.781443] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1999.782185] do_syscall_64+0x33/0x40 [ 1999.782703] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 1999.783436] RIP: 0033:0x7fd42ac4e69c [ 1999.783951] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1999.786559] RSP: 002b:00007fd428211170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 08:56:13 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4, 0x0, 0x0, 0x0) [ 1999.787591] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd42ac4e69c [ 1999.788735] RDX: 000000000000000f RSI: 00007fd4282111e0 RDI: 0000000000000005 [ 1999.789696] RBP: 00007fd4282111d0 R08: 0000000000000000 R09: 0000000000000000 [ 1999.790653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1999.791614] R13: 00007ffd977ca13f R14: 00007fd428211300 R15: 0000000000022000 08:56:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:56:29 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:56:29 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:29 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:29 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x5, 0x0, 0x0, 0x0) 08:56:29 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:56:29 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@alg, &(0x7f0000000140)=0x80) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r2, r3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f0000000500)={0x235c, 0x34, 0x200, 0x70bd29, 0x25dfdbfe, {0x6}, [@generic="b14601a7b8dc3bd43480acda4fdcda48c8be46062e8f875f301a5207395f9f42a1ba4202a883a866a9c21fa9c5701b65bfdf2d7e7244c4a0fdd70656d1d8f5181eaf81a4dc8e0109549422d16484f268faf67cd0d152f418ee18b3f25e599ff06040222d9ffb30cbbf4a301c187a1596cca0d72e2c3f43ca14fa650b0bbde8bdc0262130c4b8babedb119a91e99f867a9693ab0fd866dcecf2daff0a6c5e4078b46ec240c2427e576134b3e00885ef3d6d325d80636fe1f8d368b4a459db858d303563d423af648e394652b542a6153421c22f309930f13f9a2f917837bbd08342d6e4b47e9a5f78ab6ffcd7b091e541333dcb8f763b8137d25efba25dbc281429804486a77c1faad7c39e101d399909c587342bd3e3612331a2301717e24260e9f9c60a6d13b52047072d2e787d9788edcf98acdc89a507adc70884eb8de4e5cb815ac4e4a1a28820031ea9bde53406c07d54758f22f812bc5a8fb9bac5cad7b73122146f0e47d388b4310d96277a1e05cd2a67a09cbf4362760f7225f14669abe7d4e1669fd6771d83a9957b6632da1c35e9e1de704599e213bb7e5196657e0dfec5352a051abccd1cfcaaf9dbc0170353d7fb4e42c4ac9cddaf3c82c54ae321bcebbf679c4348c0aff83aea4470168c21d267c043046735ffb374c79989b2db277796469afb840f4681e0957e5643c385d48ad3f1ed231d7fbc88d628cfba8a7b77f7cc10d40ac3e1be348307026fa86ba0b68bc28df066ab3bccdca785834704ea102ba136a4b7a75c7f1a37d5bdf9ba6ebd0b6262c8a14ef2d91fb153686b0d18d0f39575a06048126ce6449d6b8a18a1b01cb264539ec23d8c34e1bce54dc1250d52caf72c936934de96950e9396fd3751a4f76e77eedbbb6a6c35691cd848cfd3ea49026805821fd4e241560648d86546252b3fd34f24da7b6d707f51899edac66fdf7a9a2e04e5200243fe5f7589cf97881e1d09d5800e5a0399cb2158258077f77e0d84f6cdf9c7b6985c1683f8eb18feab66574326ba04f7d302303cad5297207a02e078cf909d134d141f4687364ffc2387ee5f0e51ed3fd5f60bb186c696cd52484e57d060c50dc5653dece8fcdb66ae09a87278861710099533a40b3fc366ef51c637b8617d73f2dca646773583411de1d1d3491f933bebba1894de6fed576adb0d379e26a36a05f387a6379d8e0c75cc47fe5cea6f280f59c7ecce9f492c3c5c3b173cd35bc6cdeb816d81ecf9f0b3ee28cfc3814bc1d8f6f88d5d08a5645a17b67f1b0a34e804be57eb71f4ac5c9050af2f0e060a62c7262187a39d4ae7c8b45fd76dcd9861a27740cfde1469e968f236f5bdbda0e6cc1bb591979e3ea5cff2a6bd068da5817db7d1ee828c2013b6c16ffa053f1eb9fd0107fd58d951b7d52384dbecbb366b2aad1f66268e30076613e4f4344de23379cc221d0bbc615417df540a5bb94ac8ffedf95e888114d891fee52c060ce38b58a987f9d8a76377a9f7ca576bb2715b80202155777300066a5786c5eb2c2817fca5b8cebd0d7b1e3ca2f0185529b412912e7e9d686943de458ef98df426fccb3abf7d031d2e6a9fe07f9029bc906e772b7e01328c852a0cba2cc2e75209af034b5133865892189b2758a5cf2b439c839696f0b3fb1a1308c722b90471f52ae63c6d29640441e841d231b1f8427aed4fff32b03a2954b9fc4b1c522215fa027a1d88c401f4eb6633e09585a0299c5436f560b2b3c9e843361347e0817971fadaeb999019be55776a161ec7f119da225f0f034ae0639eff7df6a972a8b66829a7eb7b37bd40ecfe0f810041e9d954502532d941aceca2457f7120b5d519b6bce39421451fdeff7893e615f5b226cec37be76e2d80e4f0a60fdd013af01270aa455eb15ccea80e937a084ad056568840762c1ceb3f040d0a9fa62b01ff6942698a089ce00464ff36952793e5caedb933c13177ac65fff99518a988f209afd4a1780d5f230d724feb1a5d80647b48d07da2e0f297aabcdcd4357cf92cefefbe7e873dae2ace22e8727ee3d459572b15602fd9c3136101934e5d0e192f0de3b2a2fca9c71e7fd97381f65987338ff571c0cf669ff646eeeddc1a2109644921755d2d2ceded0fbb6e4d9d4dc9c6fc8bae59fe984385010d6ab208bac64ed5f8243ce985318bee7dae86c7315681df764fc9cc1e2b4b15d1aad56702b8f5ffa77a3a1c41e76ad94b2b47157217debb63bf383a9b650fc8acff132f555610fbf14488c17def6c855a36a77c3262dd27ab49dbd4f27d18835dd815f98ded3e04a438bcb9424f3af6fc6661227ffb365db8b30b687802fb688679d8c8940cc0ecd7d0458c6bb971840d62703f0f73e05ebb213022982eb49a8072565671e3454fa871e87a4798c055b837fa10d76c118118a3d010b6bc4c923765c7b70cdd624e7d27e19aee56c631906b332edd9f43ec9e5229ce7babf9ab05037f3b221c6e8599a5740c2199264ed906880473c7d9908cbdf9f4c31ca1e829cf7614c007ce38f1b595956bc2a78a43f5ac84396bbe904fe5733c1c366bb54337abd2e4847896da78c9e654e32d3f0138deb6fc87581f9bfbb02f7cf39b33c18e615b5c5299582d5d9924d42c7ecd1e2369294d1d4829d514a497c5c8d0d02459b49e26a50a948fd5f0c7502a3a596f5ce897facfd61858f45eee9283fb279941e5d34234d1501375979f89be22d968ff0dbede89bfe6bb9b4c2dfa98395674b3724e414a63f3ce66668ed4f5fd5da814ec5fa141399cd8e9e7149632d8c562c2d7a13cd96b7ac4812ed9ad96c0b1926efbee4bf2a75008b1e913119abcc52a2584dcb7cfa8f2c13fca372d9eb86cfaf01edcbc8798b755164754ffb844e22aad3c05fe9fb6c84e0b4537a3edeac3d19c4d5ae91a5ef94e51e56e597f24a91e9152ba9e6879a242f2e21d033bb64428c52d045a17146d089a482f854a291c2dde5200bf61d07a95f928dd1d6a0257a20e2caf24234f2507865c32675a2d8b38d12b24ef9cf2404d11fd2ac951b74d7eaa21e5f4a78480e359a10ef29b400c0345c3ea4ff0cf7d9392119fd6fd5d4652e05757eb21f0340f4cb033049986ced97b2e6315ee84b02b435cc91c671e938d1c30a4b01e710f3caa3b590bec785b35be0e7a4ce045ded495a22964d029d42bc4e4569d7236232ecfeaa6dca8ff472b6a368ffa0bde7e204d3d54cc821fc9289a64934f982e6413f1626366e23839df50478fc002d641283e918eedc00dfc1a25be13710f21cf6c1f1cfbf3ef80222999535a374b68dc202fecd4c51fb0b41551c02f5ae15518f56cc15dc8fde6bb48a7005021c99cad127ca669c8ab990222b6e3c6c799f15d388eedebf9be532c261923edb7f25c41db9c1cc7f50fe57181e4566590ae2d4225c14d1a613406fa85297c056a6c3d5ff9ac3ff5f220db4145e1fbc072a80f6b7944c28e9271311ed5b43bb4aa847a1d92a870855f8267a5f243a47c805d185ac4cfdb2292ec3742ed41ba5649bbb301e42c718b834645e8b71e55084a23f99ed2328335ad5ff7c2161197278a6ec24a98c66e7465fe82674638291519baf29a196d7a38ec05d9937d9ae9a6ddb38bfccb797f3658643fe14eccafe8d1fa9eaf2a0f5327c0c6856fbef1c7faecdc89e5519bf9c992b4a1129024879f4cde9b708d0943fd6f82e5dad9992d78ff02d41658bfa4eefb8069e0ac6684bdd8ba80f2c459d1a6210d8ec4af5ebbe1657e6140697dc690d9e48224c874730d0715ecab93c00a764719b80303d39ff5cd0950703508de515517792ebfb32ed71d7ed945f941dcc5401b3c092098e1bb224322a564a221dff894c8d32d026460d7faa981a4eedbd8df8d0e9f771e679419729e666bc2faa473493ab5ec0e27aefdce3c965a853b6427c353492d7b08a5f81aa18c31e3d15a320aa64aa26d6982497aa2d29648f9730eeccc5ce2749b3e039e6a1ddd7537979f0a9966afad3f9ac54fc3c7a706d38b23d1bf75a05c46fcc817d87344cc39b7f8e99bb133a347646d2300b8b43c41d67291fbcd7dc7b482ab2a5cbcbecb5e0f808e4b0e753e2d7d102d67e808ba230ad134ba4831f3f644bfaefba93055e7bf662f09a8ea6d722cf0864ece608579b9805a06abbe1cceaa596ff20cdb7f94d095f7cdce54c303f9d7232145ddf665a64e3cd2c2d6c00450a0ba2cecc2a0aaa571da1e5fbf045ea95413a15a34528e1b9e4bc1efec51ef1b53343b841ec1b6d0e7c5fe8f83cd83f74246b5c327b9dc5bd97944c0de6914921a3b2d3543997b2d850205982b283b7b4e08851ad1f37164cc64297cfede211407c398347b07cd59f57591bf9f87f11c9b1bf82fedb898c984d64d86a7690389557850a8f4199156d268b97793f564911fc1b5aaa6c802e716f0abb1c3cbcad2d2306d997e23b0a6d4f4f84105a6dccd3c9dc5762a38034b155922c9a95ee40b319c2a326287f07c6e11160814e1dcc73f5d5e25b9847da885ec9fc899b1685f097a6c9f69594f0c6d226d97cf45bb1b89f5e080161e7d03527bd2a768823c03fcab3a790581e46127b81d7e295b7ddc0a20acf0459446ccb2ff9ecebe7ae5c328b5540ad8fae36700207089645f5ef6313fdfce452837fdea9fc8026323c2510193b6eacc060a327253a804730c403110f4812777205fbc49c10b26300de35dbe70aeeabcf2d369f99537567e633ff90eb1453c2356dfade6031508dd071b0a8e398163f2e75d0b13bf8b3a95cf180057910faa2d307db91a25b2e6f29c9b5dabc04ee68e782335f1bd3b4e1f2d4e134c750204e17896bf93a150dbb6a1e4df6ba7bba2ec61d0a256aec0d276e8f9aa5af464d2383513134d2d86b6645bdda4df17d1a2f2f23b7692209dd36be016d5820a3321dcab30c19d68efea5e83c86646e6b19e4b742dfd929e8947e695004c3164944234298bb695e2004e721fa03d8b05cadd462d53acfcbba7893c30a7d64a7784b48f52b463c207cb2ea6330ab766234cba4dd9f9cdf4b86e1dc5671c997423d893e031ad596e45157ec5775de0eb3ce044c722c5d0966820cb2a8eb7387160cbe23d4a0e72b5ba8524a76d7e922e493663fdd927c673e59399d660ff5d5044fda91dcf433684587f6aa3aa61323c85c65244a95d02bb1fbddd0f2e17e96531da1fdaffdcef991a393a2d414156d7e5aa7d0cafd18c352460ef63a7bd80fb64d7a85b842b5479a335683b7a714e22ab9d58ebca8ce57c06a519acc9edfc6694c2776bf4d952673ed2619f35b3e805f0a3b2458d5104b596aaf5913a5105040b5cdcd74fc04357b46732a6cba131e95c96f7ca25a5f9c7acea152f4ee7df9be92b8361c3d6d9989c83413ba490b151b717ed0edf5e21862f9e9b74614e93ac47a363d8cadd4b48c65fd6a0026a1845ae9dde15c592d5118cc43fd943546701982d25d80eee78d03536de460f52dfedc66aa4dd20b20e922544e9840664afd20d177b8c34d611663ce7f6bc98b100f1072ec9b02801b58a2c5cf377e4db7226bdac3d72a365a7c4c746eeeaf38cd65a131b9712ae69d684d171b79d6d3b50071c21cdd3eb5db8904a2d3df77eb24cba7dc8c990b88f3e1305ddca37547bc9df3155ca886883a60a2fed98b5472698bcb47b51ef8e2acb0fa28df28eed49005e08f4852adb4ce4a606716197761abdadbfad483da8f216f11786de1b9f75fc264d2ecf2ddd38f2274d624f710cf3c7f76c8c1d769d3a68f9366fef22517a12bb84d8f3983ea0fc8a751afc1f3dc894795ee6eed806c86fead20e", @generic="4f9c7ddaf1d107a07c28b712da365f7980df6dcb7673532cbaeb3378be730feee59d57717afaf7918474155e54ea1c8fbdcbd21fc865558502cac9d459ad5dd9322524c99b0ffb5d8170fa9fab216bd4c5c7af0601745f3874fb0fe492707da22bfe3626f659e220201f9009f518251b0069993d7f1fa6fbb2d09e23e4039df6dc0391b827e599d3ef1496936f81749886b74fa5849974e66b3fc6c80cfdc6cc31", @generic="d45551cc7dc3e548dcbb33d04320e508850035fc68810906f5d50954f71621846809cd69fc6bb9277fc2598ded97a7c3a6199ab9c3b5f9cc670e185e09595bbae4f71250efa1a6cc980e24d53a80025f361d80ea435592356aab377142cd9fd63abd3e984920235105b4110dd338f813d1bbf6ad9a43d4a1280a8547591bc8984fd83729055387b7b9f9179f9f37546e5f89d955b30aa4b3fac84c6b226a137682a13032d14b9129abfaafc8f278d4c1a8b1d58d3293fdbedf8464bf3bc760dc2cda824eb0443046c3d880d08219c4a0cad379942fb344d5f37a1f8acbd277b1b80b547d0d190c851aa09c4ff7cd0bc082d70d9b897941f386e666500bad75fce3f73dd98d30060cb7f7f053a38b9fe62fe604bba2029457007a286f204a3c07d659ec92b5f8cc3744ed53bba1b193e94ef9c25ca8107096f1b716d457cdc9fd8e2e821e60cee4e6641c563ef7c50ed60bd3853c1bfe4434be27fc6ed59888f7e461f9cccfe95b04960121522eef8d4d1e786630ae3b37aa302154870af98526e3ff992f9fc29136f19916780e508855b6c5757191ff8af6a6dc4b92b15bbb2c61f7c879513e80beb0190514ff9cc8f9645aa7f8a2bb1d9f6f179bfe646f52c592b05151b6e9a5d7f53efee59fa993d7507f063d39e4bcefb9d2c6656ed98b3f9bc165fd09441298bf1009dc569df23f160e905648d6ee66337879cf751b97a6cf7e358f0b8319ec15f1bb2b18bab47770432fb1d49c15997c35991c52d9b1953f110724da330c8a6f269628d9ba88bb267c549f63531cb03be2e330be336abbcfe7ccb1713ea4df1866509d8ca6734d970215ee5d2697f1e32be987cac15de22c5c9f0200014720eff2f73f8fbaa10df8195d614ed9f051d99f5618685074f557ebe1629b6763b76c89ae421eb1bd2b407db95ce4998ef84509f820d2690a6c4cc915651338cb2205cbb28512b4bbf14ae1e10bcfe373eb6ae88a48e29f7203b7a2f2f118c50d235481256e365d822481895dec958a8bcde17b8557016841e2b088a90c91c19b76e9d172669cc247eac874171908aef80c610b7b2c47691374e0474061a1d9009961e3406b4749dc4057a50b68220842f9717ab1f7f37997e151f391dff505e2d872fc051c35167a7c69b8a636d81e08ff048eb161fb506b41c77bfa61b970d93750d831dbfecaf3ed92dd82562bb2322ac67eb75b4b01a35644d4dca21e64334ee9d47f8c1269a78dc8311742059458489b1761188acbc27767e5ac125a1a10353f2d5bf8cafc3ac2ef194889730bfe546e835d050fe8af4c5ac29c192ac97ff3159b48efe5e0401540d1053164576c8a49013a871e9aac9f5243aeb1f52be80aec8b3ab9386fed917c1dd3a12d506f3d44a9082f68bc8466231ab8fdae26c17c67f8f493a78abdf8a726fa3b0c1bb84253346323c258efa8e291ee6857886da92566207bc80f6278cf883fe21dbf796fb1fde1a5da9a0f6ff1a9f7c252c8e038376f5f50a08650e7615831cbc4b2f59bab396273f5c155153dcfb6b07beab7c80f0e6b07feed8f824f57d24238a7d60cafcaa7a7f69571c36bc86c8ed9459e471c82aad015007814997486b13f33feaf8382f0d166c4ffe69ecf56f175111fc86f31403ad21387e8f4bb84106577ca4b18225d1a2b35b709aabccbbac817eb16bbbf20eaac8235464f6fb1f93fc1ba631ffe2213b043c26d72e0d40532ab785c7c4141c942c0a8a4b9b0a5fc8ae67dc1a943a4a209ac65447d5e806e089008dcc6f3eb27e126e8c4e4dc779d963d1e06865f18c6fcb2f609c1bd8b0d74d83ebe0e05ba76d87d4a3a8ac39dbe4cca73d791b0af021a3b13191bc17a58a82ae3cdf1d66b18035dbe91f84e958c4cdd95c2b3bcc761b8e26800700a65c28d5f29de6d1d9fff363cab1e8a55e8be5e74f618d48b3ab271126270c990b9731b384138efef35eff0d3d6c86877308f971c3e10c1cd799d49ace1ca072b537bb6220c70ac899e26e8e040699e45062e107d11245720923c8a3e544e63ee1d3d803fae1a234afd5be41f224ae72c12f76cfb42b295731a6beb4fd97a1b2c12cf5e7210a3389f8b357d58d08b9e8922d99a8bf41373dd5acc9504370f8a66c3ff179a1bbcee043c6e9e446f545dc6e8f37a07e5775f24f9fa0f9073428780f6a266163133a1cf4efea73dc737dac6eeef65e16288bf488cd910851d9d7d397492e935d46063cc69e77208cc9036ee63a7a918682777f905d4d587c3e2abb14c44b20d5afdbba7506eeb75da0f266a4671de45a27c12d041625826e58daf78bd3f47cb1d1c7ff40602c2d48a31f90973d63394a8f235d19510890043c7725f39835778557680211e19239a94432239f7172eacbdb7a90ffd94e73df57d3855f58119c7452132c32891291ac1a4a6363055e5564b5de5cbf1f4f155e28e1253bbec3d0b425f343f43306c646472eea1dd51035c2294262871f1f97c3e6f5bf47b98ebb9546345b4182ddf1ced2ccb0f762876e1e634df4c1f68a3564d1a102980b00b651ea1367f0ea67d45d7c3b238793663217a5132c4e2ff4269aa3a17afcc219add3ddec90111cf99b92ad64d2236ff7966f67ea4076e7394d74c49eeb65d6b38b1f42e1b6220e7fbbd4ca7bf234ee381d114e15cd46e4c20e27e9bccb277ba491c03b081cd4619dfa2606f514c360a0abba3afcd2ef7213dd6eda6f373621b01166299c9a1ea986e48913b1608ec8660ed3a08324782d6fc8b9b044e87fc8477588a2bd4490e33d0925c80d2211354f610e01aac6c7699a38b8b8b3460a94c8e278e3b4d1bbae2c8c71e4b0643e252097c1b042caddc8ddd4d2f6b9e421d94730fcdcf1dc54f59d239e6ddb561228b15fddeab83d7f0a36b346b511ae84df66825fc0a7edca70387c6a034472320ecac4e18b31450ebfaf556bff2efc408d8a874c5b2f0bef95f5713f448c43a8967ac8ef1b1bc24cda6d4d0c9b43d10224d999422e583e0750db7042baa0fd6aad7731d285453145d30776e00d428b5c5b5f9b205b5b0abd3158ae8195962bba1dc9baba4c3f90ea6579efd3fdda9c6df203fdf1b067b361669290a662495561a0c34693ed992cf75bf1f322a3dec624c9f94bbeaf6b083b66d4bd69bc26e94f9daca1ad49dfb15ab6759b6200bf890605b20132d5f0eb36f386d2ebd8495a837dde1361ac30de22b43e20b8f91aa40c63acb5ef29c254ac70027719151a5965a4c4031c676de1b5a3697c7b71f33aae33c535b1f106fab6819be2dd912874b3e324db482e1d56fd199596955b288020f5df8eead4cf35881585f59c9ae94cc160b35cb09ecdb61aff3dc9682503d3fd2742000f23665d451adc3c2fc94c3b339992f7fc90131a2481963051e3cd39087b63d91be5fd462bada754f31b30ca1eb29d77303387a92aa157e342231082fdc3cbad88a6ec40ade3f10c8d38d00dfc55886365dbf0deaaaab40765354dbf2c253bd29985a3cb3b6707d6cdaea603b46ce70a89c46ca1ecfd750ca726874e64e42f6cdcb566a422f8b09b92672572f9b6b16c3c3fa8e06d4ad0f5bd4b0f7f7c338f443d0e365f77b9a8b7446a59997c62727056725e3a821c38cc276dfd9a11ad2a4ca5c9abfed4e2ac9f3478a4047ffd94c3375cb7de5450ba549b80d733197cd5adcefd0fc9051996177b45cf66b5518d914f3d9fad0e55ea58ec567f1b160891a029a27b22abb812dc27438b15fcbe872ffac750d5577bce12f13177d10a9a1be2b8a47ded9a6cfe0043a655ff47d33045545d3b0c05db03135422077157a949d9d26f4f674f20228737de66b919688cbab89469292b1b210d97d119e232c5feda91be1a083f861af6c21632b86c93570e67dec6e99e32edf7e4002a025f03f81765e4df19d345abf6923d52315c3eaee9b91c4651199ce884997cf38374fdb4a32c93f30a470feb8768069071204f7a2331d62b2dab79bccb6b13308e6365ae211fb17a899166d9a2884e473d37be5ec796858b06b54a8e0e9fe401ba0a21fed7993847fed1eb23a63cd4db6aa0f780374a0fdb228d334a4f0085f9cbca52076cbb01924c1d00ccf36e06bfe4bfda0bbe17878420c605249e4e1a7e2959c1f43910f1b21766f35eaba429b62bc43f755410d5fb6b072ff3936b7c3686e517522b1a2392b3118bd0afae4d6ec8e20af60a68a0156a567cf98abc3bb263d06b789bde1ef1ae33f75740d6e40c4d8bc5cdfb6ab4d83e89c5c67cea8f5f3b23c06c72f45514e2974597d11314da48c4ec7b385aed8e09cb2b38fe29a2c04ff527dc2780956cf4451aa975cd698aefe8fd612a7f1d62ada50b1740cca5c5bc965c1203a8d5a16684b3507a6a0126e4eb5a7027f58c636787066370c90f8cbc11672b3b8d0d39adff65d62065b566fb70cb8e2b073218b539b2d0e0e14c54579e303bcd35705f52dc25fa8eb96a2f663e3cd26ddf193c145855cce4616ba0c181da26b187c386691372945916f22eee26ee852b95d8d006681157fa2c8b5ccfa899dd345110aef0849d476ee92ad2ebd872b8a158b9c09108fbe4cd062d5884d173bb1facd3c2c112794910de3751bf22579b63532ef4492a021a58825eb516e797b8769fd8a262ab87d60a13407e971e5415c0d03f611acdaa68fc031a9621e20ec65da79a54dd29edb260dc905be9b881d294cbe9ce881f76183146d74bbdb5d7c7f2e889259223cff1e956ff6e325ffd6a89e26fcf3fa972bb347a841375f8e361d61cd4a636ad230cf5be2b40e8fac040d447c36e433ae7ea6fad6948dbf9256ebabefa4c6fc5153a38f781bd749718536da360adfacc98f16591f9f882dbec6df22f5992dd8b21f84532b898d88fe0a1bd3702ca3ba39181344d28ac290015c61e63edc7a1f19bc784cf07e5fdb738c117343c433c33cedc57f4d2f69d4defdf63a2faf5dd91d5ff52c3b602186eed31c2a730f498d64717973b4c60ab711690ac6515365b4c88adce72388a79465cfbd95c8b43a9929f2b317649c763be608f2fe462e272969e5a174961e3783cd8192efdbcf4ab4a23787eac8f043c45211da0b3cd98028f66c6ff255324c78373c322b7b0c7af67fa3cec68b63a8202cc706eeef75266853143ce4954ccd862741bbcc39ade6161d61136a87e7b4600c6e7d179a4c7a35dd45db7d9284931d95a5fedd821a7e16adc65f6eebd4e53d0b92c0c4344c732be2d035b76b8eee3dd4c14637e82b119d3eea2c154cf64ba3fab1c2eca60a0c9a189c1f6f9a4242cf49e30cd507c92f164d27ca8d1236f842df2f60697838f2f623e4d95c2144924da204dbe7cef0f5e236eba50be748793f2859eb9862d9a181b7a902e995a2a8799f6423675352bae7c9472da59cf08230313915cea0b8bd836da0e045c49359fd66701d7d9a4f3fb6e7b5b503491f6c4fbf7f7b602c08e1724934446b60e3e3693d09470dfa806b204a9bf494dda6a0c6f3bfa630b5a1363373df4502ce74d48e6188d409e40121000fe3d46e8df76bee728c1c3471868085f2446fdd6f46823c7d36bb3cb483cd7197615948f14d60f09915d3866fdb3cbb16cb5ccf64cef9e414b430e7c028470a569518def8a3ed7c74f22213814b96e4ce0e450ec95a85f7a808f53f228b3dba19be96f5042801d525348ffc79cec58169f1b643a8ea806ac81609977458e5bb85393ef8fbaa7151148126d081fbc9a802bb3fd09475d07749442d5bc50694da99caeed5735833aad5014a6143ce71d3a342941e24fbccf5bd43ac5893d37cf971331f2e742e", @typed={0x14, 0x5f, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @nested={0xc, 0x39, 0x0, 0x1, [@typed={0x8, 0x1a, 0x0, 0x0, @uid=r1}]}, @typed={0x4, 0x67}, @nested={0x1e1, 0x8c, 0x0, 0x1, [@typed={0xc, 0x4a, 0x0, 0x0, @u64=0x6}, @typed={0x4, 0x1}, @generic="330dee26ab1aa3205ce7919b1f927aad2bc52915be2fbf5cc16862b345e178cdf57dba92662520908b9cc01bfff43b297a9746967a23121216f8e47347c95fa2178d278cfc88da3ee4e783c78bbbf1aa86e9e746125bb80efc929907922ed08bc7df19cb290c31d365d1a0ac77b93a8917b6277d8ee2d6522b73e4befb6ecfa6541c3eab251ead249085c99fde4a8f4072077c0b3cd7457a3d23db5f48bbe8ca3adea9ceb30e740bc911f74cefe7ac3d9bdae53959f6b022eb1b47ff7bd9cc1f089eb66d3fac7ff527a273a900056cbc3ef842162cb3d1226b78c213409bb3a18bf8143ab8eb65", @generic="2f855600e58f1ab01c48de96663b788154f660d19a31551b04ba57d3fdf5f0c91d459ca4e7605c089b50ae802487227ee8a07ef40108a497b49ba2da6430e341ed55f7b5bfe81378ba38c82261d413580d577d593c2d77da88dfab4daa81ee53b3fb3fa398c47111723c402d709b662bf2da5ca39ae94d74655b38356e3a5a92766815d83c9ae54cd7c1d41e4c535ea38cba6a0eae3eb1188b4db21ddf5020f1f44eafb2b17891d48607c12eb5217c75404fd91d428aeae459918c63a8c67606ccdd1a878b7c3f0b56f313e0693a125dec9016ddbc2096cf85bb3ba457f4f15defeb410ff7f0"]}, @nested={0x2a, 0x39, 0x0, 0x1, [@typed={0x8, 0x24, 0x0, 0x0, @fd=r3}, @typed={0xe, 0x6b, 0x0, 0x0, @str='.!\xb4$}.\x95()\x00'}, @typed={0x8, 0x75, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="4589222aa023"]}, @nested={0x37, 0x96, 0x0, 0x1, [@generic="dfb83bb59f155e1cda79bf86d37601493646562a7d37f2d1c0f0f34b0efc9ad9f94644adb2be71", @typed={0xc, 0x65, 0x0, 0x0, @u64=0x7}]}, @generic="c44ac16f61d5c3a4cad81aefc570f6b49a611be3fa44b843188da322e05048f7131a253f0c96059ab4ff1a7a5b65f205063b1b70d7c509c4f1b4"]}, 0x235c}}, 0x408c0) r4 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r4, 0x8000000) syz_io_uring_submit(r6, r5, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r4, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 2015.950630] FAULT_INJECTION: forcing a failure. [ 2015.950630] name failslab, interval 1, probability 0, space 0, times 0 [ 2015.952288] CPU: 0 PID: 10808 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2015.953193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2015.954358] Call Trace: [ 2015.954791] dump_stack+0x107/0x167 [ 2015.955384] should_fail.cold+0x5/0xa [ 2015.955993] ? create_object.isra.0+0x3a/0xa20 [ 2015.956648] should_failslab+0x5/0x20 [ 2015.957169] kmem_cache_alloc+0x5b/0x360 [ 2015.957737] ? mark_held_locks+0x9e/0xe0 [ 2015.958312] create_object.isra.0+0x3a/0xa20 [ 2015.958975] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2015.959736] kmem_cache_alloc_bulk+0x168/0x320 [ 2015.960276] FAULT_INJECTION: forcing a failure. [ 2015.960276] name failslab, interval 1, probability 0, space 0, times 0 [ 2015.960387] io_submit_sqes+0x7099/0x86e0 [ 2015.962573] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2015.963223] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2015.963930] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2015.964602] ? lock_downgrade+0x6d0/0x6d0 [ 2015.965178] ? find_held_lock+0x2c/0x110 [ 2015.965721] ? io_submit_sqes+0x86e0/0x86e0 [ 2015.966320] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2015.966998] ? wait_for_completion_io+0x270/0x270 [ 2015.967658] ? rcu_read_lock_any_held+0x75/0xa0 [ 2015.968294] ? vfs_write+0x354/0xa70 [ 2015.968792] ? fput_many+0x2f/0x1a0 [ 2015.969284] ? ksys_write+0x1a9/0x260 [ 2015.969807] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2015.970540] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2015.971263] do_syscall_64+0x33/0x40 [ 2015.971777] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2015.972470] RIP: 0033:0x7f04fc2c5b19 [ 2015.972979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2015.975476] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2015.976472] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2015.977433] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2015.978410] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2015.979335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2015.980259] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2015.981261] CPU: 1 PID: 10809 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2015.982410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2015.983543] Call Trace: [ 2015.983904] dump_stack+0x107/0x167 [ 2015.984416] should_fail.cold+0x5/0xa [ 2015.984961] ? create_object.isra.0+0x3a/0xa20 [ 2015.985590] should_failslab+0x5/0x20 [ 2015.986094] kmem_cache_alloc+0x5b/0x360 [ 2015.986706] ? mark_held_locks+0x9e/0xe0 [ 2015.987394] create_object.isra.0+0x3a/0xa20 [ 2015.988063] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2015.988752] kmem_cache_alloc_bulk+0x168/0x320 [ 2015.989367] io_submit_sqes+0x7099/0x86e0 [ 2015.989908] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2015.990665] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2015.991462] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2015.992149] ? lock_downgrade+0x6d0/0x6d0 [ 2015.992734] ? find_held_lock+0x2c/0x110 [ 2015.993320] ? io_submit_sqes+0x86e0/0x86e0 [ 2015.993922] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2015.994651] ? wait_for_completion_io+0x270/0x270 [ 2015.995330] ? rcu_read_lock_any_held+0x75/0xa0 [ 2015.995980] ? vfs_write+0x354/0xa70 [ 2015.996532] ? fput_many+0x2f/0x1a0 [ 2015.997046] ? ksys_write+0x1a9/0x260 [ 2015.997590] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2015.998325] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2015.999066] do_syscall_64+0x33/0x40 [ 2015.999585] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2016.000282] RIP: 0033:0x7f30d6b2fb19 [ 2016.000827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2016.003486] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2016.004527] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2016.005523] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2016.006571] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2016.007589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2016.008557] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:56:29 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x6, 0x0, 0x0, 0x0) 08:56:29 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:56:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.pending_reads\x00', 0x18000, 0x8) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r4, 0x8930, &(0x7f0000000b40)={'sit0\x00', 0x0}) r5 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000001c0)=0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x2344, 0x28, 0x100, 0x70bd28, 0x25dfdbfc, {0xd}, [@generic="0046cad55181c791b4bcd6ae7de7806e5a177f67f1977606ab337680eb8f1e19bb6c2e614b9bcb948154469df44374bfc21e4ceaaa1efaeb9ba4a29ca039cdf002fbe236a7b2b149586cf05e5dbc284ed3422a806045f59799b256931a669a820f20e1ea4e25e0", @nested={0x1024, 0x6a, 0x0, 0x1, [@typed={0xc, 0x92, 0x0, 0x0, @u64=0x40}, @generic="1c8f92a0745d59c963e528459f34558c6ad00d30430edadc59f09bef73cf8dca58a91209d8955666062d5bb60a2cfd631404f63447a9a814190a5c05f245f8f43ceb02aba7be67cb46dd715b94a0eca2d80a265688726c0b0ac807b54cdf21f366f0dc78e180dcc5a7b67f111cf41158b3b7e2eeae02d2c61da4e8e96e6f969b02f26ac53c7b34149c19d0c3eeb1a2fe27bf28c847b9462676baab3447643a9ad60b017694fce517e73d29d321ba0cfef0395e4bb4483d3b6bdab3d6dbcda22b42fb30bdc337907e26f617b66debe1a840aaaa9b8b3990ed4f7dc9b358ad886e012adaf89be90bc99611f99635e94c8045ebe5a22fcf7ba246f63e15f6d4ab57ee7f01231fce356dc48f8ca771bc626005869384e378d2ad27150f8e80628c1ce481e2a98ef50109bc47a7ff2cc43555fe09b6a66c5614346d09266a1ce002cb351ed066f49f46e5a3796ffcd6c483053a9c92924cae4a4fa57bfd163bfbf1578114c4456cae12bde7e07ce51ac820a00ec4e4ba2e48c9798125d7abb85ec40c8ec7170426d8a29cdff0c317b9bdbb2d76a72d7eb6d61dc525267da2357ac0eb35aa52aee64a5eb5164c95566e02284df88b34e52c91e12bb4409b6288493492b224a6f5b0f32b044199ebb31b30559e5ad34253e67797347f8ef75e80433c626fd15f67713ab7776dbdd8e033c09f20e408d50d6e1cd59be8b0cc65c59734e74cda6c3ae9cdc3bf1605b95d61e17ec951da1ba6c6bc6e6f3ab4928889a76315114fde007441d58fd676e951b901c3d2127b1b9400221068a43e57c8e117135b365e44df4d27bc6c15a187d4b616a4a194743b77d171b11a1155c2144e7d429f95cc3d07efa578ae35cec09d4a91885c288f450754478b6cad82cfefb5a792794920cdbd4f85aecfa6dcdbe1d8b6c2d81085fc5faecfedbca73bf6b55db1b1f7187953d43c1da164a297821142221c99f65c01db215355687e1d02e13690f58e3dd5041665095688e23352b7579aa2e84a951355f782b949a829835a23b2cb5791c5997ecf1a8b344d4f51e60f23416422989aa621b8612d3119f21f456d5a752be67f69095434bdd81284ee1fd2952421aa25218226092e99cadc952a030dc1c58198dede573a9566526bff746b4fa4bfbcea6a3a042f240ca02a41ff416fc4fcec74b67e0beca7799dd58cb12d9759461b0074aec9ca026354b67da8616d932096985a4507de76a99efc34d0b1de47262951207fc2539fc4445d41ffd7ae6cde0a39d3fd555048b35582fcb4eafd918200c73a1364ba1cd9cd46f7c2da81f7f7e1ebf0fef5b590351737cc7ae0b7ec94aa0b9f83876d47dfa0adbd0d34799eaebaa16d8933103d49fa031ca957310453228f335e2f82d8adb9df0b161ba630af62993a2e9a1f983a6c413c17dedf42febe434f55ecdfb15acaf28760d00e770f744681f17f6e777ac77061226dbb53015fcbacfbeb80e8fd73750c3854644848c8a0d514ad2a4ac7847df7c57fa2689407d57e55768bba235eb1ec43b0cebf751f235ba4f17c9ce2e4815e019f6153cdd2fae3d353a6d45745029a23e515e433b355e9427288e0071db1185e262bbf6d3c3d5e16b477192b3b2785db34c6f0960429c56254512a16ad961643c2a9c1e8f99e39f60dbdf4860b1d6313c84533efc7df1561d0d0d0bd60a1fd0e667c166c3258bc62b00fc7e6f82b8649bd804cb9d2b2fa44fb36a216a03df74f9591a12df3c2f5b4159fbdbf19eab8c43cd07b2421dfdfb80cff29b4899bb7c2d8f4b6b5abc147091b56c7d330229eedc9d6f8bb5193806df6518248dddc35a97d6a05d3104f68d446e7ec957ca8a6f218fcf829057530b55274631c502bcca6da3cafdd5b1e9758cdf6d3734adea1aa91d7332d2d86a499e1aad90a7444c10f8415f15710c64514051faeb5d404c6cc5c148c394d3c043707107fe6db33226db909368e58d4d8104ba022aae4b2dc1b6be8f041061a1bb55149dd6c973b9bf12bd886ad806f63c991795dca40ef9657b287a5ae5cb01d45e2b537925c98ce91ab218c4ef03c8ede2bd2342474de4a5e7bf99dad048c9ec44127b965e22cfc372804a6750af231bc989bfae773e23dcefe026fac66c7bf4b055d531242159fa3c1ce537cec5bf3437329d9f6fb815e9243d0eb97a09cc03cbfac8cde0bfc9c7fa5b56ba3c6f11707da3d3022f69be96a221b19c0757dd99be58330e7989952fd231c4f1bb838d460382a221cfb5b41e74c0aec1177954c317766303fb487f68089d3d5f2717ddb91799205a4fcfba5911efb24659e91b7c4827d99752535263387b016ec05f937efb8ef0ef35ce86b76d10252ff2f2ee8853a9568a728dc775bbed37cf816847091410b6c3b1e837e4bbfea4ea6d1dc1355462e5b424b9ef135b9065577a8408370ecb70d7c94f7bcb3a78f543fa4da7e00670cda51d68c3d71893a67d9ea63a3523b5b53f58c670831fe199bab9fcf55860dc2b2a87d89260078bfea694b9fbdcd09fae45f30a62967e9f5bd1a5b01bdc31443e63a98f88fc50e5a3c1ef05dff704c8692850992465a00f16f3d55c135123d7d53d160eeea7ffbc4490c826b32ee3ba34349d1515e8fce9f4170fa98f1e05f61dfabb8b31d1adb03bf98d2bf9f68883f3a60615375bf57828f2786f1ead1e2fbdbe28032a422fc23cf34b50666feac6f12161ecc273e2f80d91c6235af8a641b0b5e1e288f45b380dfae1dc686b57c0e09b386ca860833f101aa7ebb1e513c1a16e080df920361b0425e6c16f11974f4e33046126a4e4a4640a2b3ad788a816b9de8b0b76476bddd1ead137ceac9a18ab7be03b2a8a9597a7c6df30519f49b19c8ea302759340985c61c1a0399e6ff6a8cf29813e1d8881e6d471968e4a082408c40f7fe37d5887544ae57eae0e99548685b18e2570bbfac0741aa8e21409705eb75b206c96e5fa6677930867dcdae3864c7b49ebde8816b71afd441b7374c8fb6865f70f5205d211b2dcbeedb65093858da2c164561eac79b603492fc5f15141d465dfed31a75c22556199df8c50f131ed27d6a9cc73e15e345b28fa24b82dc56abaf71ca4b5b7e9b91543695e7b4863807b95f10dc509f9257446af8fe1cad4ebe3a7c4a10dc09e47327594d97e441be13db2671b0ff8516e0f024da74960d6909656c45f1fe6032459beb9d307a8f5efad11c2d36780fdd4ddbfc02255f0931e09b7b0e667dd57292f263975b000754e66daf73181e582b97f92e58df145badd89189499adfdd9616889cd8d0578fbd2137b3b2de65dcb5e988d5eb48f5709a3fe85553e1462685f1a54ee05d9ceafa78ddba37c887fa520649850d8b9060e0e250da9e35a76cd4bc4f910ec03130eee62c89d7de151b3c772f88b1efa8f072f0d3bcdb54bb27e58cbd340348e5a89a27d8a358d30be4007b174fb0364263e57ec068e9988c872265b0e47dddeec52628fc0e0098ea9cef962a4617f5489331f0bad77aecdf0f376416e3d2803d560db012af3ca2926c316a64112b3092bf243f4580496ed4cfbacce7562286e3a82388d68cab7571d77c947b4a75014b85ed7d226062e0b758bdfa1461b27e3468bdb7ab218341587f7ff14d10b5d37516e8d5c600b2d4c961b798adea47ccd4f88bf3eafcd893e1207f49c300275a3cf5786ed89c296fbc8489c965739f8cd2ad2f9df190ffac5cc29479f7bf427c7665d52ba036ee414e4d176d09e26c0cf61c5379f632b3265315b4ee2434329101be71e6e4645e605459c9946110714738114c8ad32bc79a00c369901bdf759b4ed11d4c2da211b87a735e3001951c5f6ea72a9a1c7d516b03fd37f6a7671bca6da54c8698f12e5eba05caba8405ac202da16e5e07ff3865b47b706cf71243e8955a9c6aafe5c9b165b7c24a085dd73b43b191a2a9e1488783b7146c5b89a1a5633953d3f9a0d806f40d69d1cb11312a87848da7dd333db28049af01640c5fce2b8227f734f631604a3df2a74b9ba799153429c4fb38b1b25ae041a7bd885fddd93e02f05f30eed6f413651b356030a2e99bef498a06d2a27e9ad265c56899ff96048eca1800f77c82cf5487dd8e1a4383cb4c42da144f0d9979e5109b62c28067a3f5e5033fcd9304e92b3d8bfd058920bfdfa89a9742c43d094252694d5867b7d25034e0260c0dc186b40edefb3c11864949fa06646a99b2cd79a7b60f20acbf4f8a7b74bbb3f9d8d8b98788b6284dfa5c8b780f70d0437af77cf94335f554119f91421ae254f48c99072da0fa5a28902f81740e08b9d5956533da99b8931a9e292f520a937ad40ea51dc451d967906a896150e1fa39c2a2e3a39318e2067abeb974477e571f1dc2b7adc5e5378d9c25393339a77098c4cd7ba756b877cb3a593a736e4444a6858114ac29fde00e4286fdc6d87d0aa560ad70a8e166ab617c28d71812aaece789fa3c94e6c677e7ce6853bb39eb9c414ffb01c0a29893628f596ba012438de8186e501292fbe32e9779f396dfe1dbd3aeb38433ee3db357427e982db744c306ff48c7d3a8c609da2b15e67042c4e0d369cf56ffacce2178b2765b74e930f5a6b8e7ca3a838a221b16c913c880ad28e1070e8dc6debbba47290b6b4270dc6ed1249d448bde09b57c2d665d2a646de17d54b7f629220d1595a9f9ad7baf161fc03348f395346fb61702c1c9c34cd05cff7dd2459bc42c6ca3d435b60ffa411059f4c76c9e2798c403331b2c177b47b7bcd3983223a5d7281f22f7c2a4e21f7021fd7c90c6afb490b20eebebdc1c508ccc293d958108b29f85727cdad1c0785611996d164273f298d5e900b57ff645e79f67d2a93ef9f3264613508f4bf02f1dfd8c8deda80b3d402c77c4832f9c4bf43f43f9b0f8d01a5bc108d57be4f510cfb1c7c2199f694f6e5541dd6de2b8be176685991a2c99116009702fa3b08942bb5c553823dddd3ae864fb7dc29d4ffe80023f32ccdbd6e54da283b9bef8cbc07bbbe6f039ca51dbc14367e9eb14dc071f320e2ee096f52b621c3300b6910b8b7aee3fda6c05081e49271bf243a8821481b97200c29b4b439063d7514c4437078355d8568ccc237b54ba9e30c12f1f6b1153d3eb4466e15c8e1914d3ad6f325e9bab496da060c49f3251af527937b2ead846b762af6a5f6848aa51381b3ee7b0cb61dacf5a5ad2e21a30f0fbde2ab2bab118b37d10aa5a56f81393a275fcfe4e6505611e806f233080c36b4c83c9f260c7e1ca0834446182087a86b237f274e1f17ac058a6d9f5b0299d47069b536200b52f5f386afa0614b1ea7d18f67f8ca5a5a060c12e01f210f82e71c4ebdd9c26840b5856f8c675709c78be671ed5e1dde7997190455fd7ba14e41c774f9edaa694296e6a242808053303c20016a359a00d1f7ad501895dff058d311a71f856eb5ee3bd95da18d32a96fc9d77662dd977ba3aa03d3b45256e5fa62cea19cdf25fe98a63651c6a88dec27ec60973310c8d3c36f11777237096d9bb7f72fe12dc13dcef634097c36dd935db4a5dce284ed2aa0b8eabf8e4da157f4a6c1afb680e44af4833206b1f863f85ee66a70bd96bc214a6e0201b38431f592c2ec0baf143b50a399d934225474c4fa3ba2ef166e86382c55d5acee4f9f1351766718f544301ad1bb756d9ae8c95359b1a22d75bccb8124f9d767adeed9eea9aeb3298ecc574440c730aff27f419570b7f010fdb0cb923119846ff0404b59d143c4297bb21d51d2a922188157a327b1cb9975b45aeaa585beb870a8d77765a75e030e2cf61700692b895029a", @generic="76bcd5cafa3a1248", @typed={0xa, 0x36, 0x0, 0x0, @str='wlan0\x00'}]}, @nested={0xeb, 0x26, 0x0, 0x1, [@typed={0x8, 0x87, 0x0, 0x0, @fd=r4}, @generic="439348b069d15b6eac78e7bcf3fb1c7214e2bab1d7473b1fa216df64d5373c417d83363a4c843b7c3fa5eb59bb11dfc05d4726818506f05cde6226a73357da0f8d0a44d1cbd9adf47ece0ef89ef1fb89639404e2f26f1b561b9aec1fa6152bedfdbf838b1c25fd171515bee22d967b125dbe374ce6627c63a8a3195c12feea18ac9dcc1f6251c4975a499f239b6841bf46c0256aaad40c16bb5a3f5ef1a7ea60bc9ec61a08328e4bdcbb685c29c8760ae32f532a5680cba2596e7660da5ca0932b4cbd31578f7d4391230a9a024eecb0dd070a31afa02508a7e935a4ab7f97"]}, @typed={0x8, 0x3b, 0x0, 0x0, @fd=r5}, @typed={0x6, 0x3, 0x0, 0x0, @str='-\x00'}, @typed={0x103, 0x11, 0x0, 0x0, @binary="a67f5f8193b725086076216332592de612db3ee90b96ac8a6a8716820477a4ab9093677497bb1cd0bb4881710f29e346a2d657ceec71e432d0e8ddca0cf167a26f474c4e2426c70e426f590115e833713c56a12889ce1865e097351a2e62086c1287649c10dcc7d700953a44f308682132bdfa011ca2fcd0ef504403b983c7f5aa91034c45863cdc32d79f7c99fe702c79f4abe7462833c611609d5efd8a3a6bbd9f3ca87c0f52162415418edc34776249743701c1c210568253abb01b7c76d669d9e5547dd6bdfe687a02dfb9e40c716c650e86f5a6967bea4493a0265e21cdf28886daba4c0108ab03dead7b53803cc6747ac1917256392c61a0e9d55bf7"}, @generic="8ceba43122b16cf7ab7a98c62816f73d3faa72d1b690806c26ec7bb5d0b635f10a0f54cf249bba3e3b5272c6ae645e717011299f8c8df2b13a2845223f52366d814f7756b02c7012bd5b39feddf3c435e11ac32bb5843bbbc7c07aad5bf9b708eea350a22215b85169af8ca88ec60a886a97d8b6c0f3816a748d6e128e9c5c27c3d554abfede4f478b4fa0a29e0fd25a3e242dd8bc3b33817bf0e0", @typed={0x8, 0x89, 0x0, 0x0, @uid=r6}, @generic="e8923672ffc6281adadfac1cdb1b1ed40f409b00487c3bdfc89a01342ff4a071264028c1c204238ee17d832069c654973e664a0132674067545b3e6442421776c97eb6e70e01a5aa000869cee938f24cb3dabf8deca607b386f4f8eafae3368f3a91e2ffb976285b1abdcfcfff2de1eb290ace0fd124802d77a4a0b5ad89774115ed2f6c94bdbb43fb0bd5bfb21dea4bdb0e8606e452ff3cfdfc4cebfd8fe76d248b042a919156bd01b85e5f867c5be97a394c19b794e9add356eb44044eb4780ed8b8a51930f5153f200f035ec6a53b5321383102aa4ebb3044695d88cd0cf5a63d88c8eb40af2ebee7efec34f8224c679d31bd501cb4ed2c37e9f89914eccbafe027188cbfeaf6b9e6cd71c52e2e363d7ecc7a66082e494c97d9ae397d17eec35f849eb9cb44308a599e4e79b5307ca3fddfa55ac0755008d6296b6691fa1ba89e03a9ffbda1ab24f398e6e152952d9bdfbf45c3427908f3753f6b8fab4948cf068570a9691ddd1d60d94c67d0a134f8b593c2b99d8399c87fcc55c5a6c35dd66e9e6f3530464d1f002b7b70fa8a7fec18ccdde7e83ef70a70869750257323783daf70db404a76f156d325878a7a8c9e473d70223d0cef832ace559cc626cdba30cacd85dd806463a30c21360f5d0848327373e3558267dbee846e75ced7cedbdfae2ae33cd393de6f979fca091c834c5669f8dba89be82c9bdab4221513e5771c226c7917dd2f9a8830a10087b83c6ed1f6df69f56e779e48add8fa30c607edfe714ee5da959c5cdb3335d5fc536b99c23ed3e6441be4d3296971a9b7d95e5460381326d6b15598d8e66f3fcc60430da7fb608b88640114f9a8ea4e408f7ebfd252bf0beb5c53e79f911a86ae7f58886a07ceece449e5781e9409410742c774207656c6dc2c65174ba0351b193d02c3216fd0d776979aa95d656ebe877154fea300dade8d923f00733e6fcf427127fd37cb9c16e3f3d06bea40cd08bd19b41d8146f6e64b9826ad52f9ce827eb14fd789409cf1060af8090358baaaae5073f5779e07309e987e73b0ad378b5f1ab3dd62e5937de279d08f2a5b942eb276410f5081fb8a32659da18bfa61307efe8d1fc435d90162c4b08585cd35f0b500c61527770f0f5f0bae97ae4b0b9e9f6b1928253074f83396c6e1c538bc03e2f2f9a8218b29149572d9ccc2159d6acb0441fc851d892fdac3de8d82d17f842c980f2434c0871f767e1de7e16b6e197c76cdfc8b4cb8c73935a9ebc14dca989d9d43b80d09c09a3114d33f176d0ebe7184e6c554c5d1173c2d343b41b606c61634e6a0c7ca6e8d7921bc8e424446c053b40c33bde8c31d589585b440dece1b188a402e83a7740534c111314537a79eaaf21169b14300946ae560a679a8be7446db87bd76f975cc37542af9347fc9b5352d3d8bc15586ef6f96a2eefa48fe5cff8293f18cd2c1d4c7596b26624fe31fa93e15884cc0a3389621e9c770e09727564bb9bde991bbb681c6285391a704454dbd49f8889a5a6492c7e69c1b1dc1da766e47f8d74f13b0ccc77536796503c520663f50111a67d2af7e9f75a67638b27db17c5d1ef296a00c095d67bd24d2073c6906e11a142a7d8eed1d6594ba659edf8464cb6ed932935dd692841ff623c7eb083706f6e1f005b515e7fca88916c598d0d946fe67eca7c992c50c21b1f6d22659418e9c2756f7f27a35b5362c928750d174de867df3af79ac7c25465a647c9a7013ab355194584e1a3a2fc64e78afe0726732e0070addc0cffcac46aec4d8b2489fa82c46d0ec64d2fd875fa33d50268a2be08b9c331381ae96162c6a1741ce2680cbbc28e9a4c898c455673058a0385d5c96cf43a7efd0bdce3cc03e6315d9a52342fe8582c1c17acf2bac4c51b295c0b3c1978fcbf8fd103b974a53a920f52a4ba9de6acdf52a9c569f910d93b53c62768fd10ca499374c1f2a7008a6b7b10ad04093f7f3f865bc8ee335f3148707037e2e582a2489883c84cbb1a058050af8ad89fbe2d2662923b857bddbfa06bae5b1599220f585788ee1a91246f3e1cad9cc5f638797c66aa71f48dda135226b367e764e2447cc750f611720a4460ffe1dce002b3e452de523983e7311f30219de2821b4f6ebc56d2259519dd40cea34c737bbf8b21f460af50a3e634d74da0c99e966739bd4490d206040cca663910533bde9c94fb98ca80762d6f5fb8530cc0e540372312e1d65d9c9098d0fcf03934ac70dd9d0d712d4316348e47fb3aaf060639a3c7452ba16ec7304ab750187e0d34c75161d7e3a8f9fff35df49afa8a3881bd77ba03f944f95c3b9ef742c3df452eac35075453bbb2114900b0730fc026ac8bad14fae75bf8e10208a3938624451fb06c8b38eb6516fd8a0e9727bcf7351f184d90e929f2d9e5931bcc0a11a6df935c273f9f2a504180388204bf870934637eb51fa28a4d0c80fdd6cb0a8728c7117998a79a1d5b99375f6d18643259362e93cda5dd1a20377a7b73497d8de0a51e51f02a4fba0db551e01dbb39aa5ba0d0d3623e459e8d8d0022cef59209a344e27858dc993c6c343d5976c5e2db4627a124466bdfe3338252ca931597720a0dfb98a5407897c379f098f5705beb075fa7da815e3ad98e1d1ddaaf6a95765f38f0990e00c60b68c1373d2a7e8c628110bb4d811493100e825b62ba0f78a7dcf2453d8006444072c13eb2aea4815659b50e8ba06f86416f88a5dd4ce6f1c09a226adc63f541170ef8ebabc6ddcecce23f812939694ac8bc78c0723f3929271f9befbd0efa604bd3b843eeb3f5076de7ce38806cf189329f124427491c602aa7b6387cbe345f38e605fab44d08137b0750aa070c3ae022a113e5f26972a8b4e1e40ebe41eadc4fbc6bccf65932f9d92c4bbaa773ff72a742fbcfe3048ce94647e866d71bdbaabc490f719dfcd247c8bd0b3c476a9d59509d6255bf63cb26e2bd1307a3d82abeae356d063a0ba245c91ffc9006e8040cdf79f90f1a66464eff377adb5765a342ab78deb0f40f76b8363ffdcf57c2cb5566ed6ec5340780b79cc5bcff47d27cad6d9084bfcab262527568c2427c60a2e82aae1f61d7839b94ba8b0625ec28ade0a38475cd2425482190d6a05c0e93b920e275c639365326f63cca16f6d28b115ce3b2bc6c2e76ca23a36fa159677702e3a5352fe3d2e5f6c8d6a3067a6d97b14534f4a05b44e7bc1c20514441e581a91bab21c7180357e09e37c01701169235265549aeade489813fafea010c4c4f3b14cf29a20ed8c2535490a8bf97e1e71319c2f8c33451e7b413f28abb672be6ce65e7b8d9fd4858f769608fde84c4fef4baa4f9c4b1c2c7d7fd8018dbb6c549b534eee5afd889837930366e2e4e903137ce1a84cbd92cd59fe0aaa0184e3d85bb41d02878f17fe9a1806b8b226628346bf7c1ab1ac83c09ea6c0dc476d135b3a26fe0eff34f42d059e46c83546ae7cce93abb94aea86757df869c1a32e0b74a63776eb092506c9ebabe80d9c7396a1f69b489a3bd0353b4ef99775d856487e72e215b761e2f262dff6200a5a4eee96dcb53667673e29277775d129bb1921add2df2a4cdaa8da83bd97ca652cc20b5eac2b02a941d62eed116bd806741404a7fdcfde2de0a10dd1da2b84f4bd9be1b46af76e8776d80b2ddc9c14c6ed14ff4e36055b8e53cfa7d6e57eebba8b328155045f75bfdb38e4a507c7270b139d5910fef276bb8dfb71b45708cdf742789f8b015f4f14aa2a631cc7d525c7228d5b28fb3ef011654beeda9bee6389316ef6a0930679adfaa06fe52316a3d76b769c0c58dcc852400da3bf730cd1920dc1ab9507250954de62d5af526130459236b42fbd9b8b4a4a3c90eada6debe06e58a466a9d0ef04d71966fe346e0fe7ea92f0c2574d091f868f10ae46c7c6f344cdd36f4948bc1d035d8d1987064cac2e8214f8c55e5f175e84b662e1c31e828b1adbac8bdc1872a8acea2e05d7a5346bedab46f0bb525f0cd43c615c75377a76e13db5bccc0b0af4a2887a7415617e09531251e2a54bc086b4076b996a07452d94ee7b628a54a594071d2397a883ffffa98b9ce7be1191305b6d63afea43287c24067c62644610a66b440ac751076d07073d933c4d51e93598b6885211dfb1c1a1abcd5a986d7d44aa6a6a1bdb160f3fa32c6287f182064dce26ff5bba1fa0bfb8c68c58022c649d5d3a203f4b0e5f4d7a1646e95513645267fb0c4256c813297b3ac8ab9e44d708dd09eae9e417ec655131ff1bc6d27793ef1800163a27c10d4c163781d367bbcc0a4faf5406a40d6158280e964757bb52f88b92b8cecf82f3ddfee38c7118aa01e5fa345a4a84c1b0978e82e402c82298af76d5daede441a8018ea2e138558e30420f8a5af4ea10d0be60af97d2836cece6056770941fbcccf8eaee06190db2feafdc7ee06b93c35e4f41c05b8dd62e4e6f8bdbbb620dafc20a0838c7e96852685f487fce88f1b73d80cc044c419126b1b33d1f364b45c409e8bba88aaad5c8c240c6932566d7cdc6c0efe1d2b527c04cec804fe80695a241c1f831c1fcb15d3e31742ec682c6323e18c8c47ecebeb9600f1191290d4350d8ec0517a6396abe8eb584c2e1671eeaa085a435079cafa922f6b8a5d94d6d485a5cf2c4069473cc1802d53b17ba119238aa596e134925a8c870cac3bc2598b1ce0cee2f339f9b361e28a7def3e81361b9a70cbb7e17bc62e792d0d4a2462bf21a54fe3852d306a03bfeadab44e9d5cfd498c3e5efeb58dc1d40f1565120e72fdda42ea9f853f087c979008c6ebd414e3ee1f1b04d66306c37b512bd41ffed1fdd3afccc9d73007fdb389e90b36097789c6d51f8f31a497527a4c0a5f4060267987a3589d0574b85c93a2eb13498ca4f181c3a9e4ed66b5c7cc9ab5ffe2cac0561b53c526c275bbbc86a0f18f76b06954ccd5ddfefd38ee2b9ac95231809ab425745952a28c4de6525a41ad8e3307b4a5715804165f8229f57443ed6d4c119df8c4b52ffce741af4548c60d380ef5cadec87be79b6899bc09b3f0230f6375ad14aff36b1713fadc3050390090eca85e62ce453d8854704ee9d1a34e934bbfb3dddf470b85ac3efc440f07db9b8b93390444b5419fe244a999053ffc4e66babe31bead044b957a625e66cf0455cf62d498705b2c4f14f0f437f550cb85a3e40342b3dc47d216511325131e96d07c5c09db76cbce0ce6696982e520e787e98a13f7a2b10323148a879b8362e1a9adf16d326f92acd5b54c3376ccea29f4654549648020b41b75c88690c58478cca92f00a55a37697e04255a92b5345ca7a051bc99f540525c95826f741022c63ab0ac1e8c32349e26cbaeb901863c3502328f5843313be0aec3bc0e4df1dd8633dac8fe0a07b2d25b4f53566e0d5db49da16929e6ee4b8807667e7daf20f6dc8b3bc6a98ea12c3b58030f90ed31694ba16521b5dd331fcfa11ef0593a321dd165152a69bc2822a7755096c11bbf896560726028dec36105aae72f1639c658f177ef7fee48d7558e38edeff6f95b02fac6bf5a8fc567535e6648d862e6b263300a06ea0fadc38f94395dec8f8c422058bb433b8daf2b5a50eb4d507d197dcfd5262536776d83d11ff1e8924c6b9a98c803b820ef37754a323214cdc8db16c5b115c88a2937839b258a8e7c8bf1f1e16898bb8b2cd45516f140be0c231e2c9e4f82a117eb836f04cf83f12ce4e9c01a8206aae715a63f9ac1a39b73fb5ca4715f8e8ed780da16db10ce057973cae8b7cd690e9b2f195dcce994c10b0fed0efedd3b5e1abde6bccc3"]}, 0x2344}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x30, r3, 0x8000000) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:56:29 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x7, 0x0, 0x0, 0x0) 08:56:29 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:29 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x3, 0x0, 0x0, 0x0) 08:56:29 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2016.298206] FAULT_INJECTION: forcing a failure. [ 2016.298206] name failslab, interval 1, probability 0, space 0, times 0 [ 2016.300389] CPU: 0 PID: 10838 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2016.301386] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2016.302567] Call Trace: [ 2016.302959] dump_stack+0x107/0x167 [ 2016.303516] should_fail.cold+0x5/0xa [ 2016.304053] ? create_object.isra.0+0x3a/0xa20 [ 2016.304748] should_failslab+0x5/0x20 [ 2016.305307] kmem_cache_alloc+0x5b/0x360 [ 2016.305890] ? mark_held_locks+0x9e/0xe0 [ 2016.306525] create_object.isra.0+0x3a/0xa20 [ 2016.307121] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2016.307797] kmem_cache_alloc_bulk+0x168/0x320 [ 2016.308492] io_submit_sqes+0x7099/0x86e0 [ 2016.309106] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2016.309815] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2016.310548] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2016.311231] ? lock_downgrade+0x6d0/0x6d0 [ 2016.311829] ? find_held_lock+0x2c/0x110 [ 2016.312427] ? io_submit_sqes+0x86e0/0x86e0 [ 2016.313016] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2016.313702] ? wait_for_completion_io+0x270/0x270 [ 2016.314441] ? rcu_read_lock_any_held+0x75/0xa0 [ 2016.315059] ? vfs_write+0x354/0xa70 [ 2016.315599] ? fput_many+0x2f/0x1a0 [ 2016.316071] ? ksys_write+0x1a9/0x260 [ 2016.316618] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2016.317319] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2016.318016] do_syscall_64+0x33/0x40 [ 2016.318576] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2016.319270] RIP: 0033:0x7f04fc2c5b19 [ 2016.319775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2016.322424] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2016.323563] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2016.324556] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2016.325563] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2016.326621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2016.327736] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2016.369584] FAULT_INJECTION: forcing a failure. [ 2016.369584] name failslab, interval 1, probability 0, space 0, times 0 [ 2016.371272] CPU: 1 PID: 10844 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2016.372218] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2016.373326] Call Trace: [ 2016.373736] dump_stack+0x107/0x167 [ 2016.374294] should_fail.cold+0x5/0xa [ 2016.374945] should_failslab+0x5/0x20 [ 2016.375590] kmem_cache_alloc_bulk+0x4b/0x320 [ 2016.376239] io_submit_sqes+0x7099/0x86e0 [ 2016.376858] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2016.377550] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2016.378243] ? lock_downgrade+0x6d0/0x6d0 [ 2016.378853] ? find_held_lock+0x2c/0x110 [ 2016.379448] ? io_submit_sqes+0x86e0/0x86e0 [ 2016.380099] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2016.380770] ? wait_for_completion_io+0x270/0x270 [ 2016.381436] ? rcu_read_lock_any_held+0x75/0xa0 [ 2016.382079] ? vfs_write+0x354/0xa70 [ 2016.382636] ? fput_many+0x2f/0x1a0 [ 2016.383129] ? ksys_write+0x1a9/0x260 [ 2016.383675] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2016.384394] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2016.385095] do_syscall_64+0x33/0x40 [ 2016.385594] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2016.386281] RIP: 0033:0x7f30d6b2fb19 [ 2016.386854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2016.389391] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2016.390459] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2016.391430] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2016.392390] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2016.393358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2016.394339] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:56:29 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8, 0x0, 0x0, 0x0) 08:56:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:56:45 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:45 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:45 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r3, r4, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, &(0x7f0000000140)="fea62bda65db91429b5f9505854bd2d0d4350b2de41e158295328e55f60fd281e506fafa4bb4e00a01384bfc37b9bc5ee19768caa427d5af6df66ada85df9882e8b2731aae44e7d5c85327e730617d6d405e", 0x52, 0x0, 0x1}, 0x5) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:56:45 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x9, 0x0, 0x0, 0x0) 08:56:45 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x300, 0x0, 0x0, 0x0) 08:56:45 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:56:45 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:56:45 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) [ 2032.301066] FAULT_INJECTION: forcing a failure. [ 2032.301066] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.302829] CPU: 0 PID: 10874 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2032.303737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.304848] Call Trace: [ 2032.305216] dump_stack+0x107/0x167 [ 2032.305718] should_fail.cold+0x5/0xa [ 2032.306221] ? create_object.isra.0+0x3a/0xa20 [ 2032.306876] ? create_object.isra.0+0x3a/0xa20 [ 2032.307467] should_failslab+0x5/0x20 [ 2032.307956] kmem_cache_alloc+0x5b/0x360 [ 2032.308528] create_object.isra.0+0x3a/0xa20 [ 2032.309109] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2032.309769] kmem_cache_alloc_bulk+0x168/0x320 [ 2032.310387] io_submit_sqes+0x7099/0x86e0 [ 2032.311028] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2032.311686] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2032.312328] ? lock_downgrade+0x6d0/0x6d0 [ 2032.312860] ? find_held_lock+0x2c/0x110 [ 2032.313411] ? io_submit_sqes+0x86e0/0x86e0 [ 2032.314002] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2032.314685] ? wait_for_completion_io+0x270/0x270 [ 2032.315381] ? rcu_read_lock_any_held+0x75/0xa0 [ 2032.316025] ? vfs_write+0x354/0xa70 [ 2032.316558] ? fput_many+0x2f/0x1a0 [ 2032.317077] ? ksys_write+0x1a9/0x260 [ 2032.317619] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.318359] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.319128] do_syscall_64+0x33/0x40 [ 2032.319648] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2032.320377] RIP: 0033:0x7f30d6b2fb19 [ 2032.320853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.323391] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2032.324419] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2032.325387] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2032.326333] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2032.327350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.328292] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2032.336153] FAULT_INJECTION: forcing a failure. [ 2032.336153] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.337836] CPU: 0 PID: 10868 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2032.338819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.339987] Call Trace: [ 2032.340367] dump_stack+0x107/0x167 [ 2032.340870] should_fail.cold+0x5/0xa [ 2032.341394] ? create_object.isra.0+0x3a/0xa20 [ 2032.342037] should_failslab+0x5/0x20 [ 2032.342547] kmem_cache_alloc+0x5b/0x360 [ 2032.343139] ? mark_held_locks+0x9e/0xe0 [ 2032.343727] create_object.isra.0+0x3a/0xa20 [ 2032.344329] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2032.345036] kmem_cache_alloc_bulk+0x168/0x320 [ 2032.345678] io_submit_sqes+0x7099/0x86e0 [ 2032.346238] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2032.346981] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2032.347656] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2032.348315] ? lock_downgrade+0x6d0/0x6d0 [ 2032.348933] ? find_held_lock+0x2c/0x110 [ 2032.349579] ? io_submit_sqes+0x86e0/0x86e0 [ 2032.350169] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2032.350861] ? irqentry_enter+0x26/0x60 [ 2032.351456] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.352174] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2032.352873] ? trace_hardirqs_on+0x5b/0x180 [ 2032.353458] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2032.354179] ? __io_uring_cancel+0x20/0x20 [ 2032.354818] do_syscall_64+0x33/0x40 [ 2032.355313] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2032.356013] RIP: 0033:0x7f04fc2c5b19 [ 2032.356522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.359025] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2032.360036] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2032.360980] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2032.361945] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2032.362927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2032.363856] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:56:45 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 08:56:45 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xa, 0x0, 0x0, 0x0) 08:57:01 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:57:01 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2048.353100] FAULT_INJECTION: forcing a failure. [ 2048.353100] name failslab, interval 1, probability 0, space 0, times 0 [ 2048.355063] CPU: 1 PID: 10901 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2048.356015] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2048.357176] Call Trace: [ 2048.357563] dump_stack+0x107/0x167 [ 2048.358132] should_fail.cold+0x5/0xa [ 2048.358747] ? create_object.isra.0+0x3a/0xa20 [ 2048.359473] should_failslab+0x5/0x20 [ 2048.359989] kmem_cache_alloc+0x5b/0x360 [ 2048.360544] ? mark_held_locks+0x9e/0xe0 [ 2048.361101] create_object.isra.0+0x3a/0xa20 [ 2048.361714] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2048.362419] kmem_cache_alloc_bulk+0x168/0x320 [ 2048.363104] io_submit_sqes+0x7099/0x86e0 08:57:01 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:57:01 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:01 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xb, 0x0, 0x0, 0x0) 08:57:01 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:57:01 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0) 08:57:01 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2048.363965] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2048.364663] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2048.365341] ? lock_downgrade+0x6d0/0x6d0 [ 2048.365951] ? find_held_lock+0x2c/0x110 [ 2048.366527] ? io_submit_sqes+0x86e0/0x86e0 [ 2048.367170] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2048.367821] ? wait_for_completion_io+0x270/0x270 [ 2048.368495] ? rcu_read_lock_any_held+0x75/0xa0 [ 2048.369143] ? vfs_write+0x354/0xa70 [ 2048.369675] ? fput_many+0x2f/0x1a0 [ 2048.370158] ? ksys_write+0x1a9/0x260 [ 2048.370663] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2048.371440] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2048.372115] do_syscall_64+0x33/0x40 [ 2048.372635] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2048.373342] RIP: 0033:0x7f30d6b2fb19 [ 2048.373863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2048.376345] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2048.377350] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2048.378294] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2048.379273] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2048.380248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2048.381203] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2048.407424] FAULT_INJECTION: forcing a failure. [ 2048.407424] name failslab, interval 1, probability 0, space 0, times 0 [ 2048.408823] CPU: 0 PID: 10909 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2048.409567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2048.410457] Call Trace: [ 2048.410747] dump_stack+0x107/0x167 [ 2048.412458] should_fail.cold+0x5/0xa [ 2048.413000] should_failslab+0x5/0x20 [ 2048.413530] kmem_cache_alloc_bulk+0x4b/0x320 [ 2048.414148] io_submit_sqes+0x7099/0x86e0 [ 2048.414741] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2048.415475] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2048.416136] ? lock_downgrade+0x6d0/0x6d0 [ 2048.416683] ? find_held_lock+0x2c/0x110 [ 2048.417236] ? io_submit_sqes+0x86e0/0x86e0 [ 2048.417837] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2048.418488] ? wait_for_completion_io+0x270/0x270 [ 2048.419194] ? rcu_read_lock_any_held+0x75/0xa0 [ 2048.419828] ? vfs_write+0x354/0xa70 [ 2048.420331] ? fput_many+0x2f/0x1a0 [ 2048.420812] ? ksys_write+0x1a9/0x260 [ 2048.421357] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2048.422080] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2048.422881] do_syscall_64+0x33/0x40 [ 2048.423416] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2048.424166] RIP: 0033:0x7f04fc2c5b19 [ 2048.424752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2048.427402] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2048.428506] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2048.429510] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2048.430539] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2048.431576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2048.432579] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:57:01 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:01 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xc, 0x0, 0x0, 0x0) 08:57:17 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:17 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:17 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:57:17 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:17 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0) 08:57:17 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r4, r5, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index, 0x4, &(0x7f0000000000)=[{&(0x7f0000000180)=""/105, 0x69}], 0x1, 0x11, 0x1, {0x0, r7}}, 0x1f) syz_io_uring_submit(r3, r2, &(0x7f0000000000)=@IORING_OP_SPLICE={0x1e, 0x2, 0x0, @fd_index=0x1, 0x7f, {0x0, r4}, 0x0, 0xf, 0x0, {0x0, r7, r0}}, 0x8) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:57:17 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:57:17 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xd, 0x0, 0x0, 0x0) [ 2064.353072] FAULT_INJECTION: forcing a failure. [ 2064.353072] name failslab, interval 1, probability 0, space 0, times 0 [ 2064.354033] FAULT_INJECTION: forcing a failure. [ 2064.354033] name failslab, interval 1, probability 0, space 0, times 0 [ 2064.354491] CPU: 0 PID: 10941 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2064.356967] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2064.358106] Call Trace: [ 2064.358469] dump_stack+0x107/0x167 [ 2064.359045] should_fail.cold+0x5/0xa [ 2064.359543] ? __should_failslab+0x45/0xf0 [ 2064.360138] ? create_object.isra.0+0x3a/0xa20 [ 2064.360763] should_failslab+0x5/0x20 [ 2064.361272] kmem_cache_alloc+0x5b/0x360 [ 2064.361804] ? mark_held_locks+0x9e/0xe0 [ 2064.362354] create_object.isra.0+0x3a/0xa20 [ 2064.362942] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2064.363635] kmem_cache_alloc_bulk+0x168/0x320 [ 2064.364251] io_submit_sqes+0x7099/0x86e0 [ 2064.364821] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2064.365482] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2064.366188] ? lock_downgrade+0x6d0/0x6d0 [ 2064.366735] ? find_held_lock+0x2c/0x110 [ 2064.367335] ? io_submit_sqes+0x86e0/0x86e0 [ 2064.367944] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2064.368589] ? irqentry_enter+0x26/0x60 [ 2064.369123] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2064.369818] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2064.370534] ? trace_hardirqs_on+0x5b/0x180 [ 2064.371160] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2064.371902] ? __io_uring_cancel+0x20/0x20 [ 2064.372506] do_syscall_64+0x33/0x40 [ 2064.373065] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2064.373777] RIP: 0033:0x7f30d6b2fb19 [ 2064.374267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2064.376723] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2064.377762] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2064.378777] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2064.379812] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2064.380770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2064.381746] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2064.382770] CPU: 1 PID: 10943 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2064.383745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2064.384953] Call Trace: [ 2064.385356] dump_stack+0x107/0x167 [ 2064.385882] should_fail.cold+0x5/0xa [ 2064.386401] ? create_object.isra.0+0x3a/0xa20 [ 2064.387039] should_failslab+0x5/0x20 [ 2064.387529] kmem_cache_alloc+0x5b/0x360 [ 2064.388083] create_object.isra.0+0x3a/0xa20 [ 2064.388687] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2064.389320] kmem_cache_alloc_bulk+0x168/0x320 [ 2064.389989] io_submit_sqes+0x7099/0x86e0 [ 2064.390598] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2064.391332] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2064.391957] ? lock_downgrade+0x6d0/0x6d0 [ 2064.392476] ? find_held_lock+0x2c/0x110 [ 2064.393011] ? io_submit_sqes+0x86e0/0x86e0 [ 2064.393604] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2064.394243] ? wait_for_completion_io+0x270/0x270 [ 2064.394868] ? rcu_read_lock_any_held+0x75/0xa0 [ 2064.395490] ? vfs_write+0x354/0xa70 [ 2064.395965] ? fput_many+0x2f/0x1a0 [ 2064.396463] ? ksys_write+0x1a9/0x260 [ 2064.396997] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2064.397735] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2064.398467] do_syscall_64+0x33/0x40 [ 2064.398938] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2064.399593] RIP: 0033:0x7f04fc2c5b19 [ 2064.400076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2064.402450] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2064.403478] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2064.404415] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2064.405359] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2064.406297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2064.407246] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:57:17 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xe, 0x0, 0x0, 0x0) 08:57:17 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:17 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x3000000, 0x0, 0x0, 0x0) 08:57:17 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r3, r4, 0x0) signalfd4(r3, &(0x7f0000000000)={[0xa71]}, 0x8, 0x800) 08:57:17 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xf, 0x0, 0x0, 0x0) 08:57:17 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:57:17 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:17 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) [ 2064.632621] FAULT_INJECTION: forcing a failure. [ 2064.632621] name failslab, interval 1, probability 0, space 0, times 0 [ 2064.634634] CPU: 1 PID: 10967 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2064.635682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2064.636844] Call Trace: [ 2064.637219] dump_stack+0x107/0x167 [ 2064.637709] should_fail.cold+0x5/0xa [ 2064.638276] should_failslab+0x5/0x20 [ 2064.638800] kmem_cache_alloc_bulk+0x4b/0x320 [ 2064.639466] io_submit_sqes+0x7099/0x86e0 [ 2064.640048] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2064.640712] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2064.641372] ? lock_downgrade+0x6d0/0x6d0 [ 2064.641940] ? find_held_lock+0x2c/0x110 [ 2064.642493] ? io_submit_sqes+0x86e0/0x86e0 [ 2064.643154] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2064.643856] ? wait_for_completion_io+0x270/0x270 [ 2064.644521] ? rcu_read_lock_any_held+0x75/0xa0 [ 2064.645125] ? vfs_write+0x354/0xa70 [ 2064.645617] ? fput_many+0x2f/0x1a0 [ 2064.646106] ? ksys_write+0x1a9/0x260 [ 2064.646644] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2064.647408] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2064.648153] do_syscall_64+0x33/0x40 [ 2064.648650] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2064.649359] RIP: 0033:0x7f30d6b2fb19 [ 2064.649846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2064.652369] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2064.653393] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2064.654349] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2064.655333] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2064.656348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2064.657351] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:57:33 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x10, 0x0, 0x0, 0x0) 08:57:33 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:33 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:33 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x40, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xc}, 0x0, 0x3, 0x0, 0x0, 0x80, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000040)={[0x100000001]}, 0x8) io_uring_register$IORING_UNREGISTER_BUFFERS(r2, 0x1, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r4 = openat$cgroup_pressure(r2, &(0x7f0000000140)='io.pressure\x00', 0x2, 0x0) fsetxattr$trusted_overlay_nlink(r4, &(0x7f0000000180), &(0x7f00000001c0)={'U-', 0x10001}, 0x16, 0x2) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:57:33 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:57:33 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:33 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:57:33 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3, 0x0, 0x0) [ 2079.910690] FAULT_INJECTION: forcing a failure. [ 2079.910690] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.912623] CPU: 1 PID: 10990 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2079.913599] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.914746] Call Trace: [ 2079.915107] dump_stack+0x107/0x167 [ 2079.915653] should_fail.cold+0x5/0xa [ 2079.916213] ? create_object.isra.0+0x3a/0xa20 [ 2079.916901] should_failslab+0x5/0x20 [ 2079.917432] kmem_cache_alloc+0x5b/0x360 [ 2079.918003] ? mark_held_locks+0x9e/0xe0 [ 2079.918568] create_object.isra.0+0x3a/0xa20 [ 2079.919178] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2079.920029] kmem_cache_alloc_bulk+0x168/0x320 [ 2079.920704] io_submit_sqes+0x7099/0x86e0 [ 2079.921311] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2079.922006] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2079.922684] ? lock_downgrade+0x6d0/0x6d0 [ 2079.923298] ? find_held_lock+0x2c/0x110 [ 2079.923851] ? io_submit_sqes+0x86e0/0x86e0 [ 2079.924447] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2079.925107] ? wait_for_completion_io+0x270/0x270 [ 2079.925770] ? rcu_read_lock_any_held+0x75/0xa0 [ 2079.926421] ? vfs_write+0x354/0xa70 [ 2079.926928] ? fput_many+0x2f/0x1a0 [ 2079.927439] ? ksys_write+0x1a9/0x260 [ 2079.927970] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.928672] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.929363] do_syscall_64+0x33/0x40 [ 2079.929877] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2079.930588] RIP: 0033:0x7f04fc2c5b19 [ 2079.931083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.933625] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2079.934641] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2079.935647] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2079.936636] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.937622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.938584] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2079.948477] FAULT_INJECTION: forcing a failure. [ 2079.948477] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.949200] FAULT_INJECTION: forcing a failure. [ 2079.949200] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.950237] CPU: 0 PID: 10996 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2079.952705] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.953884] Call Trace: [ 2079.954293] dump_stack+0x107/0x167 [ 2079.954825] should_fail.cold+0x5/0xa [ 2079.955413] should_failslab+0x5/0x20 [ 2079.955953] kmem_cache_alloc_bulk+0x4b/0x320 [ 2079.956640] io_submit_sqes+0x7099/0x86e0 [ 2079.957220] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2079.957920] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2079.958619] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2079.959349] ? lock_downgrade+0x6d0/0x6d0 [ 2079.959940] ? find_held_lock+0x2c/0x110 [ 2079.960498] ? io_submit_sqes+0x86e0/0x86e0 [ 2079.961097] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2079.961765] ? wait_for_completion_io+0x270/0x270 [ 2079.962453] ? rcu_read_lock_any_held+0x75/0xa0 [ 2079.963101] ? vfs_write+0x354/0xa70 [ 2079.963664] ? fput_many+0x2f/0x1a0 [ 2079.964166] ? ksys_write+0x1a9/0x260 [ 2079.964723] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.965469] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.966212] do_syscall_64+0x33/0x40 [ 2079.966748] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2079.967505] RIP: 0033:0x7f248b5b2b19 [ 2079.968029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.970515] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2079.971586] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2079.972542] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2079.973471] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.974407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2079.975359] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2079.976325] CPU: 1 PID: 10987 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2079.977368] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.978511] Call Trace: [ 2079.978905] dump_stack+0x107/0x167 [ 2079.979483] should_fail.cold+0x5/0xa [ 2079.980009] ? create_object.isra.0+0x3a/0xa20 [ 2079.980707] should_failslab+0x5/0x20 [ 2079.981240] kmem_cache_alloc+0x5b/0x360 [ 2079.981800] ? mark_held_locks+0x9e/0xe0 [ 2079.982413] create_object.isra.0+0x3a/0xa20 [ 2079.983027] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2079.983782] kmem_cache_alloc_bulk+0x168/0x320 [ 2079.984502] io_submit_sqes+0x7099/0x86e0 [ 2079.985097] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2079.985825] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2079.986500] ? lock_downgrade+0x6d0/0x6d0 [ 2079.987086] ? find_held_lock+0x2c/0x110 [ 2079.987729] ? io_submit_sqes+0x86e0/0x86e0 [ 2079.988362] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2079.989088] ? wait_for_completion_io+0x270/0x270 [ 2079.989768] ? rcu_read_lock_any_held+0x75/0xa0 [ 2079.990402] ? vfs_write+0x354/0xa70 [ 2079.990916] ? fput_many+0x2f/0x1a0 [ 2079.991460] ? ksys_write+0x1a9/0x260 [ 2079.991997] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.992774] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.993507] do_syscall_64+0x33/0x40 [ 2079.994041] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2079.994766] RIP: 0033:0x7f30d6b2fb19 [ 2079.995344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.997987] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2079.999110] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2080.000179] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2080.001271] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2080.002267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2080.003313] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:57:33 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x11, 0x0, 0x0, 0x0) 08:57:33 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x1, 0x3, 0x1, 0x2d8, 0x2, 0x3, 0x8, 0x8d, 0x40, 0x321, 0x0, 0x9, 0x38, 0x2, 0xffff, 0x3, 0x400}, [{0x6, 0x957f, 0x3, 0x9, 0x8, 0xffff, 0x6, 0x1}], "383319f997828e89933251fd339b3917e58d2985b82a28dda187ad9ac5392b35b31389c7ea74d62da2db4271073bc41877f036a2766c4b277d121a88f37cacb7ea47d939a98e1df851e0ef0638750b91bc1663ae8cfada1ac9392158dcb88c1ea4dcab349780f85c846141b35c88054163b3cc2f0067860ba4f343c239e2c6637b1bda46fe9ee09077b29c2cbdd0a48d6819c0fb454d32184b62ed13fd231dafac79446c6cc2afc29b982e0f6be9cf4005a0e3652c33d87a5f73785f3c8a55dcab76c59f6bc1c68774d2f4b17b5f4f0a03069f2d893027c17b300fc45f13dd7e7e53", ['\x00', '\x00', '\x00']}, 0x45a) 08:57:33 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:33 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x300, 0x0, 0x0) 08:57:33 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:33 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:33 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x12, 0x0, 0x0, 0x0) 08:57:33 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000140)=""/130, 0x82}, {&(0x7f0000000240)=""/43, 0x2b}], 0x2, &(0x7f0000000300)=""/24, 0x18}, 0xf}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/219, 0xdb}], 0x1, &(0x7f0000000500)=""/170, 0xaa}, 0x5}, {{&(0x7f00000005c0)=@sco, 0x80, &(0x7f0000000980)=[{&(0x7f0000000640)=""/135, 0x87}, {&(0x7f0000000700)=""/49, 0x31}, {&(0x7f0000000740)=""/190, 0xbe}, {&(0x7f0000000800)=""/15, 0xf}, {&(0x7f0000000840)=""/35, 0x23}, {&(0x7f0000000880)=""/83, 0x53}, {&(0x7f0000000900)=""/123, 0x7b}], 0x7, &(0x7f0000000a00)}, 0xcad}], 0x3, 0x8101, &(0x7f0000000b00)) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:57:33 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:57:33 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 08:57:33 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2080.276660] FAULT_INJECTION: forcing a failure. [ 2080.276660] name failslab, interval 1, probability 0, space 0, times 0 [ 2080.278328] CPU: 0 PID: 11024 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2080.279283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2080.280382] Call Trace: [ 2080.280739] dump_stack+0x107/0x167 [ 2080.281215] should_fail.cold+0x5/0xa [ 2080.281713] should_failslab+0x5/0x20 [ 2080.282232] kmem_cache_alloc_bulk+0x4b/0x320 [ 2080.282851] io_submit_sqes+0x7099/0x86e0 [ 2080.283456] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2080.284126] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2080.284759] ? lock_downgrade+0x6d0/0x6d0 [ 2080.285311] ? find_held_lock+0x2c/0x110 [ 2080.285853] ? io_submit_sqes+0x86e0/0x86e0 [ 2080.286426] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2080.287094] ? wait_for_completion_io+0x270/0x270 [ 2080.287746] ? rcu_read_lock_any_held+0x75/0xa0 [ 2080.288350] ? vfs_write+0x354/0xa70 [ 2080.288834] ? fput_many+0x2f/0x1a0 [ 2080.289311] ? ksys_write+0x1a9/0x260 [ 2080.289813] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2080.290499] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2080.291234] do_syscall_64+0x33/0x40 [ 2080.291727] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2080.292405] RIP: 0033:0x7f04fc2c5b19 [ 2080.292890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2080.295321] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2080.296335] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2080.297251] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2080.298147] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2080.299041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2080.300010] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2080.376390] FAULT_INJECTION: forcing a failure. [ 2080.376390] name failslab, interval 1, probability 0, space 0, times 0 [ 2080.378362] CPU: 1 PID: 11035 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2080.379355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2080.380457] Call Trace: [ 2080.380813] dump_stack+0x107/0x167 [ 2080.381306] should_fail.cold+0x5/0xa [ 2080.381832] ? create_object.isra.0+0x3a/0xa20 [ 2080.382463] should_failslab+0x5/0x20 [ 2080.382977] kmem_cache_alloc+0x5b/0x360 [ 2080.383589] ? mark_held_locks+0x9e/0xe0 [ 2080.384140] create_object.isra.0+0x3a/0xa20 [ 2080.384730] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2080.385406] kmem_cache_alloc_bulk+0x168/0x320 [ 2080.386021] io_submit_sqes+0x7099/0x86e0 [ 2080.386605] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2080.387333] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2080.388004] ? lock_downgrade+0x6d0/0x6d0 [ 2080.388579] ? find_held_lock+0x2c/0x110 [ 2080.389150] ? io_submit_sqes+0x86e0/0x86e0 [ 2080.389755] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2080.390432] ? wait_for_completion_io+0x270/0x270 [ 2080.391098] ? rcu_read_lock_any_held+0x75/0xa0 [ 2080.391763] ? vfs_write+0x354/0xa70 [ 2080.392276] ? fput_many+0x2f/0x1a0 [ 2080.392778] ? ksys_write+0x1a9/0x260 [ 2080.393335] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2080.394057] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2080.394820] do_syscall_64+0x33/0x40 [ 2080.395395] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2080.396117] RIP: 0033:0x7f30d6b2fb19 [ 2080.396650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2080.399195] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2080.400309] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2080.401321] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2080.402322] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2080.403370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2080.404371] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:57:48 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0) 08:57:48 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:57:48 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:48 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:48 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:48 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:57:48 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x13, 0x0, 0x0, 0x0) 08:57:48 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffff8}}, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r0, r1, 0x0) close(r0) r2 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r2, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r2, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 2095.764208] FAULT_INJECTION: forcing a failure. [ 2095.764208] name failslab, interval 1, probability 0, space 0, times 0 [ 2095.766557] CPU: 1 PID: 11051 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2095.767963] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.769587] Call Trace: [ 2095.770126] dump_stack+0x107/0x167 [ 2095.770859] should_fail.cold+0x5/0xa [ 2095.771644] ? create_object.isra.0+0x3a/0xa20 [ 2095.772550] should_failslab+0x5/0x20 [ 2095.772608] FAULT_INJECTION: forcing a failure. [ 2095.772608] name failslab, interval 1, probability 0, space 0, times 0 [ 2095.773311] kmem_cache_alloc+0x5b/0x360 [ 2095.773332] ? mark_held_locks+0x9e/0xe0 [ 2095.773356] create_object.isra.0+0x3a/0xa20 [ 2095.773376] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2095.773402] kmem_cache_alloc_bulk+0x168/0x320 [ 2095.779938] io_submit_sqes+0x7099/0x86e0 [ 2095.780816] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2095.781797] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2095.782793] ? lock_downgrade+0x6d0/0x6d0 [ 2095.783625] ? find_held_lock+0x2c/0x110 [ 2095.784453] ? io_submit_sqes+0x86e0/0x86e0 [ 2095.785338] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2095.786322] ? wait_for_completion_io+0x270/0x270 [ 2095.787308] ? rcu_read_lock_any_held+0x75/0xa0 [ 2095.788259] ? vfs_write+0x354/0xa70 [ 2095.789015] ? fput_many+0x2f/0x1a0 [ 2095.789751] ? ksys_write+0x1a9/0x260 [ 2095.790534] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.791605] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.792657] do_syscall_64+0x33/0x40 [ 2095.793413] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2095.794447] RIP: 0033:0x7f04fc2c5b19 [ 2095.795199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.798917] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2095.800460] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2095.801897] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2095.803334] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2095.804784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2095.806218] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2095.807710] CPU: 0 PID: 11048 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2095.809105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.810770] Call Trace: [ 2095.811302] dump_stack+0x107/0x167 [ 2095.812064] should_fail.cold+0x5/0xa [ 2095.812828] ? create_object.isra.0+0x3a/0xa20 [ 2095.813574] FAULT_INJECTION: forcing a failure. [ 2095.813574] name failslab, interval 1, probability 0, space 0, times 0 [ 2095.813743] ? create_object.isra.0+0x3a/0xa20 [ 2095.813765] should_failslab+0x5/0x20 [ 2095.813783] kmem_cache_alloc+0x5b/0x360 [ 2095.813809] create_object.isra.0+0x3a/0xa20 [ 2095.819335] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2095.820370] kmem_cache_alloc_bulk+0x168/0x320 [ 2095.821298] io_submit_sqes+0x7099/0x86e0 [ 2095.822136] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2095.823134] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2095.824163] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2095.825137] ? lock_downgrade+0x6d0/0x6d0 [ 2095.825967] ? find_held_lock+0x2c/0x110 [ 2095.826791] ? io_submit_sqes+0x86e0/0x86e0 [ 2095.827685] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2095.828660] ? wait_for_completion_io+0x270/0x270 [ 2095.829635] ? rcu_read_lock_any_held+0x75/0xa0 [ 2095.830567] ? vfs_write+0x354/0xa70 [ 2095.831324] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 2095.832271] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 2095.833380] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.834433] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.835486] do_syscall_64+0x33/0x40 [ 2095.836243] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2095.837272] RIP: 0033:0x7f248b5b2b19 [ 2095.838019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.841712] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2095.843236] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2095.844679] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2095.846106] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2095.847550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2095.848981] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2095.850445] CPU: 1 PID: 11054 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2095.851860] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.853548] Call Trace: [ 2095.854081] dump_stack+0x107/0x167 [ 2095.854824] should_fail.cold+0x5/0xa [ 2095.855610] ? create_object.isra.0+0x3a/0xa20 [ 2095.856537] should_failslab+0x5/0x20 [ 2095.857308] kmem_cache_alloc+0x5b/0x360 [ 2095.858134] ? mark_held_locks+0x9e/0xe0 [ 2095.858965] create_object.isra.0+0x3a/0xa20 [ 2095.859877] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2095.860906] kmem_cache_alloc_bulk+0x168/0x320 [ 2095.861837] io_submit_sqes+0x7099/0x86e0 [ 2095.862716] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2095.863732] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2095.864708] ? lock_downgrade+0x6d0/0x6d0 [ 2095.865545] ? find_held_lock+0x2c/0x110 [ 2095.866372] ? io_submit_sqes+0x86e0/0x86e0 [ 2095.867270] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2095.868262] ? wait_for_completion_io+0x270/0x270 [ 2095.869237] ? rcu_read_lock_any_held+0x75/0xa0 [ 2095.870170] ? vfs_write+0x354/0xa70 [ 2095.870925] ? fput_many+0x2f/0x1a0 [ 2095.871671] ? ksys_write+0x1a9/0x260 [ 2095.872450] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.873502] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.874552] do_syscall_64+0x33/0x40 [ 2095.875308] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2095.876333] RIP: 0033:0x7f30d6b2fb19 [ 2095.877083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.880798] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2095.882328] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2095.883777] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2095.885219] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2095.886660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2095.888108] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:57:49 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x14, 0x0, 0x0, 0x0) 08:57:49 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0) 08:57:49 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:49 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) io_uring_enter(r2, 0x23c2, 0x7b43, 0x3, &(0x7f0000000300)={[0xfffffffffffffff7]}, 0x8) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0100001a0001000000000000000000ff020000000000000000000000000001b11414bb0000000000000000000000000000000000000000000000000000000045dcc0b96a9ac198eec17f8e261f962d6a093ce1137760e0984992aea3a2b588657867658d39ca517b884dbabb83a58fe81be1a02e560f062d13369eaaf576271e5528a58b95f20d8d05cee1c7ab73ff68b5c70c66ae5287f0edca8535a5f413e98799d40fd3940b5d85a66d57fd30b7e0f37cdd1f8aa2bce8fe12693d477151bc02e806d3d1c81b691a4260e2df1d9acfa03510a94a10af7e61235247197bf0ff415c644b6a5ee808c4136daa2614a3500111d061070354b790a7bc499a3f89d0d1a1c52d119a51d710e91bfff04438c84a149c63732ee39d7381ce02a8c9d41d21286089c807c3fa6563f267b9551992f56ad60e84bfe4ad18fc1bc7e916133404833f7bbecdf1b334fd9c8122105bc4be69347deffd1dcf9fab64d3e50f1d19124304", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="e000000100000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000004c001400736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000"], 0x13c}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r5, r6, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x3, 0x80, 0x0, 0x1, 0x1, 0x9, 0x0, 0x7fff, 0x2900, 0x5, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_config_ext={0x3, 0x7f}, 0x240, 0x3, 0x2, 0x4, 0x10000, 0x67, 0x800, 0x0, 0xffffff91, 0x0, 0x5}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index, 0x4, &(0x7f0000000000)=[{&(0x7f0000000180)=""/105, 0x69}], 0x1, 0x11, 0x1, {0x0, r8}}, 0x1f) syz_io_uring_submit(r4, r1, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r6, 0x0, 0x0, 0x0, {0x24}, 0x0, {0x0, r8}}, 0x5e2e) [ 2096.109146] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.2'. 08:57:49 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x15, 0x0, 0x0, 0x0) 08:57:49 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:57:49 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x3000000, 0x0, 0x0) 08:57:49 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2096.272188] FAULT_INJECTION: forcing a failure. [ 2096.272188] name failslab, interval 1, probability 0, space 0, times 0 [ 2096.275175] CPU: 1 PID: 11084 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2096.276612] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2096.278270] Call Trace: [ 2096.278814] dump_stack+0x107/0x167 [ 2096.279592] should_fail.cold+0x5/0xa [ 2096.280371] ? create_object.isra.0+0x3a/0xa20 [ 2096.281304] ? create_object.isra.0+0x3a/0xa20 [ 2096.282224] should_failslab+0x5/0x20 [ 2096.283018] kmem_cache_alloc+0x5b/0x360 [ 2096.283831] create_object.isra.0+0x3a/0xa20 [ 2096.284731] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2096.285743] kmem_cache_alloc_bulk+0x168/0x320 [ 2096.286698] io_submit_sqes+0x7099/0x86e0 [ 2096.287574] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2096.288592] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2096.289551] ? lock_downgrade+0x6d0/0x6d0 [ 2096.290399] ? find_held_lock+0x2c/0x110 [ 2096.291210] ? io_submit_sqes+0x86e0/0x86e0 [ 2096.292115] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2096.293083] ? wait_for_completion_io+0x270/0x270 [ 2096.294085] ? rcu_read_lock_any_held+0x75/0xa0 [ 2096.294992] ? vfs_write+0x354/0xa70 [ 2096.295778] ? fput_many+0x2f/0x1a0 [ 2096.296503] ? ksys_write+0x1a9/0x260 [ 2096.297296] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2096.298343] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2096.299429] do_syscall_64+0x33/0x40 [ 2096.300179] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2096.301230] RIP: 0033:0x7f04fc2c5b19 [ 2096.301967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2096.305740] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2096.307295] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2096.308761] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2096.310210] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2096.311684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2096.312662] FAULT_INJECTION: forcing a failure. [ 2096.312662] name failslab, interval 1, probability 0, space 0, times 0 [ 2096.313139] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2096.317717] CPU: 0 PID: 11094 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2096.319095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2096.320745] Call Trace: [ 2096.321272] dump_stack+0x107/0x167 [ 2096.322005] should_fail.cold+0x5/0xa [ 2096.322763] ? create_object.isra.0+0x3a/0xa20 [ 2096.323693] should_failslab+0x5/0x20 [ 2096.324458] kmem_cache_alloc+0x5b/0x360 [ 2096.325251] ? mark_held_locks+0x9e/0xe0 [ 2096.326060] create_object.isra.0+0x3a/0xa20 [ 2096.326939] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2096.327975] kmem_cache_alloc_bulk+0x168/0x320 [ 2096.328895] io_submit_sqes+0x7099/0x86e0 [ 2096.329769] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2096.330772] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2096.331768] ? lock_downgrade+0x6d0/0x6d0 [ 2096.332580] ? find_held_lock+0x2c/0x110 [ 2096.333406] ? io_submit_sqes+0x86e0/0x86e0 [ 2096.334284] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2096.335268] ? wait_for_completion_io+0x270/0x270 [ 2096.336237] ? rcu_read_lock_any_held+0x75/0xa0 [ 2096.337161] ? vfs_write+0x354/0xa70 [ 2096.337897] ? fput_many+0x2f/0x1a0 [ 2096.338624] ? ksys_write+0x1a9/0x260 [ 2096.339389] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2096.340453] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2096.341471] do_syscall_64+0x33/0x40 [ 2096.342220] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2096.343236] RIP: 0033:0x7f30d6b2fb19 [ 2096.343994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2096.347727] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2096.349259] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2096.350715] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2096.352184] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2096.353627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2096.355064] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:57:49 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x16, 0x0, 0x0, 0x0) 08:58:05 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:58:05 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 08:58:05 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:05 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:05 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x17, 0x0, 0x0, 0x0) 08:58:05 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:58:05 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x80, 0x1, 0x3, 0x61, 0x0, 0x9, 0x17088, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x80000000, 0xf79c, 0x1, 0x80000001, 0x6, 0x5, 0x0, 0x12d, 0x0, 0x9}, 0x0, 0x10, 0xffffffffffffffff, 0x4) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:58:05 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2112.624221] FAULT_INJECTION: forcing a failure. [ 2112.624221] name failslab, interval 1, probability 0, space 0, times 0 [ 2112.626095] CPU: 1 PID: 11117 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2112.627059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2112.628265] Call Trace: [ 2112.628640] dump_stack+0x107/0x167 [ 2112.629157] should_fail.cold+0x5/0xa [ 2112.629701] should_failslab+0x5/0x20 [ 2112.630234] kmem_cache_alloc_bulk+0x4b/0x320 [ 2112.630849] io_submit_sqes+0x7099/0x86e0 [ 2112.631431] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.632143] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.632843] ? lock_downgrade+0x6d0/0x6d0 [ 2112.633422] ? find_held_lock+0x2c/0x110 [ 2112.633977] ? io_submit_sqes+0x86e0/0x86e0 [ 2112.634575] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2112.635266] ? wait_for_completion_io+0x270/0x270 [ 2112.635985] ? rcu_read_lock_any_held+0x75/0xa0 [ 2112.636638] ? vfs_write+0x354/0xa70 [ 2112.637142] ? fput_many+0x2f/0x1a0 [ 2112.637629] ? ksys_write+0x1a9/0x260 [ 2112.638171] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2112.638718] FAULT_INJECTION: forcing a failure. [ 2112.638718] name failslab, interval 1, probability 0, space 0, times 0 [ 2112.638897] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2112.638930] do_syscall_64+0x33/0x40 [ 2112.641768] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2112.642523] RIP: 0033:0x7f30d6b2fb19 [ 2112.643085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.645848] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2112.646966] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2112.647987] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2112.649017] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.650058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2112.651088] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2112.652217] CPU: 0 PID: 11121 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2112.653207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2112.654328] Call Trace: [ 2112.654688] dump_stack+0x107/0x167 [ 2112.655192] should_fail.cold+0x5/0xa [ 2112.655718] ? create_object.isra.0+0x3a/0xa20 [ 2112.656343] should_failslab+0x5/0x20 [ 2112.656845] kmem_cache_alloc+0x5b/0x360 [ 2112.657424] ? mark_held_locks+0x9e/0xe0 [ 2112.657972] create_object.isra.0+0x3a/0xa20 [ 2112.658551] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2112.659250] kmem_cache_alloc_bulk+0x168/0x320 [ 2112.659906] io_submit_sqes+0x7099/0x86e0 [ 2112.660468] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2112.661146] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.661801] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.662487] ? lock_downgrade+0x6d0/0x6d0 [ 2112.663031] ? find_held_lock+0x2c/0x110 [ 2112.663569] ? io_submit_sqes+0x86e0/0x86e0 [ 2112.664189] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2112.664831] ? wait_for_completion_io+0x270/0x270 [ 2112.665504] ? rcu_read_lock_any_held+0x75/0xa0 [ 2112.666115] ? vfs_write+0x354/0xa70 [ 2112.666606] ? fput_many+0x2f/0x1a0 [ 2112.667146] ? ksys_write+0x1a9/0x260 [ 2112.667727] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2112.668515] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2112.669309] do_syscall_64+0x33/0x40 [ 2112.669838] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2112.670581] RIP: 0033:0x7f248b5b2b19 [ 2112.671108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.673669] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2112.674698] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2112.675667] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2112.676617] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.677602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2112.678552] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 08:58:05 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:58:05 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x7ffffffff000, 0x0, 0x0) [ 2112.717365] FAULT_INJECTION: forcing a failure. [ 2112.717365] name failslab, interval 1, probability 0, space 0, times 0 [ 2112.718974] CPU: 1 PID: 11120 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2112.719930] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2112.721063] Call Trace: [ 2112.721438] dump_stack+0x107/0x167 [ 2112.721925] should_fail.cold+0x5/0xa [ 2112.722451] ? create_object.isra.0+0x3a/0xa20 [ 2112.723108] should_failslab+0x5/0x20 [ 2112.723723] kmem_cache_alloc+0x5b/0x360 [ 2112.724345] ? mark_held_locks+0x9e/0xe0 [ 2112.724872] create_object.isra.0+0x3a/0xa20 [ 2112.725522] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2112.726217] kmem_cache_alloc_bulk+0x168/0x320 [ 2112.726842] io_submit_sqes+0x7099/0x86e0 [ 2112.727447] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.728224] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.728959] ? lock_downgrade+0x6d0/0x6d0 [ 2112.729534] ? find_held_lock+0x2c/0x110 [ 2112.730127] ? io_submit_sqes+0x86e0/0x86e0 [ 2112.730723] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2112.731432] ? wait_for_completion_io+0x270/0x270 [ 2112.732139] ? rcu_read_lock_any_held+0x75/0xa0 [ 2112.732769] ? vfs_write+0x354/0xa70 [ 2112.733317] ? fput_many+0x2f/0x1a0 [ 2112.733818] ? ksys_write+0x1a9/0x260 [ 2112.734336] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2112.735041] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2112.735773] do_syscall_64+0x33/0x40 [ 2112.736318] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2112.737029] RIP: 0033:0x7f04fc2c5b19 [ 2112.737535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.740077] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2112.741104] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2112.742078] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2112.743026] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.744033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2112.745035] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:58:05 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x18, 0x0, 0x0, 0x0) 08:58:06 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x0, 0x3}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) chmod(&(0x7f0000000000)='./file0\x00', 0x82) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:58:06 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:06 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2112.868125] FAULT_INJECTION: forcing a failure. [ 2112.868125] name failslab, interval 1, probability 0, space 0, times 0 [ 2112.869975] CPU: 0 PID: 11134 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2112.870975] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2112.872188] Call Trace: [ 2112.872576] dump_stack+0x107/0x167 [ 2112.873109] should_fail.cold+0x5/0xa [ 2112.873642] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2112.874401] should_failslab+0x5/0x20 [ 2112.874937] __kmalloc_node+0x76/0x350 [ 2112.875501] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2112.876235] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 2112.876953] ? trace_hardirqs_on+0x5b/0x180 [ 2112.877566] kmem_cache_alloc_bulk+0x182/0x320 [ 2112.878219] io_submit_sqes+0x7099/0x86e0 [ 2112.878840] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.879503] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.880190] ? lock_downgrade+0x6d0/0x6d0 [ 2112.880741] ? find_held_lock+0x2c/0x110 [ 2112.881307] ? io_submit_sqes+0x86e0/0x86e0 [ 2112.881908] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2112.882601] ? wait_for_completion_io+0x270/0x270 [ 2112.883255] ? rcu_read_lock_any_held+0x75/0xa0 [ 2112.883925] ? vfs_write+0x354/0xa70 [ 2112.884454] ? fput_many+0x2f/0x1a0 [ 2112.884950] ? ksys_write+0x1a9/0x260 [ 2112.885471] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2112.886158] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2112.886851] do_syscall_64+0x33/0x40 [ 2112.887341] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2112.888065] RIP: 0033:0x7f30d6b2fb19 [ 2112.888622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.891199] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2112.892295] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2112.893221] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2112.894144] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.895101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2112.896093] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2112.934615] FAULT_INJECTION: forcing a failure. [ 2112.934615] name failslab, interval 1, probability 0, space 0, times 0 [ 2112.936423] CPU: 0 PID: 11142 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2112.937173] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2112.938072] Call Trace: [ 2112.938361] dump_stack+0x107/0x167 [ 2112.938794] should_fail.cold+0x5/0xa [ 2112.939212] ? create_object.isra.0+0x3a/0xa20 [ 2112.939735] should_failslab+0x5/0x20 [ 2112.940149] kmem_cache_alloc+0x5b/0x360 [ 2112.940598] ? mark_held_locks+0x9e/0xe0 [ 2112.941043] create_object.isra.0+0x3a/0xa20 [ 2112.941517] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2112.942068] kmem_cache_alloc_bulk+0x168/0x320 [ 2112.942562] io_submit_sqes+0x7099/0x86e0 [ 2112.943031] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.943565] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2112.944231] ? lock_downgrade+0x6d0/0x6d0 [ 2112.944800] ? find_held_lock+0x2c/0x110 [ 2112.945339] ? io_submit_sqes+0x86e0/0x86e0 [ 2112.945945] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2112.946598] ? wait_for_completion_io+0x270/0x270 [ 2112.947236] ? rcu_read_lock_any_held+0x75/0xa0 [ 2112.947922] ? vfs_write+0x354/0xa70 [ 2112.948443] ? fput_many+0x2f/0x1a0 [ 2112.948979] ? ksys_write+0x1a9/0x260 [ 2112.949502] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2112.950206] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2112.950907] do_syscall_64+0x33/0x40 [ 2112.951397] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2112.952097] RIP: 0033:0x7f04fc2c5b19 [ 2112.952596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.955061] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2112.956063] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2112.957029] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2112.958004] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.958941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2112.959898] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:58:20 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:58:20 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0) 08:58:20 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:58:20 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:20 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:20 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:20 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:58:20 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x19, 0x0, 0x0, 0x0) [ 2127.131578] FAULT_INJECTION: forcing a failure. [ 2127.131578] name failslab, interval 1, probability 0, space 0, times 0 [ 2127.133396] CPU: 1 PID: 11158 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2127.134282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2127.135493] Call Trace: [ 2127.135906] dump_stack+0x107/0x167 [ 2127.136388] should_fail.cold+0x5/0xa [ 2127.136880] ? create_object.isra.0+0x3a/0xa20 [ 2127.137468] should_failslab+0x5/0x20 [ 2127.137962] kmem_cache_alloc+0x5b/0x360 [ 2127.138497] ? mark_held_locks+0x9e/0xe0 [ 2127.139039] create_object.isra.0+0x3a/0xa20 [ 2127.139631] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2127.140353] kmem_cache_alloc_bulk+0x168/0x320 [ 2127.140972] io_submit_sqes+0x7099/0x86e0 [ 2127.141511] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2127.142173] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.142839] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.143253] FAULT_INJECTION: forcing a failure. [ 2127.143253] name failslab, interval 1, probability 0, space 0, times 0 [ 2127.143469] ? lock_downgrade+0x6d0/0x6d0 [ 2127.145563] ? find_held_lock+0x2c/0x110 [ 2127.146122] ? io_submit_sqes+0x86e0/0x86e0 [ 2127.146699] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2127.147368] ? wait_for_completion_io+0x270/0x270 [ 2127.148078] ? rcu_read_lock_any_held+0x75/0xa0 [ 2127.148692] ? vfs_write+0x354/0xa70 [ 2127.149196] ? fput_many+0x2f/0x1a0 [ 2127.149682] ? ksys_write+0x1a9/0x260 [ 2127.150207] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2127.150902] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2127.151593] do_syscall_64+0x33/0x40 [ 2127.152122] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2127.152795] RIP: 0033:0x7f248b5b2b19 [ 2127.153303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2127.155797] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2127.156833] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2127.157748] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2127.158649] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2127.159552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2127.160495] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2127.161449] CPU: 0 PID: 11161 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2127.162468] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2127.163659] Call Trace: [ 2127.164085] dump_stack+0x107/0x167 [ 2127.164619] should_fail.cold+0x5/0xa [ 2127.165152] ? create_object.isra.0+0x3a/0xa20 [ 2127.165805] should_failslab+0x5/0x20 [ 2127.166348] kmem_cache_alloc+0x5b/0x360 [ 2127.166888] ? mark_held_locks+0x9e/0xe0 [ 2127.167451] create_object.isra.0+0x3a/0xa20 [ 2127.168124] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2127.168867] kmem_cache_alloc_bulk+0x168/0x320 [ 2127.169541] io_submit_sqes+0x7099/0x86e0 [ 2127.170130] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.170796] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.171495] ? lock_downgrade+0x6d0/0x6d0 [ 2127.172121] ? find_held_lock+0x2c/0x110 [ 2127.172644] ? io_submit_sqes+0x86e0/0x86e0 [ 2127.173231] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2127.173893] ? wait_for_completion_io+0x270/0x270 [ 2127.174558] ? rcu_read_lock_any_held+0x75/0xa0 [ 2127.175218] ? vfs_write+0x354/0xa70 [ 2127.175730] ? fput_many+0x2f/0x1a0 [ 2127.176277] ? ksys_write+0x1a9/0x260 [ 2127.176790] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2127.177478] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2127.178181] do_syscall_64+0x33/0x40 [ 2127.178688] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2127.179381] RIP: 0033:0x7f04fc2c5b19 [ 2127.179920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2127.181302] FAULT_INJECTION: forcing a failure. [ 2127.181302] name failslab, interval 1, probability 0, space 0, times 0 [ 2127.182517] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2127.182537] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2127.182546] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2127.182553] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2127.182571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2127.189016] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2127.190067] CPU: 1 PID: 11167 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2127.191076] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2127.192271] Call Trace: [ 2127.192624] dump_stack+0x107/0x167 [ 2127.193094] should_fail.cold+0x5/0xa [ 2127.193652] ? create_object.isra.0+0x3a/0xa20 [ 2127.194351] should_failslab+0x5/0x20 [ 2127.194837] kmem_cache_alloc+0x5b/0x360 [ 2127.195366] ? mark_held_locks+0x9e/0xe0 [ 2127.195912] create_object.isra.0+0x3a/0xa20 [ 2127.196502] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2127.197179] kmem_cache_alloc_bulk+0x168/0x320 [ 2127.197781] io_submit_sqes+0x7099/0x86e0 [ 2127.198342] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.198975] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.199630] ? lock_downgrade+0x6d0/0x6d0 [ 2127.200214] ? find_held_lock+0x2c/0x110 [ 2127.200761] ? io_submit_sqes+0x86e0/0x86e0 [ 2127.201378] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2127.202040] ? wait_for_completion_io+0x270/0x270 [ 2127.202688] ? rcu_read_lock_any_held+0x75/0xa0 [ 2127.203311] ? vfs_write+0x354/0xa70 [ 2127.203810] ? fput_many+0x2f/0x1a0 [ 2127.204329] ? ksys_write+0x1a9/0x260 [ 2127.204843] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2127.205547] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2127.206247] do_syscall_64+0x33/0x40 [ 2127.206761] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2127.207441] RIP: 0033:0x7f30d6b2fb19 [ 2127.207991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2127.210401] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2127.211414] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2127.212391] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2127.213337] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2127.214318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2127.215267] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:58:20 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1a, 0x0, 0x0, 0x0) 08:58:20 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xf0ffffff7f0000, 0x0, 0x0) 08:58:20 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:20 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) r2 = perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x7f, 0x4, 0x7, 0x1, 0x0, 0x2, 0x40009, 0xa, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x4}, 0x84, 0x7, 0x1f, 0x9, 0xff, 0x0, 0x1, 0x0, 0x9, 0x0, 0x2}, r1, 0x0, r0, 0x2) syz_io_uring_setup(0x65dd, &(0x7f0000000300)={0x0, 0x3347, 0x20, 0x1, 0x2aa}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380)=0x0, &(0x7f00000003c0)) r4 = signalfd4(r0, &(0x7f0000000680)={[0x2]}, 0x8, 0x0) perf_event_open(&(0x7f0000000600)={0x4, 0x80, 0x1, 0x81, 0x1, 0x4, 0x0, 0x10000, 0x11047, 0x8, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x800, 0xffffffffffffffc1}, 0x0, 0x6920, 0x22, 0x2, 0xffffffff, 0x7e2e, 0x8, 0x0, 0x80000000, 0x0, 0x1f}, 0xffffffffffffffff, 0xf, r4, 0xa) syz_io_uring_submit(r3, 0x0, &(0x7f0000000400)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x8001) r5 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r5, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r5, 0x8000000) r9 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r9, r10, 0x0) syz_io_uring_submit(r8, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x1, 0x0, r10, 0x0, &(0x7f0000000500)="b0675cbb92fd57589534533168819702c7bd8cf01586a314f191881c2aa1a220cfa22b57ced12401bf8939c54bc615c2b22775bcfc846780e39a242ad0abfb1dd7d13a193f89cd59e555a710a435e9ec5daf814fdf889cf0cedda23507638855cc5353ec3a0f4408be74d608303b0203f90c65ea3370eda4dfe5aaa5c18e50c209c84ca54d8df291081d6e2166b8d0f4e25d2bd3e0a68ba44e05287ae4e999ce06307cb9033e4085fc414642217faa3402a762b43b8baec0929bded660bbcd7665bbe47f563c28ffa0e06977aefacdf07c44f73148c2ded4fc8bdffd884380", 0xdf, 0x62, 0x1}, 0xfc) io_uring_enter(r5, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r2, 0x8983, &(0x7f0000000440)) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x989680}, 0x1, 0x1, 0x0, {0x0, r11}}, 0xfff) 08:58:20 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1b, 0x0, 0x0, 0x0) 08:58:20 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:20 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x300000000000000, 0x0, 0x0) 08:58:20 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:58:20 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2127.528559] FAULT_INJECTION: forcing a failure. [ 2127.528559] name failslab, interval 1, probability 0, space 0, times 0 [ 2127.530641] CPU: 1 PID: 11198 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2127.531632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2127.532763] Call Trace: [ 2127.533148] dump_stack+0x107/0x167 [ 2127.533671] should_fail.cold+0x5/0xa [ 2127.534208] ? create_object.isra.0+0x3a/0xa20 [ 2127.534830] should_failslab+0x5/0x20 [ 2127.535364] kmem_cache_alloc+0x5b/0x360 [ 2127.535962] ? mark_held_locks+0x9e/0xe0 [ 2127.536519] create_object.isra.0+0x3a/0xa20 [ 2127.537114] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2127.537840] kmem_cache_alloc_bulk+0x168/0x320 [ 2127.538473] io_submit_sqes+0x7099/0x86e0 [ 2127.539075] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.539797] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.540489] ? lock_downgrade+0x6d0/0x6d0 [ 2127.541070] ? find_held_lock+0x2c/0x110 [ 2127.541637] ? io_submit_sqes+0x86e0/0x86e0 [ 2127.542245] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2127.542915] ? wait_for_completion_io+0x270/0x270 [ 2127.543582] ? rcu_read_lock_any_held+0x75/0xa0 [ 2127.544258] ? vfs_write+0x354/0xa70 [ 2127.544775] ? fput_many+0x2f/0x1a0 [ 2127.545274] ? ksys_write+0x1a9/0x260 [ 2127.545803] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2127.546512] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2127.547210] do_syscall_64+0x33/0x40 [ 2127.547712] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2127.548430] RIP: 0033:0x7f30d6b2fb19 [ 2127.548932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2127.551383] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2127.552423] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2127.553386] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2127.554007] FAULT_INJECTION: forcing a failure. [ 2127.554007] name failslab, interval 1, probability 0, space 0, times 0 [ 2127.554340] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2127.554349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2127.554357] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2127.558069] CPU: 0 PID: 11201 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2127.558818] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2127.559706] Call Trace: [ 2127.560021] dump_stack+0x107/0x167 [ 2127.560416] should_fail.cold+0x5/0xa [ 2127.560832] ? create_object.isra.0+0x3a/0xa20 [ 2127.561331] should_failslab+0x5/0x20 [ 2127.561762] kmem_cache_alloc+0x5b/0x360 [ 2127.562201] ? mark_held_locks+0x9e/0xe0 [ 2127.562639] create_object.isra.0+0x3a/0xa20 [ 2127.563110] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2127.563665] kmem_cache_alloc_bulk+0x168/0x320 [ 2127.564178] io_submit_sqes+0x7099/0x86e0 [ 2127.564639] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.565191] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2127.565704] ? lock_downgrade+0x6d0/0x6d0 [ 2127.566144] ? find_held_lock+0x2c/0x110 [ 2127.566576] ? io_submit_sqes+0x86e0/0x86e0 [ 2127.567047] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2127.567561] ? wait_for_completion_io+0x270/0x270 [ 2127.568101] ? rcu_read_lock_any_held+0x75/0xa0 [ 2127.568594] ? vfs_write+0x354/0xa70 [ 2127.568991] ? fput_many+0x2f/0x1a0 [ 2127.569383] ? ksys_write+0x1a9/0x260 [ 2127.569794] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2127.570372] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2127.570930] do_syscall_64+0x33/0x40 [ 2127.571335] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2127.571907] RIP: 0033:0x7f04fc2c5b19 [ 2127.572308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2127.574267] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2127.575074] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2127.575825] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2127.576604] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2127.577362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2127.578117] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:58:36 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:58:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x4, &(0x7f0000000740), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0}}, 0x0) syz_io_uring_complete(r3) syz_io_uring_submit(r3, r1, &(0x7f0000000000)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x4, 0x0, @fd_index=0xa, 0x101, 0x0, 0x2, 0x5}, 0x8) 08:58:36 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:36 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:36 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1c, 0x0, 0x0, 0x0) 08:58:36 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) 08:58:36 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:36 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2143.330549] FAULT_INJECTION: forcing a failure. [ 2143.330549] name failslab, interval 1, probability 0, space 0, times 0 [ 2143.332273] CPU: 1 PID: 11212 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2143.333174] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2143.334304] Call Trace: [ 2143.334679] dump_stack+0x107/0x167 [ 2143.335147] should_fail.cold+0x5/0xa [ 2143.335641] ? create_object.isra.0+0x3a/0xa20 [ 2143.336318] should_failslab+0x5/0x20 [ 2143.336842] kmem_cache_alloc+0x5b/0x360 [ 2143.337415] ? mark_held_locks+0x9e/0xe0 [ 2143.337957] create_object.isra.0+0x3a/0xa20 [ 2143.338548] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2143.339259] kmem_cache_alloc_bulk+0x168/0x320 [ 2143.339892] io_submit_sqes+0x7099/0x86e0 [ 2143.340496] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2143.341209] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2143.341918] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2143.342604] ? lock_downgrade+0x6d0/0x6d0 [ 2143.343170] ? find_held_lock+0x2c/0x110 [ 2143.343716] ? io_submit_sqes+0x86e0/0x86e0 [ 2143.344377] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2143.345061] ? wait_for_completion_io+0x270/0x270 [ 2143.345764] ? rcu_read_lock_any_held+0x75/0xa0 [ 2143.346472] ? vfs_write+0x354/0xa70 [ 2143.347007] ? fput_many+0x2f/0x1a0 [ 2143.347509] ? ksys_write+0x1a9/0x260 [ 2143.348070] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2143.348761] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2143.349437] do_syscall_64+0x33/0x40 [ 2143.349956] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2143.350722] RIP: 0033:0x7f248b5b2b19 [ 2143.351240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2143.353700] FAULT_INJECTION: forcing a failure. [ 2143.353700] name failslab, interval 1, probability 0, space 0, times 0 [ 2143.353834] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2143.353852] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2143.353859] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2143.353866] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2143.353873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2143.353880] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2143.362070] CPU: 0 PID: 11217 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2143.363040] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2143.364220] Call Trace: [ 2143.364610] dump_stack+0x107/0x167 [ 2143.365129] should_fail.cold+0x5/0xa [ 2143.365667] ? create_object.isra.0+0x3a/0xa20 [ 2143.366310] should_failslab+0x5/0x20 [ 2143.366843] kmem_cache_alloc+0x5b/0x360 [ 2143.367423] create_object.isra.0+0x3a/0xa20 [ 2143.368035] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2143.368789] kmem_cache_alloc_bulk+0x168/0x320 [ 2143.369428] io_submit_sqes+0x7099/0x86e0 [ 2143.370036] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2143.370740] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2143.371428] ? lock_downgrade+0x6d0/0x6d0 [ 2143.372018] ? find_held_lock+0x2c/0x110 [ 2143.372630] ? io_submit_sqes+0x86e0/0x86e0 [ 2143.373252] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2143.373945] ? wait_for_completion_io+0x270/0x270 [ 2143.374623] ? rcu_read_lock_any_held+0x75/0xa0 [ 2143.375289] ? vfs_write+0x354/0xa70 [ 2143.375821] ? fput_many+0x2f/0x1a0 [ 2143.376362] ? ksys_write+0x1a9/0x260 [ 2143.376912] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2143.377647] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2143.378383] do_syscall_64+0x33/0x40 [ 2143.378916] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2143.379643] RIP: 0033:0x7f04fc2c5b19 [ 2143.380212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2143.382732] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2143.383818] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2143.384800] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2143.385804] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2143.386792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2143.387787] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:58:36 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3) [ 2143.420498] FAULT_INJECTION: forcing a failure. [ 2143.420498] name failslab, interval 1, probability 0, space 0, times 0 [ 2143.422536] CPU: 0 PID: 11225 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2143.423514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2143.424740] Call Trace: [ 2143.425130] dump_stack+0x107/0x167 [ 2143.425650] should_fail.cold+0x5/0xa [ 2143.426193] ? create_object.isra.0+0x3a/0xa20 [ 2143.426856] should_failslab+0x5/0x20 08:58:36 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r4, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2143.427422] kmem_cache_alloc+0x5b/0x360 [ 2143.428287] create_object.isra.0+0x3a/0xa20 [ 2143.428934] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2143.429642] kmem_cache_alloc_bulk+0x168/0x320 [ 2143.430296] io_submit_sqes+0x7099/0x86e0 [ 2143.430901] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2143.431611] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2143.432331] ? lock_downgrade+0x6d0/0x6d0 [ 2143.432910] ? find_held_lock+0x2c/0x110 [ 2143.433505] ? io_submit_sqes+0x86e0/0x86e0 [ 2143.434110] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2143.434821] ? wait_for_completion_io+0x270/0x270 [ 2143.435489] ? rcu_read_lock_any_held+0x75/0xa0 [ 2143.436181] ? vfs_write+0x354/0xa70 [ 2143.436759] ? fput_many+0x2f/0x1a0 [ 2143.437290] ? ksys_write+0x1a9/0x260 [ 2143.437818] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2143.438567] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2143.439288] do_syscall_64+0x33/0x40 [ 2143.439820] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2143.440639] RIP: 0033:0x7f30d6b2fb19 [ 2143.441192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2143.443884] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2143.444988] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2143.446000] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2143.447035] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2143.448098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2143.449144] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:58:36 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1d, 0x0, 0x0, 0x0) 08:58:36 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x9, 0x7, 0x1, 0x40, 0x0, 0xce, 0x803, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000000), 0xb}, 0x1000, 0x795, 0x4, 0x1, 0xfffffffffffffff8, 0x2, 0x100, 0x0, 0x9, 0x0, 0x80}, 0xffffffffffffffff, 0x10, r0, 0x2) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:58:52 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:58:52 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1e, 0x0, 0x0, 0x0) 08:58:52 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:52 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:52 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x300) 08:58:52 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:52 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x160d, 0x0, 0x0, 0x1f3}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:58:52 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2159.573429] FAULT_INJECTION: forcing a failure. [ 2159.573429] name failslab, interval 1, probability 0, space 0, times 0 [ 2159.575089] CPU: 1 PID: 11261 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2159.576022] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2159.577240] Call Trace: [ 2159.577633] dump_stack+0x107/0x167 [ 2159.578134] should_fail.cold+0x5/0xa [ 2159.578659] ? create_object.isra.0+0x3a/0xa20 [ 2159.579299] should_failslab+0x5/0x20 [ 2159.579856] kmem_cache_alloc+0x5b/0x360 [ 2159.580407] FAULT_INJECTION: forcing a failure. [ 2159.580407] name failslab, interval 1, probability 0, space 0, times 0 [ 2159.580459] ? mark_held_locks+0x9e/0xe0 [ 2159.582525] create_object.isra.0+0x3a/0xa20 [ 2159.583157] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2159.583884] kmem_cache_alloc_bulk+0x168/0x320 [ 2159.584529] io_submit_sqes+0x7099/0x86e0 [ 2159.585129] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2159.585836] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2159.586526] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2159.587193] ? lock_downgrade+0x6d0/0x6d0 [ 2159.587765] ? find_held_lock+0x2c/0x110 [ 2159.588399] ? io_submit_sqes+0x86e0/0x86e0 [ 2159.589024] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2159.589668] ? wait_for_completion_io+0x270/0x270 [ 2159.590331] ? rcu_read_lock_any_held+0x75/0xa0 [ 2159.590982] ? vfs_write+0x354/0xa70 [ 2159.591515] ? fput_many+0x2f/0x1a0 [ 2159.592007] ? ksys_write+0x1a9/0x260 [ 2159.592564] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2159.593271] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2159.593940] do_syscall_64+0x33/0x40 [ 2159.594446] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2159.595142] RIP: 0033:0x7f248b5b2b19 [ 2159.595649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2159.598213] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2159.599280] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2159.600370] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2159.601344] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2159.602362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2159.603294] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2159.604387] CPU: 0 PID: 11265 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2159.605385] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2159.606547] Call Trace: [ 2159.606926] dump_stack+0x107/0x167 [ 2159.607431] should_fail.cold+0x5/0xa [ 2159.607932] ? create_object.isra.0+0x3a/0xa20 [ 2159.608584] should_failslab+0x5/0x20 [ 2159.609105] kmem_cache_alloc+0x5b/0x360 [ 2159.609676] ? mark_held_locks+0x9e/0xe0 [ 2159.610209] create_object.isra.0+0x3a/0xa20 [ 2159.610781] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2159.611463] kmem_cache_alloc_bulk+0x168/0x320 [ 2159.612076] io_submit_sqes+0x7099/0x86e0 [ 2159.612684] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2159.613322] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2159.614008] ? lock_downgrade+0x6d0/0x6d0 [ 2159.614547] ? find_held_lock+0x2c/0x110 [ 2159.615084] ? io_submit_sqes+0x86e0/0x86e0 [ 2159.615651] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2159.616307] ? wait_for_completion_io+0x270/0x270 [ 2159.616929] ? rcu_read_lock_any_held+0x75/0xa0 [ 2159.617455] FAULT_INJECTION: forcing a failure. [ 2159.617455] name failslab, interval 1, probability 0, space 0, times 0 [ 2159.617520] ? vfs_write+0x354/0xa70 [ 2159.617538] ? fput_many+0x2f/0x1a0 [ 2159.620224] ? ksys_write+0x1a9/0x260 [ 2159.620788] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2159.621538] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2159.622269] do_syscall_64+0x33/0x40 [ 2159.622798] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2159.623500] RIP: 0033:0x7f30d6b2fb19 [ 2159.624006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2159.626458] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2159.627486] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2159.628474] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2159.629397] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2159.630325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2159.631289] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2159.632293] CPU: 1 PID: 11266 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2159.633325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2159.634498] Call Trace: [ 2159.634876] dump_stack+0x107/0x167 [ 2159.635396] should_fail.cold+0x5/0xa [ 2159.635943] ? create_object.isra.0+0x3a/0xa20 [ 2159.636648] should_failslab+0x5/0x20 [ 2159.637194] kmem_cache_alloc+0x5b/0x360 [ 2159.637772] ? mark_held_locks+0x9e/0xe0 [ 2159.638356] create_object.isra.0+0x3a/0xa20 [ 2159.638988] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2159.639715] kmem_cache_alloc_bulk+0x168/0x320 [ 2159.640393] io_submit_sqes+0x7099/0x86e0 [ 2159.640991] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2159.641727] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2159.642410] ? lock_downgrade+0x6d0/0x6d0 [ 2159.643031] ? find_held_lock+0x2c/0x110 [ 2159.643621] ? io_submit_sqes+0x86e0/0x86e0 [ 2159.644320] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2159.644996] ? wait_for_completion_io+0x270/0x270 [ 2159.645653] ? rcu_read_lock_any_held+0x75/0xa0 [ 2159.646317] ? vfs_write+0x354/0xa70 [ 2159.646856] ? fput_many+0x2f/0x1a0 [ 2159.647406] ? ksys_write+0x1a9/0x260 [ 2159.647951] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2159.648694] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2159.649443] do_syscall_64+0x33/0x40 [ 2159.649969] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2159.650699] RIP: 0033:0x7f04fc2c5b19 [ 2159.651209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2159.653749] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2159.654786] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2159.655761] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2159.656778] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2159.657740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2159.658703] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:58:52 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x21, 0x0, 0x0, 0x0) 08:58:52 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) 08:58:52 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:53 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000180), 0x81, 0xb00) r1 = syz_io_uring_setup(0x4e15, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0xa9a6, 0x1, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, 0x2010, r1, 0x8000000) r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r5, r6, 0x0) syz_io_uring_complete(0x0) syz_io_uring_setup(0x4, &(0x7f0000000740), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r7, r8, &(0x7f0000000140)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r9, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0}}, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) syz_io_uring_submit(0x0, r8, &(0x7f0000000240)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000200)={r10, r11+10000000}, 0x1, 0x0, 0x1}, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x2, 0x0, @fd=r5, 0x2e71, 0x0, 0x8b}, 0x5) 08:58:53 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000) 08:58:53 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x22, 0x0, 0x0, 0x0) 08:58:53 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:58:53 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2160.028514] FAULT_INJECTION: forcing a failure. [ 2160.028514] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.030473] CPU: 1 PID: 11297 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2160.031413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2160.032527] Call Trace: [ 2160.032880] dump_stack+0x107/0x167 [ 2160.033394] should_fail.cold+0x5/0xa [ 2160.033900] ? create_object.isra.0+0x3a/0xa20 [ 2160.034502] should_failslab+0x5/0x20 [ 2160.035004] kmem_cache_alloc+0x5b/0x360 [ 2160.035570] create_object.isra.0+0x3a/0xa20 [ 2160.036161] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2160.036988] kmem_cache_alloc_bulk+0x168/0x320 [ 2160.037606] io_submit_sqes+0x7099/0x86e0 [ 2160.038177] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2160.038804] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2160.039474] ? io_submit_sqes+0x86e0/0x86e0 [ 2160.040098] ? recalibrate_cpu_khz+0x10/0x10 [ 2160.040722] ? ktime_get+0x158/0x1f0 [ 2160.041221] ? lapic_timer_set_periodic+0x60/0x60 [ 2160.041866] ? clockevents_program_event+0x131/0x360 [ 2160.042559] ? tick_program_event+0xa8/0x140 [ 2160.043148] ? hrtimer_interrupt+0x771/0x9b0 [ 2160.043750] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2160.044489] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2160.045194] do_syscall_64+0x33/0x40 [ 2160.045698] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2160.046393] RIP: 0033:0x7f30d6b2fb19 [ 2160.046901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2160.049409] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2160.050429] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2160.051404] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2160.052436] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2160.053417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2160.054372] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2160.103105] FAULT_INJECTION: forcing a failure. [ 2160.103105] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.104680] CPU: 0 PID: 11298 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2160.105539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2160.106601] Call Trace: [ 2160.106971] dump_stack+0x107/0x167 [ 2160.107457] should_fail.cold+0x5/0xa [ 2160.107949] should_failslab+0x5/0x20 [ 2160.108474] kmem_cache_alloc_bulk+0x4b/0x320 [ 2160.109093] io_submit_sqes+0x7099/0x86e0 [ 2160.109700] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2160.110411] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2160.111049] ? lock_downgrade+0x6d0/0x6d0 [ 2160.111586] ? find_held_lock+0x2c/0x110 [ 2160.112140] ? io_submit_sqes+0x86e0/0x86e0 [ 2160.112787] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2160.113426] ? wait_for_completion_io+0x270/0x270 [ 2160.114047] ? rcu_read_lock_any_held+0x75/0xa0 [ 2160.114653] ? vfs_write+0x354/0xa70 [ 2160.115180] ? fput_many+0x2f/0x1a0 [ 2160.115688] ? ksys_write+0x1a9/0x260 [ 2160.116221] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2160.116943] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2160.117631] do_syscall_64+0x33/0x40 [ 2160.118127] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2160.118820] RIP: 0033:0x7f04fc2c5b19 [ 2160.119312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2160.121788] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2160.122855] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2160.123786] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2160.124756] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2160.125664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2160.126567] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:59:09 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:09 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:59:09 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) getsockname$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f0000000140)=0x6e) 08:59:09 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:09 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:09 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x23, 0x0, 0x0, 0x0) 08:59:09 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000) 08:59:09 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2175.848265] FAULT_INJECTION: forcing a failure. [ 2175.848265] name failslab, interval 1, probability 0, space 0, times 0 [ 2175.849973] CPU: 1 PID: 11315 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2175.850905] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2175.852062] Call Trace: [ 2175.852443] dump_stack+0x107/0x167 [ 2175.852975] should_fail.cold+0x5/0xa [ 2175.853504] ? create_object.isra.0+0x3a/0xa20 [ 2175.854127] should_failslab+0x5/0x20 [ 2175.854658] kmem_cache_alloc+0x5b/0x360 [ 2175.855220] ? mark_held_locks+0x9e/0xe0 [ 2175.855778] create_object.isra.0+0x3a/0xa20 [ 2175.856386] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2175.857120] kmem_cache_alloc_bulk+0x168/0x320 [ 2175.857732] io_submit_sqes+0x7099/0x86e0 [ 2175.858324] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2175.859005] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2175.859692] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2175.860350] ? lock_downgrade+0x6d0/0x6d0 [ 2175.860937] ? find_held_lock+0x2c/0x110 [ 2175.861519] ? io_submit_sqes+0x86e0/0x86e0 [ 2175.862152] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2175.862829] ? wait_for_completion_io+0x270/0x270 [ 2175.863489] ? rcu_read_lock_any_held+0x75/0xa0 [ 2175.864119] ? vfs_write+0x354/0xa70 [ 2175.864378] FAULT_INJECTION: forcing a failure. [ 2175.864378] name failslab, interval 1, probability 0, space 0, times 0 [ 2175.864762] ? fput_many+0x2f/0x1a0 [ 2175.864782] ? ksys_write+0x1a9/0x260 [ 2175.867343] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2175.868057] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2175.868823] do_syscall_64+0x33/0x40 [ 2175.869348] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2175.870070] RIP: 0033:0x7f248b5b2b19 [ 2175.870594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2175.873078] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2175.874104] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2175.875067] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2175.876062] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2175.877072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2175.878086] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2175.879077] CPU: 0 PID: 11320 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2175.880048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2175.881201] Call Trace: [ 2175.881554] dump_stack+0x107/0x167 [ 2175.882044] should_fail.cold+0x5/0xa [ 2175.882588] ? create_object.isra.0+0x3a/0xa20 [ 2175.883198] should_failslab+0x5/0x20 [ 2175.883722] kmem_cache_alloc+0x5b/0x360 [ 2175.884286] ? mark_held_locks+0x9e/0xe0 [ 2175.884893] create_object.isra.0+0x3a/0xa20 [ 2175.885496] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2175.886181] kmem_cache_alloc_bulk+0x168/0x320 [ 2175.886836] io_submit_sqes+0x7099/0x86e0 [ 2175.887424] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2175.888114] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2175.888800] ? lock_downgrade+0x6d0/0x6d0 [ 2175.889344] ? find_held_lock+0x2c/0x110 [ 2175.889875] ? io_submit_sqes+0x86e0/0x86e0 [ 2175.890474] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2175.891084] ? wait_for_completion_io+0x270/0x270 [ 2175.891725] ? rcu_read_lock_any_held+0x75/0xa0 [ 2175.892344] ? vfs_write+0x354/0xa70 [ 2175.892887] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 2175.893488] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 2175.894194] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2175.894883] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2175.895580] do_syscall_64+0x33/0x40 [ 2175.896082] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2175.896799] RIP: 0033:0x7f04fc2c5b19 [ 2175.897295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2175.899764] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 08:59:09 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3000000) [ 2175.900820] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2175.902094] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2175.903093] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2175.904071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2175.905058] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2175.914146] FAULT_INJECTION: forcing a failure. [ 2175.914146] name failslab, interval 1, probability 0, space 0, times 0 [ 2175.915501] CPU: 0 PID: 11318 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2175.916241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2175.917169] Call Trace: [ 2175.917459] dump_stack+0x107/0x167 [ 2175.917861] should_fail.cold+0x5/0xa [ 2175.918288] ? create_object.isra.0+0x3a/0xa20 [ 2175.918779] should_failslab+0x5/0x20 [ 2175.919216] kmem_cache_alloc+0x5b/0x360 [ 2175.919652] ? mark_held_locks+0x9e/0xe0 [ 2175.920090] create_object.isra.0+0x3a/0xa20 [ 2175.920627] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2175.921211] kmem_cache_alloc_bulk+0x168/0x320 [ 2175.921716] io_submit_sqes+0x7099/0x86e0 [ 2175.922202] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2175.922784] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2175.923309] ? lock_downgrade+0x6d0/0x6d0 [ 2175.923754] ? find_held_lock+0x2c/0x110 [ 2175.924243] ? io_submit_sqes+0x86e0/0x86e0 [ 2175.924723] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2175.925272] ? wait_for_completion_io+0x270/0x270 [ 2175.925830] ? rcu_read_lock_any_held+0x75/0xa0 [ 2175.926332] ? vfs_write+0x354/0xa70 [ 2175.926731] ? fput_many+0x2f/0x1a0 [ 2175.927178] ? ksys_write+0x1a9/0x260 [ 2175.927604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2175.928188] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2175.928831] do_syscall_64+0x33/0x40 [ 2175.929260] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2175.929805] RIP: 0033:0x7f30d6b2fb19 [ 2175.930213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2175.932233] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2175.933259] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2175.934248] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2175.935231] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2175.936253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2175.937238] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:59:09 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x24, 0x0, 0x0, 0x0) 08:59:09 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:09 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000) 08:59:09 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x300, 0x0, 0x0, 0x0) 08:59:09 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:09 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:09 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000002780)=@IORING_OP_NOP={0x0, 0x3}, 0x80000001) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x9, 0x80010, r0, 0x8000000) syz_io_uring_setup(0x4, &(0x7f0000000740)={0x0, 0x0, 0x0, 0xfffffffd}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000027c0)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r1, &(0x7f0000000140)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000600)="b56e6b13847cf83db7407abce66a9a7d1b81c603d7d8715216e10682445b90611d605780acbc1ff9cfe7309abbb79e462e59a4062ee52b55c003bd31b3a3d751299a0802d939797cf781ac08c962974c8ffc5a85eb7a3926a0bc419575", 0x5d, 0x10143, 0x1}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0}}, 0x0) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000001c0)=0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000073c0)=ANY=[@ANYBLOB="442300002800000128bd7000fcdbdf250d0000000046cad55181c791b4bcd6ae7de7806e5a177f67f1977606ab337680eb8f1e19bb6c2e614b9bcb948154469df44374bfc21e4ceaaa1efaeb9ba4a29ca039cdf002fbe236a7b2b149586cf05e5dbc284ed3422a806045f59799b256931a669a820f20e1ea4e25e024106a800c00920040000000000000001c8f92a0745d59c963e528459f34558c6ad00d30430edadc59f09bef73cf8dca58a91209d8955666062d5bb60a2cfd631404f63447a9a814190a5c05f245f8f43ceb02aba7be67cb46dd715b94a0eca2d80a265688726c0b0ac807b54cdf21f366f0dc78e180dcc5a7b67f111cf41158b3b7e2eeae02d2c61da4e8e96e6f969b02f26ac53c7b34149c19d0c3eeb1a2fe27bf28c847b9462676baab3447643a9ad60b017694fce517e73d29d321ba0cfef0395e4bb4483d3b6bdab3d6dbcda22b42fb30bdc337907e26f617b66debe1a840aaaa9b8b3990ed4f7dc9b358ad886e012adaf89be90bc99611f99635e94c8045ebe5a22fcf7ba246f63e15f6d4ab57ee7f01231fce356dc48f8ca771bc626005869384e378d2ad27150f8e80628c1ce481e2a98ef50109bc47a7ff2cc43555fe09b6a66c5614346d09266a1ce002cb351ed066f49f46e5a3796ffcd6c483053a9c92924cae4a4fa57bfd163bfbf1578114c4456cae12bde7e07ce51ac820a00ec4e4ba2e48c9798125d7abb85ec40c8ec7170426d8a29cdff0c317b9bdbb2d76a72d7eb6d61dc525267da2357ac0eb35aa52aee64a5eb5164c95566e02284df88b34e52c91e12bb4409b6288493492b224a6f5b0f32b044199ebb31b30559e5ad34253e67797347f8ef75e80433c626fd15f67713ab7776dbdd8e033c09f20e408d50d6e1cd59be8b0cc65c59734e74cda6c3ae9cdc3bf1605b95d61e17ec951da1ba6c6bc6e6f3ab4928889a76315114fde007441d58fd676e951b901c3d2127b1b9400221068a43e57c8e117135b365e44df4d27bc6c15a187d4b616a4a194743b77d171b11a1155c2144e7d429f93cc3d07efa578ae35cec09d4a91885c288f450754478b6cad82cfefb5a792794920cdbd4f85aecfa6dcdbe1d8b6c2d81085fc5faecfedbca73bf6b55db1b1f7187953d43c1da164a297821142221c99f65c01db215355687e1d02e13690f58e3dd5041665095688e23352b7579aa2e84a951355f782b949a829835a23b2cb5791c5997ecf1a8b344d4f51e60f23416422989aa621b8612d3119f21f456d5a752be67f69095434bdd81284ee1fd2952421aa25218226092e99cadc952a030dc1c58198dede573a9566526bff746b4fa4bfbcea6a3a042f240ca02a41ff416fc4fcec74b67e0beca7799dd58cb12d9759461b0074aec9ca026354b67da8616d932096985a4507de76a99efc34d0b1de47262951207fc2539fc4445d41ffd7ae6cde0a39d3fd555048b35582fcb4eafd918200c73a1364ba1cd9cd46f7c2da81f7f7e1ebf0fef5b590351737cc7ae0b7ec94aa0b9f83876d47dfa0adbd0d34799eaebaa16d8933103d49fa031ca957310453228f335e2f82d8adb9df0b161ba630af62993a2e9a1f983a6c413c17dedf42febe434f55ecdfb15acaf28760d00e770f744681f17f6e777ac77061226dbb53015fcbacfbeb80e8fd73750c3854644848c8a0d514ad2a4ac7847df7c57fa2689407d57e55768bba235eb1ec43b0cebf751f235ba4f17c9ce2e4815e019f6153cdd2fae3d353a6d45745029a23e515e433b355e9427288e0071db1185e262bbf6d3c3d5e16b477192b3b2785db34c6f0960429c56254512a16ad961643c2a9c1e8f99e39f60dbdf4860b1d6313c84533efc7df1561d0d0d0bd60a1fd0e667c166c3258bc62b00fc7e6f82b8649bd804cb9d2b2fa44fb36a216a03df74f9591a12df3c2f5b4159fbdbf19eab8c43cd07b2421dfdfb80cff29b4899bb7c2d8f4b6b5abc147091b56c7d330229eedc9d6f8bb5193806df6518248dddc35a97d6a05d3104f68d446e7ec957ca8a6f218fcf829057530b55274631c502bcca6da3cafdd5b1e9758cdf6d3734adea1aa91d7332d2d86a499e1aad90a7444c10f8415f15710c64514051faeb5d404c6cc5c148c394d3c043707107fe6db33226db909368e58d4d8104ba022aae4b2dc1b6be8f041061a1bb55149dd6c973b9bf12bd886ad806f63c991795dca40ef9657b287a5ae5cb01d45e2b537925c98ce91ab218c4ef03c8ede2bd2342474de4a5e7bf99dad048c9ec44127b965e22cfc372804a6750af231bc989bfae773e23dcefe026fac66c7bf4b055d531242159fa3c1ce537cec5bf3437329d9f6fb815e9243d0eb97a09cc03cbfac8cde0bfc9c7fa5b56ba3c6f11707da3d3022f69be96a221b19c0757dd99be58330e7989952fd231c4f1bb838d460382a221cfb5b41e74c0aec1177954c317766303fb487f68089d3d5f2717ddb91799205a4fcfba5911efb24659e91b7c4827d99752535263387b016ec05f937efb8ef0ef35ce86b76d10252ff2f2ee8853a9568a728dc775bbed37cf816847091410b6c3b1e837e4bbfea4ea6d1dc1355462e5b424b9ef135b9065577a8408370ecb70d7c94f7bcb3a78f543fa4da7e00670cda51d68c3d71893a67d9ea63a3523b5b53f58c670831fe199bab9fcf55860dc2b2a87d89260078bfea694b9fbdcd09fae45f30a62967e9f5bd1a5b01bdc31443e63a98f88fc50e5a3c1ef05dff704c8692850992465a00f16f3d55c135123d7d53d160eeea7ffbc4490c826b32ee3ba34349d1515e8fce9f4170fa98f1e05f61dfabb8b31d1adb03bf98d2bf9f68883f3a60615375bf57828f2786f1ead1e2fbdbe28032a422fc23cf34b50666feac6f12161ecc273e2f80d91c6235af8a641b0b5e1e288f45b380dfae1dc686b57c0e09b386ca860833f101aa7ebb1e513c1a16e080df920361b0425e6c16f11974f4e33046126a4e4a4640a2b3ad788a816b9de8b0b76476bddd1ead137ceac9a18ab7be03b2a8a9597a7c6df30519f49b19c8ea302759340985c61c1a0399e6ff6a8cf29813e1d8881e6d471968e4a082408c40f7fe37d5887544ae57eae0e99548685b18e2570bbfac0741aa8e21409705eb75b206c96e5fa6677930867dcdae3864c7b49ebde8816b71afd441b7374c8fb6865f70f5205d211b2dcbeedb65093858da2c164561eac79b603492fc5f15141d465dfed31a75c22556199df8c50f131ed27d6a9cc73e15e345b28fa24b82dc56abaf71ca4b5b7e9b91543695e7b4863807b95f10dc509f9257446af8fe1cad4ebe3a7c4a10dc09e47327594d97e441be13db2671b0ff8516e0f024da74960d6909656c45f1fe6032459beb9d307a8f5efad11c2d36780fdd4ddbfc02255f0931e09b7b0e667dd57292f263975b000754e66daf73181e582b97f92e58df145badd89189499adfdd9616889cd8d0578fbd2137b3b2de65dcb5e988d5eb48f5709a3fe85553e1462685f1a54ee05d9ceafa78ddba37c887fa520649850d8b9060e0e250da9e35a76cd4bc4f910ec03130eee62c89d7de151b3c772f88b1efa8f072f0d3bcdb54bb27e58cbd340348e5a89a27d8a358d30be4007b174fb0364263e57ec068e9988c872265b0e47dddeec52628fc0e0098ea9cef962a4617f5489331f0bad77aecdf0f376416e3d2803d560db012af3ca2926c316a64112b3092bf243f4580496ed4cfbacce7562286e3a82388d68cab7571d77c947b4a75014b85ed7d226062e0b758bdfa1461b27e3468bdb7ab218341587f7ff14d10b5d37516e8d5c600b2d4c961b798adea47ccd4f88bf3eafcd893e1207f49c300275a3cf5786ed89c296fbc8489c965739f8cd2ad2f9df190ffac5cc29479f7bf427c7665d52ba036ee414e4d176d09e26c0cf61c5379f632b3265315b4ee2434329101be71e6e4645e605459c9946110714738114c8ad32bc79a00c369901bdf759b4ed11d4c2da211b87a735e3001951c5f6ea72a9a1c7d516b03fd37f6a7671bca6da54c8698f12e5eba05caba8405ac202da16e5e07ff3865b47b706cf71243e8955a9c6aafe5c9b165b7c24a085dd73b43b191a2a9e1488783b7146c5b89a1a5633953d3f9a0d806f40d69d1cb11312a87848da7dd333db28049af01640c5fce2b8227f734f631604a3df2a74b9ba799153429c4fb38b1b25ae041a7bd885fddd93e02f05f30eed6f413651b356030a2e99bef498a06d2a27e9ad265c56899ff96048eca1800f77c82cf5487dd8e1a4383cb4c42da144f0d9979e5109b62c28067a3f5e5033fcd9304e92b3d8bfd058920bfdfa89a9742c43d094252694d5867b7d25034e0260c0dc186b40edefb3c11864949fa06646a99b2cd79a7b60f20acbf4f8a7b74bbb3f9d8d8b98788b6284dfa5c8b780f70d0437af77cf94335f554119f91421ae254f48c99072da0fa5a28902f81740e08b9d5956533da99b8931a9e292f520a937ad40ea51dc451d967906a896150e1fa39c2a2e3a39318e2067abeb974477e571f1dc2b7adc5e5378d9c25393339a77098c4cd7ba756b877cb3a593a736e4444a6858114ac29fde00e4286fdc6d87d0aa560ad70a8e166ab617c28d71812aaece789fa3c94e6c677e7ce6853bb39eb9c414ffb01c0a29893628f596ba012438de8186e501292fbe32e9779f396dfe1dbd3aeb38433ee3db357427e982db744c306ff48c7d3a8c609da2b15e67042c4e0d369cf56ffacce2178b2765b74e930f5a6b8e7ca3a838a221b16c913c880ad28e1070e8dc6debbba47290b6b4270dc6ed1249d448bde09b57c2d665d2a646de17d54b7f629220d1595a9f9ad7baf161fc03348f395346fb61702c1c9c34cd05cff7dd2459bc42c6ca3d435b60ffa411059f4c76c9e2798c403331b2c177b47b7bcd3983223a5d7281f22f7c2a4e21f7021fd7c90c6afb490b20eebebdc1c508ccc293d958108b29f85727cdad1c0785611996d164273f298d5e900b57ff645e79f67d2a93ef9f3264613508f4bf02f1dfd8c8deda80b3d402c77c4832f9c4bf43f43f9b0f8d01a5bc108d57be4f510cfb1c7c2199f694f6e5541dd6de2b8be176685991a2c99116009702fa3b08942bb5c553823dddd3ae864fb7dc29d4ffe80023f32ccdbd6e54da283b9bef8cbc07bbbe6f039ca51dbc14367e9eb14dc071f320e2ee096f52b621c3300b6910b8b7aee3fda6c05081e49271bf243a8821481b97200c29b4b439063d7514c4437078355d8568ccc237b54ba9e30c12f1f6b1153d3eb4466e15c8e1914d3ad6f325e9bab496da060c49f3251af527937b2ead846b762af6a5f6848aa51381b3ee7b0cb61dacf5a5ad2e21a30f0fbde2ab2bab118b37d10aa5a56f81393a275fcfe4e6505611e806f233080c36b4c83c9f260c7e1ca0834446182087a86b237f274e1f17ac058a6d9f5b0299d47069b536200b52f5f386afa0614b1ea7d18f67f8ca5a5a060c12e01f210f82e71c4ebdd9c26840b5856f8c675709c78be671ed5e1dde7997190455fd7ba14e41c774f9edaa694296e6a242808053303c20016a359a00d1f7ad501895dff058d311a71f856eb5ee3bd95da18d32a96fc9d77662dd977ba3aa03d3b45256e5fa62cea19cdf25fe98a63651c6a88dec27ec60973310c8d3c36f11777237096d9bb7f72fe12dc13dcef634097c36dd935db4a5dce284ed2aa0b8eabf8e4da157f4a6c1afb680e44af4833206b1f863f85ee66a70bd96bc214a6e0201b38431f592c2ec0baf143b50a399d934225474c4fa3ba2ef166e86382c55d5acee4f9f1351766718f544301ad1bb756d9ae8c95359b1a22d75bccb8124f9d767adeed9eea9aeb3298ecc574440c730aff27f419570b7f010fdb0cb923119846ff0404b59d143c4297bb21d51d2a922188157a327b1cb9975b45aeaa585beb870a8d77765a75e030e2cf61700692b895029a76bcd5cafa3a12480a003600776c616e30000000eb00268008008700aa61a6dc1b611e0901e098f15595bbbae8f78b4676603a32a730c60f6d1b03cc1d967938dcfe9af93babe7dde25ae42db555674929dbe2b290581ecd9adf46692aefaaa71d6c967518e0497e60c7d46aebe009149db9a8441aaa55d7bf0e5c8c63aa58b15e5fcd9e28aec9f9506d5f00a53916ceb0e016cf7c8ce336df4a168691e580b5b7d86992cb2d91fe46c0e037b698912d634fb73a0018f733f506a6d47ccdbff78ec793b7b35a2a396dee557a53b62aa542b22991f81bfbaafde149733316881c43fe3447b229dabe524b03a10c03efebe2027426dc8a515fcee453caf3fc5c29d581b94149110bb64f66c27325", @ANYRES32, @ANYBLOB="439348b069d15b6eac78e7bcf3fb1c7214e2bab1d747fdffffffffffffff3c417d83363a4c843b7c3fa5eb59bb11dfc05d4726818506f05cde6226a73357da0f8d0a44d1cbd9adf47ece0ef89ef1fb89639404e2f26f1b561b9aec1fa6152bedfdbf838b1c25fd171515bee22d967b125dbe374ce6627c63a8a3195c12feea18ac9dcc1f6251c4975a499f239b6841bf46c0256aaad40c16bb5a3f5ef1a7ea60bc9ec61a08328e4bdcbb685e29c8760ae32f532a5680cba2596e7660da5ca0932b4cbd31578f7d4391230a9a024eecb0dd070a31afa02508a7e935a4ab7f970008003b00d61a799b4e1703d00a4ad7268165fbebcafda571d035e89d9e3fa6b4e9a5203f3a0acb946e9174f42028a446416174ca595ab5cb6c7a0fd8103d5bbc2515da2772b62f892efec3b4236cd5dc6de0d04d81d1c63f1f6a48159a7c9fa6a6a0cabddf1a8e746b3f162083e889fff626dabb6688", @ANYRES32=r6, @ANYBLOB="060003002d00000003011100a67f5f8193b725086076216332592de612db3ee90b96ac8a6a8716820477a4ab9093677497bb1cd0bb4881710f29e346a2d657ceec71e432d0e8ddca0cf167a26f474c4e2426c70e426f590115e833713c56a12889ce1865e097351a2e62086c1287649c10dcc7d700953a44f308682132bdfa011ca2fcd0ef504403b983c7f5aa91034c45863cdc32d79f7c99fe702c79f4abe7462833c611609d5efd8a3a6bbd9f3ca87c0f52162415418edc34776249743701c1c210568253abb01b7c76d669d9e5547dd6bdfe687a02dfb9e40c716c650e86f5a6967bea4493a0265e21cdf28886daba4c0108ab03dead7b53803cc6747ac1917256392c61a0e9d55bf7008ceba43122b16cf7ab7a98c62816f73d3faa72d1b690806c26ec7bb5d0b635f10a0f54cf249bba3e3b5272c6ae645e717011299f8c8df2b13a2845223f52366d814f7756b02c7012bd5b39feddf3c435e11ac32bb5843bbbc7c07aad5bf9b708eea350a22215b85169af8ca88ec60a886a97d8b6c0f3816a748d6e128e9c5c27c3d554abfede4f478b4fa0a29e0fd25a3e242dd8bc3b33817bf0e008008900", @ANYRES32=r7, @ANYBLOB="e8923672ffc6281adadfac1cdb1b1ed40f409b00487c3bdfc89a01342ff4a071264028c1c204238ee17d832069c654973e664a0132674067545b3e6442421776c97eb6e70e01a5aa000869cee938f24cb3dabf8deca607b386f4f8eafae3368f3a91e2ffb976285b1abdcfcfff2de1eb290ace0fd124802d77a4a0b5ad89774115ed2f6c94bdbb43fb0bd5bfb21dea4bdb0e8606e452ff3cfdfc4cebfd8fe76d248b042a919156bd01b85e5f867c5be97a394c19b794e9add356eb44044eb4780ed8b8a51930f5153f200f035ec6a53b5321383102aa4ebb3044695d88cd0cf5a63d88c8eb40af2ebee7efec34f8224c679d31bd501cb4ed2c37e9f89914eccbafe027188cbfeaf6b9e6cd71c52e2e363d7ecc7a66082e494c97d9ae397d17eec35f849eb9cb44308a599e4e79b5307ca3fddfa55ac0755008d6296b6691fa1ba89d03a9ffbda1ab24f398e6e152952d9bdfbf45c3427908f3753f6b8fab4948cf068570a9691ddd1d60d94c67d0a134f8b593c2b99d8399c87fcc55c5a6c35dd66e9e6f3530464d1f002b7b70fa8a7fec18ccdde7e83ef70a70869750257323783daf70db404a76f156d325878a7a8c9e473d70223d0cef832ace559cc626cdba30cacd85dd806463a30c21360f5d0848327373e3558267dbee846e75ced7cedbdfae2ae33cd393de6f979fca091c834c5669f8dba89be82c9bdab4221513e5771c226c7917dd2f9a8830a10087b83c6ed1f6df69f56e779e48add8fa30c607edfe714ee5da959c5cdb3335d5fc536b99c23ed3e6441be4d3296971a9b7d95e5460381326d6b15598d8e66f3fcc60430da7fb608b88640114f9a8ea4e408f7ebfd252bf0beb5c53e79f911a86ae7f58886a07ceece449e5781e9409410742c774207656c6dc2c65174ba0351b193d02c3216fd0d776979aa95d656ebe877154fea300dade8d923f00733e6fcf427127fd37cb9c16e3f3d06bea40cd08bd19b41d8146f6e64b9826ad52f9ce827eb14fd789409cf1060af8090358baaaae5073f5779e07309e987e73b0ad378b5f1ab3dd62e5937de279d08f2a5b942eb276410f5081fb8a32659da18bfa61307efe8d1fc435d90162c4b08585cd35f0b500c61527770f0f5f0bae97ae4b0b9e9f6b1928253074f83396c6e1c538bc03e2f2f9a8218b29149572d9ccc2159d6acb0441fc851d892fdac3de8d82d17f842c980f2434c0871f767e1de7e16b6e197c76cdfc8b4cb8c73935a9ebc14dca989d9d43b80d09c09a3114d33f176d0ebe7184e6c554c5d1173c2d343b41b606c61634e6a0c7ca6e8d7921bc8e424446c053b40c33bde8c31d589585b440dece1b188a402e83a7740534c111314537a79eaaf21169b14300946ae560a679a8be7446db87bd76f975cc37542af9347fc9b5352d3d8bc15586ef6f96a2eefa48fe5cff8293f18cd2c1d4c7596b26624fe31fa93e15884cc0a3389621e9c770e09727564bb9bde991bbb681c6285391a704454dbd49f8889a5a6492c7e69c1b1dc1da766e47f8d74f13b0ccc77536796503c520663f50111a67d2af7e9f75a67638b27db17c5d1ef296a00c095d67bd24d2073c6906e11a142a7d8eed1d6594ba659edf8464cb6ed932935dd692841ff623c7eb083706f6e1f005b515e7fca88916c598d0d946fe67eca7c992c50c21b1f6d22659418e9c2756f7f27a35b5362c928750d174de867df3af79ac7c25465a647c9a7013ab355194584e1a3a2fc64e78afe0726732e0070addc0cffcac46aec4d8b2489fa82c46d0ec64d2fd875fa33d50268a2be08b9c331381ae96162c6a1741ce2680cbbc28e9a4c898c455673058a0385d5c96cf43a7efd0bdce3cc03e6315d9a52342fe8582c1c17acf2bac4c51b295c0b3c1978fcbf8fd103b974a53a920f52a4ba9de6acdf52a9c569f910d93b53c62768fd10ca499374c1f2a7008a6b7b10ad04093f7f3f865bc8ee335f3148707037e2e582a2489883c84cbb1a058050af8ad89fbe2d2662923b857bddbfa06bae5b1599220f585788ee1a91246f3e1cad9cc5f638797c66aa71f48dda135226b367e764e2447cc750f611720a4460ffe1dce002b3e452de523983e7311f30219de2821b4f6ebc56d2259519dd40cea34c737bbf8b21f460af50a3e634d74da0c99e966739bd4490d206040cca663910533bde9c94fb98ca80762d6f5fb8530cc0e540372312e1d65d9c9098d0fcf03934ac70dd9d0d712d4316348e47fb3aaf060639a3c7452ba16ec7304ab750187e0d34c75161d7e3a8f9fff35df49afa8a3881bd77ba03f944f95c3b9ef742c3df452eac35075453bbb2114900b0730fc026ac8bad14fae75bf8e10208a3938624451fb06c8b38eb6516fd8a0e9727bcf7351f184d90e929f2d9e5931bcc0a11a6df935c273f9f2a504180388204bf870934637eb51fa28a4d0c80fdd6cb0a8728c7117998a79a1d5b99375f6d18643259362e93cda5dd1a20377a7b73497d8de0a51e51f02a4fba0db551e01dbb39aa5ba0d0d3623e459e8d8d0022cef59209a344e27858dc993c6c343d5976c5e2db4627a124466bdfe3338252ca931597720a0dfb98a5407897c379f098f5705beb075fa7da815e3ad98e1d1ddaaf6a95765f38f0990e00c60b68c1373d2a7e8c628110bb4d811493100e825b62ba0f78a7dcf2453d8006444072c13eb2aea4815659b50e8ba06f86416f88a5dd4ce6f1c09a226adc63f541170ef8ebabc6ddcecce23f812939694ac8bc78c0723f3929271f9befbd0efa604bd3b843eeb3f5076de7ce38806cf189329f124427491c602aa7b6387cbe345f38e605fab44d08137b0750aa070c3ae022a113e5f26972a8b4e1e40ebe41eadc4fbc6bccf65932f9d92c4bbaa773ff72a742fbcfe3048ce94647e866d71bdbaabc490f719dfcd247c8bd0b3c476a9d59509d6255bf63cb26e2bd1307a3d82abeae356d063a0ba245c91ffc9006e8040cdf79f90f1a66464eff377adb5765a342ab78deb0f40f76b8363ffdcf57c2cb5566ed6ec5340780b79cc5bcff47d27cad6d9084bfcab262527568c2427c60a2e82aae1f61d7839b94ba8b0625ec28ade0a38475cd2425482190d6a05c0e93b920e275c639365326f63cca16f6d28b115ce3b2bc6c2e76ca23a36fa159677702e3a5352fe3d2e5f6c8d6a3067a6d97b14534f4a05b44e7bc1c20514441e581a91bab21c7180357e09e37c01701169235265549aeade489813fafea010c4c4f3b14cf29a20ed8c2535490a8bf97e1e71319c2f8c33451e7b413f28abb672be6ce65e7b8d9fd4858f769608fde84c4fef4baa4f9c4b1c2c7d7fd8018dbb6c549b534eee5afd889837930366e2e4e903137ce1a84cbd92cd59fe0aaa0184e3d85bb41d02878f17fe9a1806b8b226628346bf7c1ab1ac83c09ea6c0dc476d135b3a26fe0eff34f42d059e46c83546ae7cce93abb94aea86757df869c1a32e0b74a63776eb092506c9ebabe80d9c7396a1f69b489a3bd0353b4ef99775d856487e72e215b761e2f262dff6200a5a4eee96dcb53667673e29277775d129bb1921add2df2a4cdaa8da83bd97ca652cc20b5eac2b02a941d62eed116bd806741404a7fdcfde2de0a10dd1da2b84f4bd9be1b46af76e8776d80b2ddc9c14c6ed14ff4e36055b8e53cfa7d6e57eebba8b328155045f75bfdb38e4a507c7270b139d5910fef276bb8dfb71b45708cdf742789f8b015f4f14aa2a631cc7d525c7228d5b28fb3ef011654beeda9bee6389316ef6a0930679adfaa06fe52316a3d76b769c0c58dcc852400da3bf730cd1920dc1ab9507250954de62d5af526130459236b42fbd9b8b4a4a3c90eada6debe06e58a466a9d0ef04d71966fe346e0fe7ea92f0c2574d091f868f10ae46c7c6f344cdd36f4948bc1d035d8d1987064cac2e8214f8c55e5f175e84b662e1c31e828b1adbac8bdc1872a8acea2e05d7a5346bedab46f0bb525f0cd43c615c75377a76e13db5bccc0b0af4a2887a7415617e09531251e2a54bc086b4076b996a07452d94ee7b628a54a594071d2397a883ffffa98b9ce7be1191305b6d63afea43287c24067c62644610a66b440ac751076d07073d933c4d51e93598b6885211dfb1c1a1abcd5a986d7d44aa6a6a1bdb160f3fa32c6287f182064dce26ff5bba1fa0bfb8c68c58022c649d5d3a203f4b0e5f4d7a1646e95513645267fb0c4256c813297b3ac8ab9e44d708dd09eae9e417ec655131ff1bc6d27793ef1800163a27c10d4c163781d367bbcc0a4faf5406a40d6158280e964757bb52f88b92b8cecf82f3ddfee38c7118aa01e5fa345a4a84c1b0978e82e402c82298af76d5daede441a8018ea2e138558e30420f8a5af4ea10d0be60af97d2836cece6056770941fbcccf8eaee06190db2feafdc7ee06b93c35e4f41c05b8dd62e4e6f8bdbbb620dafc20a0838c7e96852685f487fce88f1b73d80cc044c419126b1b33d1f364b45c409e8bba88aaad5c8c240c6932566d7cdc6c0efe1d2b527c04cec804fe80695a241c1f831c1fcb15d3e31742ec682c6323e18c8c47ecebeb9600f1191290d4350d8ec0517a6396abe8eb584c2e1671eeaa085a435079cafa922f6b8a5d94d6d485a5cf2c4069473cc1802d53b17ba119238aa596e134925a8c870cac3bc2598b1ce0cee2f339f9b361e28a7def3e81361b9a70cbb7e17bc62e792d0d4a2462bf21a54fe3852d306a03bfeadab44e9d5cfd498c3e5efeb58dc1d40f1565120e72fdda42ea9f853f087c979008c6ebd414e3ee1f1b04d66306c37b512bd41ffed1fdd3afccc9d73007fdb389e90b36097789c6d51f8f31a497527a4c0a5f4060267987a3589d0574b85c93a2eb13498ca4f181c3a9e4ed66b5c7cc9ab5ffe2cac0561b53c526c275bbbc86a0f18f76b06954ccd5ddfefd38ee2b9ac95231809ab425745952a28c4de6525a41ad8e3307b4a5715804165f8229f57443ed6d4c119df8c4b52ffce741af4548c60d380ef5cadec87be79b6899bc09b3f0230f6375ad14aff36b1713fadc3050390090eca85e62ce453d8854704ee9d1a34e934bbfb3dddf470b85ac3efc440f07db9b8b93390444b5419fe244a999053ffc4e66babe31bead044b957a625e66cf0455cf62d498705b2c4f14f0f437f550cb85a3e40342b3dc47d216511325131e96d07c5c09db76cbce0ce6696982e520e787e98a13f7a2b10323148a879b8362e1a9adf16d326f92acd5b54c3376ccea29f4654549648020b41b75c88690c58478cca92f00a55a37697e04255a92b5345ca7a051bc99f540525c95826f741022c63ab0ac1e8c32349e26cbaeb901863c3502328f5843313be0aec3bc0e4df1dd8633dac8fe0a07b2d25b4f53566e0d5db49da16929e6ee4b8807667e7daf20f6dc8b3bc6a98ea12c3b58030f90ed31694ba16521b5dd331fcfa11ef0593a321dd165152a69bc2822a7755096c11bbf896560726028dec36105aae72f1639c658f177ef7fee48d7558e38edeff6f95b02fac6bf5a8fc567535e6648d862e6b263300a06ea0fadc38f94395dec8f8c422058bb433b8daf2b5a50eb4d507d197dcfd5262536776d83d11ff1e8924c6b9a98c803b820ef37754a323214cdc8db16c5b115c88a2937839b258a8e7c8bf1f1e16898bb8b2cd45516f140be0c231e2c9e4f82a117eb836f04cf83f12ce4e9c01a8206aae715a63f9ac1a39b73fb5ca4715f8e8ed780da16db10ce057973cae8b7cd690e9b2f195dcce994c10b0fed0efedd3b5e1abde6bccc30000"], 0x2344}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) io_uring_enter(0xffffffffffffffff, 0x2e3a, 0x5562, 0x0, &(0x7f0000000400)={[0x2]}, 0x8) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index, 0x4, &(0x7f0000000000)=[{&(0x7f0000000180)=""/105, 0x69}], 0x1, 0x11, 0x1, {0x0, r9}}, 0x1f) syz_io_uring_submit(r2, r4, &(0x7f0000000280)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)=""/243, 0xf3}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000040)=""/10, 0xa}, {&(0x7f0000000500)=""/218, 0xda}, {&(0x7f0000000140)=""/46, 0x2e}], 0x5}, 0x0, 0x2100, 0x1, {0x1, r9}}, 0x101) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:59:09 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2176.253342] FAULT_INJECTION: forcing a failure. [ 2176.253342] name failslab, interval 1, probability 0, space 0, times 0 [ 2176.255288] CPU: 0 PID: 11350 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2176.256223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2176.257369] Call Trace: [ 2176.257739] dump_stack+0x107/0x167 [ 2176.258244] should_fail.cold+0x5/0xa [ 2176.258783] should_failslab+0x5/0x20 [ 2176.259287] kmem_cache_alloc_bulk+0x4b/0x320 [ 2176.259919] io_submit_sqes+0x7099/0x86e0 [ 2176.260525] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2176.261205] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2176.261845] ? lock_downgrade+0x6d0/0x6d0 [ 2176.262389] ? find_held_lock+0x2c/0x110 [ 2176.262925] ? io_submit_sqes+0x86e0/0x86e0 [ 2176.263495] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2176.264127] ? wait_for_completion_io+0x270/0x270 [ 2176.264820] ? rcu_read_lock_any_held+0x75/0xa0 [ 2176.265477] ? vfs_write+0x354/0xa70 [ 2176.265985] ? fput_many+0x2f/0x1a0 [ 2176.266483] ? ksys_write+0x1a9/0x260 [ 2176.266994] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2176.267674] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2176.268343] do_syscall_64+0x33/0x40 [ 2176.268873] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2176.269540] RIP: 0033:0x7f04fc2c5b19 [ 2176.270020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2176.272411] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2176.273438] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2176.274383] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2176.275309] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2176.276229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2176.277254] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2176.304448] FAULT_INJECTION: forcing a failure. [ 2176.304448] name failslab, interval 1, probability 0, space 0, times 0 [ 2176.306111] CPU: 1 PID: 11352 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2176.306995] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2176.308087] Call Trace: [ 2176.308449] dump_stack+0x107/0x167 [ 2176.308965] should_fail.cold+0x5/0xa [ 2176.309447] ? create_object.isra.0+0x3a/0xa20 [ 2176.310056] should_failslab+0x5/0x20 [ 2176.310549] kmem_cache_alloc+0x5b/0x360 [ 2176.311075] ? mark_held_locks+0x9e/0xe0 [ 2176.311612] create_object.isra.0+0x3a/0xa20 [ 2176.312200] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2176.312901] kmem_cache_alloc_bulk+0x168/0x320 [ 2176.313485] io_submit_sqes+0x7099/0x86e0 [ 2176.314034] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2176.314677] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2176.315299] ? lock_downgrade+0x6d0/0x6d0 [ 2176.315839] ? find_held_lock+0x2c/0x110 [ 2176.316359] ? io_submit_sqes+0x86e0/0x86e0 [ 2176.316940] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2176.317566] ? wait_for_completion_io+0x270/0x270 [ 2176.318187] ? rcu_read_lock_any_held+0x75/0xa0 [ 2176.318778] ? vfs_write+0x354/0xa70 [ 2176.319249] ? fput_many+0x2f/0x1a0 [ 2176.319713] ? ksys_write+0x1a9/0x260 [ 2176.320209] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2176.320922] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2176.321594] do_syscall_64+0x33/0x40 [ 2176.322081] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2176.322741] RIP: 0033:0x7f30d6b2fb19 [ 2176.323230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2176.325606] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2176.326583] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2176.327498] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2176.328419] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2176.329483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2176.330450] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:59:25 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:25 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:25 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x7ffffffff000) 08:59:25 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x500, 0x0, 0x0, 0x0) 08:59:25 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:59:25 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10004}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = dup3(r2, r3, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xc0, 0x63, 0x45, 0x81, 0x0, 0x6, 0x8020, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x9, 0x6}, 0x44, 0x5, 0x4, 0x4, 0x7, 0x5, 0x1, 0x0, 0x4, 0x0, 0x3}, 0xffffffffffffffff, 0x1, r2, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000140)='cgroup.stat\x00', 0x0, 0x0) r5 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.pending_reads\x00', 0x18000, 0x8) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r6, 0x8930, &(0x7f0000000b40)={'sit0\x00', 0x0}) r7 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000001c0)=0x0) sendmsg$nl_generic(r5, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="442300002800000128bd7000fcdbdf250d0000000046cad55181c791b4bcd6ae7de7806e5a177f67f1977606ab337680eb8f1e19bb6c2e614b9bcb948154469df44374bfc21e4ceaaa1efaeb9ba4a29ca039cdf002fbe236a7b2b149586cf05e5dbc284ed3422a806045f59799b256931a669a820f20e1ea4e25e024106a800c00920040000000000000001c8f92a0745d59c963e528459f34558c6ad00d30430edadc59f09bef73cf8dca58a91209d8955666062d5bb60a2cfd631404f63447a9a814190a5c05f245f8f43ceb02aba7be67cb46dd715b94a0eca2d80a265688726c0b0ac807b54cdf21f366f0dc78e180dcc5a7b67f111cf41158b3b7e2eeae02d2c61da4e8e96e6f969b02f26ac53c7b34149c19d0c3eeb1a2fe27bf28c847b9462676baab3447643a9ad60b017694fce517e73d29d321ba0cfef0395e4bb4483d3b6bdab3d6dbcda22b42fb30bdc337907e26f617b66debe1a840aaaa9b8b3990ed4f7dc9b358ad886e012adaf89be90bc99611f99635e94c8045ebe5a22fcf7ba246f63e15f6d4ab57ee7f01231fce356dc48f8ca771bc626005869384e378d2ad27150f8e80628c1ce481e2a98ef50109bc47a7ff2cc43555fe09b6a66c5614346d09266a1ce002cb351ed066f49f46e5a3796ffcd6c483053a9c92924cae4a4fa57bfd163bfbf1578114c4456cae12bde7e07ce51ac820a00ec4e4ba2e48c9798125d7abb85ec40c8ec7170426d8a29cdff0c317b9bdbb2d76a72d7eb6d61dc525267da2357ac0eb35aa52aee64a5eb5164c95566e02284df88b34e52c91e12bb4409b6288493492b224a6f5b0f32b044199ebb31b30559e5ad34253e67797347f8ef75e80433c626fd15f67713ab7776dbdd8e033c09f20e408d50d6e1cd59be8b0cc65c59734e74cda6c3ae9cdc3bf1605b95d61e17ec951da1ba6c6bc6e6f3ab4928889a76315114fde007441d58fd676e951b901c3d2127b1b9400221068a43e57c8e117135b365e44df4d27bc6c15a187d4b616a4a194743b77d171b11a1155c2144e7d429f95cc3d07efa578ae35cec09d4a91885c288f450754478b6cad82cfefb5a792794920cdbd4f85aecfa6dcdbe1d8b6c2d81085fc5faecfedbca73bf6b55db1b1f7187953d43c1da164a297821142221c99f65c01db215355687e1d02e13690f58e3dd5041665095688e23352b7579aa2e84a951355f782b949a829835a23b2cb5791c5997ecf1a8b344d4f51e60f23416422989aa621b8612d3119f21f456d5a752be67f69095434bdd81284ee1fd2952421aa25218226092e99cadc952a030dc1c58198dede573a9566526bff746b4fa4bfbcea6a3a042f240ca02a41ff416fc4fcec74b67e0beca7799dd58cb12d9759461b0074aec9ca026354b67da8616d932096985a4507de76a99efc34d0b1de47262951207fc2539fc4445d41ffd7ae6cde0a39d3fd555048b35582fcb4eafd918200c73a1364ba1cd9cd46f7c2da81f7f7e1ebf0fef5b590351737cc7ae0b7ec94aa0b9f83876d47dfa0adbd0d34799eaebaa16d8933103d49fa031ca957310453228f335e2f82d8adb9df0b161ba630af62993a2e9a1f983a6c413c17dedf42febe434f55ecdfb15acaf28760d00e770f744681f17f6e777ac77061226dbb53015fcbacfbeb80e8fd73750c3854644848c8a0d514ad2a4ac7847df7c57fa2689407d57e55768bba235eb1ec43b0cebf751f235ba4f17c9ce2e4815e019f6153cdd2fae3d353a6d45745029a23e515e433b355e9427288e0071db1185e262bbf6d3c3d5e16b477192b3b2785db34c6f0960429c56254512a16ad961643c2a9c1e8f99e39f60dbdf4860b1d6313c84533efc7df1561d0d0d0bd60a1fd0e667c166c3258bc62b00fc7e6f82b8649bd804cb9d2b2fa44fb36a216a03df74f9591a12df3c2f5b4159fbdbf19eab8c43cd07b2421dfdfb80cff29b4899bb7c2d8f4b6b5abc147091b56c7d330229eedc9d6f8bb5193806df6518248dddc35a97d6a05d3104f68d446e7ec957ca8a6f218fcf829057530b55274631c502bcca6da3cafdd5b1e9758cdf6d3734adea1aa91d7332d2d86a499e1aad90a7444c10f8415f15710c64514051faeb5d404c6cc5c148c394d3c043707107fe6db33226db909368e58d4d8104ba022aae4b2dc1b6be8f041061a1bb55149dd6c973b9bf12bd886ad806f63c991795dca40ef9657b287a5ae5cb01d45e2b537925c98ce91ab218c4ef03c8ede2bd2342474de4a5e7bf99dad048c9ec44127b965e22cfc372804a6750af231bc989bfae773e23dcefe026fac66c7bf4b055d531242159fa3c1ce537cec5bf3437329d9f6fb815e9243d0eb97a09cc03cbfac8cde0bfc9c7fa5b56ba3c6f11707da3d3022f69be96a221b19c0757dd99be58330e7989952fd231c4f1bb838d460382a221cfb5b41e74c0aec1177954c317766303fb487f68089d3d5f2717ddb91799205a4fcfba5911efb24659e91b7c4827d99752535263387b016ec05f937efb8ef0ef35ce86b76d10252ff2f2ee8853a9568a728dc775bbed37cf816847091410b6c3b1e837e4bbfea4ea6d1dc1355462e5b424b9ef135b9065577a8408370ecb70d7c94f7bcb3a78f543fa4da7e00670cda51d68c3d71893a67d9ea63a3523b5b53f58c670831fe199bab9fcf55860dc2b2a87d89260078bfea694b9fbdcd09fae45f30a62967e9f5bd1a5b01bdc31443e63a98f88fc50e5a3c1ef05dff704c8692850992465a00f16f3d55c135123d7d53d160eeea7ffbc4490c826b32ee3ba34349d1515e8fce9f4170fa98f1e05f61dfabb8b31d1adb03bf98d2bf9f68883f3a60615375bf57828f2786f1ead1e2fbdbe28032a422fc23cf34b50666feac6f12161ecc273e2f80d91c6235af8a641b0b5e1e288f45b380dfae1dc686b57c0e09b386ca860833f101aa7ebb1e513c1a16e080df920361b0425e6c16f11974f4e33046126a4e4a4640a2b3ad788a816b9de8b0b76476bddd1ead137ceac9a18ab7be03b2a8a9597a7c6df30519f49b19c8ea302759340985c61c1a0399e6ff6a8cf29813e1d8881e6d471968e4a082408c40f7fe37d5887544ae57eae0e99548685b18e2570bbfac0741aa8e21409705eb75b206c96e5fa6677930867dcdae3864c7b49ebde8816b71afd441b7374c8fb6865f70f5205d211b2dcbeedb65093858da2c164561eac79b603492fc5f15141d465dfed31a75c22556199df8c50f131ed27d6a9cc73e15e345b28fa24b82dc56abaf71ca4b5b7e9b91543695e7b4863807b95f10dc509f9257446af8fe1cad4ebe3a7c4a10dc09e47327594d97e441be13db2671b0ff8516e0f024da74960d6909656c45f1fe6032459beb9d307a8f5efad11c2d36780fdd4ddbfc02255f0931e09b7b0e667dd57292f263975b000754e66daf73181e582b97f92e58df145badd89189499adfdd9616889cd8d0578fbd2137b3b2de65dcb5e988d5eb48f5709a3fe85553e1462685f1a54ee05d9ceafa78ddba37c887fa520649850d8b9060e0e250da9e35a76cd4bc4f910ec03130eee62c89d7de151b3c772f88b1efa8f072f0d3bcdb54bb27e58cbd340348e5a89a27d8a358d30be4007b174fb0364263e57ec068e9988c872265b0e47dddeec52628fc0e0098ea9cef962a4617f5489331f0bad77aecdf0f376416e3d2803d560db012af3ca2926c316a64112b3092bf243f4580496ed4cfbacce7562286e3a82388d68cab7571d77c947b4a75014b85ed7d226062e0b758bdfa1461b27e3468bdb7ab218341587f7ff14d10b5d37516e8d5c600b2d4c961b798adea47ccd4f88bf3eafcd893e1207f49c300275a3cf5786ed89c296fbc8489c965739f8cd2ad2f9df190ffac5cc29479f7bf427c7665d52ba036ee414e4d176d09e26c0cf61c5379f632b3265315b4ee2434329101be71e6e4645e605459c9946110714738114c8ad32bc79a00c369901bdf759b4ed11d4c2da211b87a735e3001951c5f6ea72a9a1c7d516b03fd37f6a7671bca6da54c8698f12e5eba05caba8405ac202da16e5e07ff3865b47b706cf71243e8955a9c6aafe5c9b165b7c24a085dd73b43b191a2a9e1488783b7146c5b89a1a5633953d3f9a0d806f40d69d1cb11312a87848da7dd333db28049af01640c5fce2b8227f734f631604a3df2a74b9ba799153429c4fb38b1b25ae041a7bd885fddd93e02f05f30eed6f413651b356030a2e99bef498a06d2a27e9ad265c56899ff96048eca1800f77c82cf5487dd8e1a4383cb4c42da144f0d9979e5109b62c28067a3f5e5033fcd9304e92b3d8bfd058920bfdfa89a9742c43d094252694d5867b7d25034e0260c0dc186b40edefb3c11864949fa06646a99b2cd79a7b60f20acbf4f8a7b74bbb3f9d8d8b98788b6284dfa5c8b780f70d0437af77cf94335f554119f91421ae254f48c99072da0fa5a28902f81740e08b9d5956533da99b8931a9e292f520a937ad40ea51dc451d967906a896150e1fa39c2a2e3a39318e2067abeb974477e571f1dc2b7adc5e5378d9c25393339a77098c4cd7ba756b877cb3a593a736e4444a6858114ac29fde00e4286fdc6d87d0aa560ad70a8e166ab617c28d71812aaece789fa3c94e6c677e7ce6853bb39eb9c414ffb01c0a29893628f596ba012438de8186e501292fbe32e9779f396dfe1dbd3aeb38433ee3db357427e982db744c306ff48c7d3a8c609da2b15e67042c4e0d369cf56ffacce2178b2765b74e930f5a6b8e7ca3a838a221b16c913c880ad28e1070e8dc6debbba47290b6b4270dc6ed1249d448bde09b57c2d665d2a646de17d54b7f629220d1595a9f9ad7baf161fc03348f395346fb61702c1c9c34cd05cff7dd2459bc42c6ca3d435b60ffa411059f4c76c9e2798c403331b2c177b47b7bcd3983223a5d7281f22f7c2a4e21f7021fd7c90c6afb490b20eebebdc1c508ccc293d958108b29f85727cdad1c0785611996d164273f298d5e900b57ff645e79f67d2a93ef9f3264613508f4bf02f1dfd8c8deda80b3d402c77c4832f9c4bf43f43f9b0f8d01a5bc108d57be4f510cfb1c7c2199f694f6e5541dd6de2b8be176685991a2c99116009702fa3b08942bb5c553823dddd3ae864fb7dc29d4ffe80023f32ccdbd6e54da283b9bef8cbc07bbbe6f039ca51dbc14367e9eb14dc071f320e2ee096f52b621c3300b6910b8b7aee3fda6c05081e49271bf243a8821481b97200c29b4b439063d7514c4437078355d8568ccc237b54ba9e30c12f1f6b1153d3eb4466e15c8e1914d3ad6f325e9bab496da060c49f3251af527937b2ead846b762af6a5f6848aa51381b3ee7b0cb61dacf5a5ad2e21a30f0fbde2ab2bab118b37d10aa5a56f81393a275fcfe4e6505611e806f233080c36b4c83c9f260c7e1ca0834446182087a86b237f274e1f17ac058a6d9f5b0299d47069b536200b52f5f386afa0614b1ea7d18f67f8ca5a5a060c12e01f210f82e71c4ebdd9c26840b5856f8c675709c78be671ed5e1dde7997190455fd7ba14e41c774f9edaa694296e6a242808053303c20016a359a00d1f7ad501895dff058d311a71f856eb5ee3bd95da18d32a96fc9d77662dd977ba3aa03d3b45256e5fa62cea19cdf25fe98a63651c6a88dec27ec60973310c8d3c36f11777237096d9bb7f72fe12dc13dcef634097c36dd935db4a5dce284ed2aa0b8eabf8e4da157f4a6c1afb680e44af4833206b1f863f85ee66a70bd96bc214a6e0201b38431f592c2ec0baf143b50a399d934225474c4fa3ba2ef166e86382c55d5acee4f9f1351766718f544301ad1bb756d9ae8c95359b1a22d75bccb8124f9d767adeed9eea9aeb3298ecc574440c730aff27f419570b7f010fdb0cb923119846ff0404b59d143c4297bb21d51d2a922188157a327b1cb9975b45aeaa585beb870a8d77765a75e030e2cf61700692b895029a76bcd5cafa3a12480a003600776c616e30000000eb00268008008700", @ANYRES32=r6, @ANYBLOB="439348b069d15b6eac78e7bcf3fb1c7214e2bab1d7473b1fa216df64ffffff7f7d83363a4c843b7c3fa5eb59bb11dfc05d4726818506f05cde6226a73357da0f8d0a44d1cbd9adf47ece0ef89ef1fb89639404e2f26f1b561b9aec1fa6152bedfdbf838b1c25fd171515bee22d967b125dbe374ce6627c63a8a3195c12feea18ac9dcc1f6251c4975a499f239b6841bf46c0256aaad40c16bb5a3f5ef1a7ea60bc9ec61a08328e4bdcbb685c29c8760ae32f532a5680cba2596e7660da5ca0932b4cbd31578f7d4391230a9a024eecb0dd070a31a6a02508a7e935a4ab7f970008003b00", @ANYRES32=r7, @ANYBLOB="060003002d00000003011100a67f5f8193b725086076216332592de612db3ee90b96ac8a6a8716820477a4ab9093677497bb1cd0bb4881710f29e346a2d657ceec71e432d0e8ddca0cf167a26f474c4e2426c70e426f590115e833713c56a12889ce1865e097351a2e62086c1287649c10dcc7d700953a44f308682132bdfa011ca2fcd0ef504403b983c7f5aa91034c45863cdc32d79f7c99fe702c79f4abe7462833c611609d5efd8a3a6bbd9f3ca87c0f52162415418edc34776249743701c1c210568253abb01b7c76d669d9e5547dd6bdfe687a02dfb9e40c716c650e86f5a6967bea4493a0265e21cdf28886daba4c0108ab03dead7b53803cc6747ac1917256392c61a0e9d55bf7008ceba43122b16cf7ab7a98c62816f73d3faa72d1b690806c26ec7bb5d0b635f10a0f54cf249bba3e3b5272c6ae645e717011299f8c8df2b13a2845223f52366d814f7756b02c7012bd5b39feddf3c435e11ac32bb5843bbbc7c07aad5bf9b708eea350a22215b85169af8ca88ec60a886a97d8b6c0f3816a748d6e128e9c5c27c3d554abfede4f478b4fa0a29e0fd25a3e242dd8bc3b33817bf0e008008900", @ANYRES32=r8, @ANYBLOB="e8923672ffc6281adadfac1cdb1b1ed40f409b00487c3bdfc89a01342ff4a071264028c1c204238ee17d832069c654973e664a0132674067545b3e6442421776c97eb6e70e01a5aa000869cee938f24cb3dabf8deca607b386f4f8eafae3368f3a91e2ffb976285b1abdcfcfff2de1eb290ace0fd124802d77a4a0b5ad89774115ed2f6c94bdbb43fb0bd5bfb21dea4bdb0e8606e452ff3cfdfc4cebfd8fe76d248b042a919156bd01b85e5f867c5be97a394c19b794e9add356eb44044eb4780ed8b8a51930f5153f200f035ec6a53b5321383102aa4ebb3044695d88cd0cf5a63d88c8eb40af2ebee7efec34f8224c679d31bd501cb4ed2c37e9f89914eccbafe027188cbfeaf6b9e6cd71c52e2e363d7ecc7a66082e494c97d9ae397d17eec35f849eb9cb44308a599e4e79b5307ca3fddfa55ac0755008d6296b6691fa1ba89e03a9ffbda1ab24f398e6e152952d9bdfbf45c3427908f3753f6b8fab4948cf068570a9691ddd1d60d94c67d0a134f8b593c2b99d8399c87fcc55c5a6c35dd66e9e6f3530464d1f002b7b70fa8a7fec18ccdde7e83ef70a70869750257323783daf70db404a76f156d325878a7a8c9e473d70223d0cef832ace559cc626cdba30cacd85dd806463a30c21360f5d0848327373e3558267dbee846e75ced7cedbdfae2ae33cd393de6f979fca091c834c5669f8dba89be82c9bdab4221513e5771c226c7917dd2f9a8830a10087b83c6ed1f6df69f56e779e48add8fa30c607edfe714ee5da959c5cdb3335d5fc536b99c23ed3e6441be4d3296971a9b7d95e5460381326d6b15598d8e66f3fcc60430da7fb608b88640114f9a8ea4e408f7ebfd252bf0beb5c53e79f911a86ae7f58886a07ceece449e5781e9409410742c774207656c6dc2c65174ba0351b193d02c3216fd0d776979aa95d656ebe877154fea300dade8d923f00733e6fcf427127fd37cb9c16e3f3d06bea40cd08bd19b41d8146f6e64b9826ad52f9ce827eb14fd789409cf1060af8090358baaaae5073f5779e07309e987e73b0ad378b5f1ab3dd62e5937de279d08f2a5b942eb276410f5081fb8a32659da18bfa61307efe8d1fc435d90162c4b08585cd35f0b500c61527770f0f5f0bae97ae4b0b9e9f6b1928253074f83396c6e1c538bc03e2f2f9a8218b29149572d9ccc2159d6acb0441fc851d892fdac3de8d82d17f842c980f2434c0871f767e1de7e16b6e197c76cdfc8b4cb8c73935a9ebc14dca989d9d43b80d09c09a3114d33f176d0ebe7184e6c554c5d1173c2d343b41b606c61634e6a0c7ca6e8d7921bc8e424446c053b40c33bde8c31d589585b440dece1b188a402e83a7740534c111314537a79eaaf21169b14300946ae560a679a8be7446db87bd76f975cc37542af9347fc9b5352d3d8bc15586ef6f96a2eefa48fe5cff8293f18cd2c1d4c7596b26624fe31fa93e15884cc0a3389621e9c770e09727564bb9bde991bbb681c6285391a704454dbd49f8889a5a6492c7e69c1b1dc1da766e47f8d74f13b0ccc77536796503c520663f50111a67d2af7e9f75a67638b27db17c5d1ef296a00c095d67bd24d2073c6906e11a142a7d8eed1d6594ba659edf8464cb6ed932935dd692841ff623c7eb083706f6e1f005b515e7fca88916c598d0d946fe67eca7c992c50c21b1f6d22659418e9c2756f7f27a35b5362c928750d174de867df3af79ac7c25465a647c9a7013ab355194584e1a3a2fc64e78afe0726732e0070addc0cffcac46aec4d8b2489fa82c46d0ec64d2fd875fa33d50268a2be08b9c331381ae96162c6a1741ce2680cbbc28e9a4c898c455673058a0385d5c96cf43a7efd0bdce3cc03e6315d9a52342fe8582c1c17acf2bac4c51b295c0b3c1978fcbf8fd103b974a53a920f52a4ba9de6acdf52a9c569f910d93b53c62768fd10ca499374c1f2a7008a6b7b10ad04093f7f3f865bc8ee335f3148707037e2e582a2489883c84cbb1a058050af8ad89fbe2d2662923b857bddbfa06bae5b1599220f585788ee1a91246f3e1cad9cc5f638797c66aa71f48dda135226b367e764e2447cc750f611720a4460ffe1dce002b3e452de523983e7311f30219de2821b4f6ebc56d2259519dd40cea34c737bbf8b21f460af50a3e634d74da0c99e966739bd4490d206040cca663910533bde9c94fb98ca80762d6f5fb8530cc0e540372312e1d65d9c9098d0fcf03934ac70dd9d0d712d4316348e47fb3aaf060639a3c7452ba16ec7304ab750187e0d34c75161d7e3a8f9fff35df49afa8a3881bd77ba03f944f95c3b9ef742c3df452eac35075453bbb2114900b0730fc026ac8bad14fae75bf8e10208a3938624451fb06c8b38eb6516fd8a0e9727bcf7351f184d90e929f2d9e5931bcc0a11a6df935c273f9f2a504180388204bf870934637eb51fa28a4d0c80fdd6cb0a8728c7117998a79a1d5b99375f6d18643259362e93cda5dd1a20377a7b73497d8de0a51e51f02a4fba0db551e01dbb39aa5ba0d0d3623e459e8d8d0022cef59209a344e27858dc993c6c343d5976c5e2db4627a124466bdfe3338252ca931597720a0dfb98a5407897c379f098f5705beb075fa7da815e3ad98e1d1ddaaf6a95765f38f0990e00c60b68c1373d2a7e8c628110bb4d811493100e825b62ba0f78a7dcf2453d8006444072c13eb2aea4815659b50e8ba06f86416f88a5dd4ce6f1c09a226adc63f541170ef8ebabc6ddcecce23f812939694ac8bc78c0723f3929271f9befbd0efa604bd3b843eeb3f5076de7ce38806cf189329f124427491c602aa7b6387cbe345f38e605fab44d08137b0750aa070c3ae022a113e5f26972a8b4e1e40ebe41eadc4fbc6bccf65932f9d92c4bbaa773ff72a742fbcfe3048ce94647e866d71bdbaabc490f719dfcd247c8bd0b3c476a9d59509d6255bf63cb26e2bd1307a3d82abeae356d063a0ba245c91ffc9006e8040cdf79f90f1a66464eff377adb5765a342ab78deb0f40f76b8363ffdcf57c2cb5566ed6ec5340780b79cc5bcff47d27cad6d9084bfcab262527568c2427c60a2e82aae1f61d7839b94ba8b0625ec28ade0a38475cd2425482190d6a05c0e93b920e275c639365326f63cca16f6d28b115ce3b2bc6c2e76ca23a36fa159677702e3a5352fe3d2e5f6c8d6a3067a6d97b14534f4a05b44e7bc1c20514441e581a91bab21c7180357e09e37c01701169235265549aeade489813fafea010c4c4f3b14cf29a20ed8c2535490a8bf97e1e71319c2f8c33451e7b413f28abb672be6ce65e7b8d9fd4858f769608fde84c4fef4baa4f9c4b1c2c7d7fd8018dbb6c549b534eee5afd889837930366e2e4e903137ce1a84cbd92cd59fe0aaa0184e3d85bb41d02878f17fe9a1806b8b226628346bf7c1ab1ac83c09ea6c0dc476d135b3a26fe0eff34f42d059e46c83546ae7cce93abb94aea86757df869c1a32e0b74a63776eb092506c9ebabe80d9c7396a1f69b489a3bd0353b4ef99775d856487e72e215b761e2f262dff6200a5a4eee96dcb53667673e29277775d129bb1921add2df2a4cdaa8da83bd97ca652cc20b5eac2b02a941d62eed116bd806741404a7fdcfde2de0a10dd1da2b84f4bd9be1b46af76e8776d80b2ddc9c14c6ed14ff4e36055b8e53cfa7d6e57eebba8b328155045f75bfdb38e4a507c7270b139d5910fef276bb8dfb71b45708cdf742789f8b015f4f14aa2a631cc7d525c7228d5b28fb3ef011654beeda9bee6389316ef6a0930679adfaa06fe52316a3d76b769c0c58dcc852400da3bf730cd1920dc1ab9507250954de62d5af526130459236b42fbd9b8b4a4a3c90eada6debe06e58a466a9d0ef04d71966fe346e0fe7ea92f0c2574d091f868f10ae46c7c6f344cdd36f4948bc1d035d8d1987064cac2e8214f8c55e5f175e84b662e1c31e828b1adbac8bdc1872a8acea2e05d7a5346bedab46f0bb525f0cd43c615c75377a76e13db5bccc0b0af4a2887a7415617e09531251e2a54bc086b4076b996a07452d94ee7b628a54a594071d2397a883ffffa98b9ce7be1191305b6d63afea43287c24067c62644610a66b440ac751076d07073d933c4d51e93598b6885211dfb1c1a1abcd5a986d7d44aa6a6a1bdb160f3fa32c6287f182064dce26ff5bba1fa0bfb8c68c58022c649d5d3a203f4b0e5f4d7a1646e95513645267fb0c4256c813297b3ac8ab9e44d708dd09eae9e417ec655131ff1bc6d27793ef1800163a27c10d4c163781d367bbcc0a4faf5406a40d6158280e964757bb52f88b92b8cecf82f3ddfee38c7118aa01e5fa345a4a84c1b0978e82e402c82298af76d5daede441a8018ea2e138558e30420f8a5af4ea10d0be60af97d2836cece6056770941fbcccf8eaee06190db2feafdc7ee06b93c35e4f41c05b8dd62e4e6f8bdbbb620dafc20a0838c7e96852685f487fce88f1b73d80cc044c419126b1b33d1f364b45c409e8bba88aaad5c8c240c6932566d7cdc6c0efe1d2b527c04cec804fe80695a241c1f831c1fcb15d3e31742ec682c6323e18c8c47ecebeb9600f1191290d4350d8ec0517a6396abe8eb584c2e1671eeaa085a435079cafa922f6b8a5d94d6d485a5cf2c4069473cc1802d53b17ba119238aa596e134925a8c870cac3bc2598b1ce0cee2f339f9b361e28a7def3e81361b9a70cbb7e17bc62e792d0d4a2462bf21a54fe3852d306a03bfeadab44e9d5cfd498c3e5efeb58dc1d40f1565120e72fdda42ea9f853f087c979008c6ebd414e3ee1f1b04d66306c37b512bd41ffed1fdd3afccc9d73007fdb389e90b36097789c6d51f8f31a497527a4c0a5f4060267987a3589d0574b85c93a2eb13498ca4f181c3a9e4ed66b5c7cc9ab5ffe2cac0561b53c526c275bbbc86a0f18f76b06954ccd5ddfefd38ee2b9ac95231809ab425745952a28c4de6525a41ad8e3307b4a5715804165f8229f57443ed6d4c119df8c4b52ffce741af4548c60d380ef5cadec87be79b6899bc09b3f0230f6375ad14aff36b1713fadc3050390090eca85e62ce453d8854704ee9d1a34e934bbfb3dddf470b85ac3efc440f07db9b8b93390444b5419fe244a999053ffc4e66babe31bead044b957a625e66cf0455cf62d498705b2c4f14f0f437f550cb85a3e40342b3dc47d216511325131e96d07c5c09db76cbce0ce6696982e520e787e98a13f7a2b10323148a879b8362e1a9adf16d326f92acd5b54c3376ccea29f4654549648020b41b75c88690c58478cca92f00a55a37697e04255a92b5345ca7a051bc99f540525c95826f741022c63ab0ac1e8c32349e26cbaeb901863c3502328f5843313be0aec3bc0e4df1dd8633dac8fe0a07b2d25b4f53566e0d5db49da16929e6ee4b8807667e7daf20f6dc8b3bc6a98ea12c3b58030f90ed31694ba16521b5dd331fcfa11ef0593a321dd165152a69bc2822a7755096c11bbf896560726028dec36105aae72f1639c658f177ef7fee48d7558e38edeff6f95b02fac6bf5a8fc567535e6648d862e6b263300a06ea0fadc38f94395dec8f8c422058bb433b8daf2b5a50eb4d507d197dcfd5262536776d83d11ff1e8924c6b9a98c803b820ef37754a323214cdc8db16c5b115c88a2937839b258a8e7c8bf1f1e16898bb8b2cd45516f140be0c231e2c9e4f82a117eb836f04cf83f12ce4e9c01a8206aae715a63f9ac1a39b73fb5ca4715f8e8ed780da16db10ce057973cae8b7cd690e9b2f195dcce994c10b0fed0efedd3b5e1abde6bccc30000"], 0x2344}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x80010, r5, 0x8000000) syz_io_uring_submit(r9, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:59:25 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:59:25 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2191.825393] FAULT_INJECTION: forcing a failure. [ 2191.825393] name failslab, interval 1, probability 0, space 0, times 0 [ 2191.827111] CPU: 0 PID: 11374 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2191.828029] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2191.829190] Call Trace: [ 2191.829557] dump_stack+0x107/0x167 [ 2191.830059] should_fail.cold+0x5/0xa [ 2191.830565] should_failslab+0x5/0x20 [ 2191.831065] kmem_cache_alloc_bulk+0x4b/0x320 [ 2191.831669] io_submit_sqes+0x7099/0x86e0 [ 2191.832239] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2191.832921] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2191.833545] ? lock_downgrade+0x6d0/0x6d0 [ 2191.834085] ? find_held_lock+0x2c/0x110 [ 2191.834620] ? io_submit_sqes+0x86e0/0x86e0 [ 2191.835199] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2191.835839] ? wait_for_completion_io+0x270/0x270 [ 2191.836492] ? rcu_read_lock_any_held+0x75/0xa0 [ 2191.837150] ? vfs_write+0x354/0xa70 [ 2191.837660] ? fput_many+0x2f/0x1a0 [ 2191.838168] ? ksys_write+0x1a9/0x260 [ 2191.838713] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2191.839427] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2191.840133] do_syscall_64+0x33/0x40 [ 2191.840260] FAULT_INJECTION: forcing a failure. [ 2191.840260] name failslab, interval 1, probability 0, space 0, times 0 [ 2191.840675] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2191.840750] RIP: 0033:0x7f30d6b2fb19 [ 2191.843494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2191.845945] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2191.846911] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2191.847857] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2191.848853] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2191.849792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2191.850745] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2191.851757] CPU: 1 PID: 11379 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2191.852950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2191.854078] Call Trace: [ 2191.854436] dump_stack+0x107/0x167 [ 2191.854941] should_fail.cold+0x5/0xa [ 2191.855489] ? create_object.isra.0+0x3a/0xa20 [ 2191.856144] should_failslab+0x5/0x20 [ 2191.856715] kmem_cache_alloc+0x5b/0x360 [ 2191.857326] ? mark_held_locks+0x9e/0xe0 [ 2191.857923] create_object.isra.0+0x3a/0xa20 [ 2191.858567] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2191.859096] FAULT_INJECTION: forcing a failure. [ 2191.859096] name failslab, interval 1, probability 0, space 0, times 0 [ 2191.859292] kmem_cache_alloc_bulk+0x168/0x320 [ 2191.861429] io_submit_sqes+0x7099/0x86e0 [ 2191.861978] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2191.862619] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2191.863266] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2191.863903] ? lock_downgrade+0x6d0/0x6d0 [ 2191.864427] ? find_held_lock+0x2c/0x110 [ 2191.864985] ? io_submit_sqes+0x86e0/0x86e0 [ 2191.865538] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2191.866177] ? wait_for_completion_io+0x270/0x270 [ 2191.866817] ? rcu_read_lock_any_held+0x75/0xa0 [ 2191.867395] ? vfs_write+0x354/0xa70 [ 2191.867861] ? fput_many+0x2f/0x1a0 [ 2191.868332] ? ksys_write+0x1a9/0x260 [ 2191.868850] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2191.869522] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2191.870177] do_syscall_64+0x33/0x40 [ 2191.870662] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2191.871335] RIP: 0033:0x7f248b5b2b19 [ 2191.871846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2191.874410] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2191.875556] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2191.876512] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2191.877494] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2191.878500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2191.879484] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2191.880513] CPU: 0 PID: 11370 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2191.881518] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2191.882598] Call Trace: [ 2191.882947] dump_stack+0x107/0x167 [ 2191.883426] should_fail.cold+0x5/0xa [ 2191.883933] ? create_object.isra.0+0x3a/0xa20 [ 2191.884521] should_failslab+0x5/0x20 [ 2191.885036] kmem_cache_alloc+0x5b/0x360 [ 2191.885582] ? mark_held_locks+0x9e/0xe0 [ 2191.886146] create_object.isra.0+0x3a/0xa20 [ 2191.886741] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2191.887401] kmem_cache_alloc_bulk+0x168/0x320 [ 2191.887997] io_submit_sqes+0x7099/0x86e0 [ 2191.888560] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2191.889240] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2191.889857] ? lock_downgrade+0x6d0/0x6d0 [ 2191.890384] ? find_held_lock+0x2c/0x110 [ 2191.890901] ? io_submit_sqes+0x86e0/0x86e0 [ 2191.891458] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2191.892074] ? wait_for_completion_io+0x270/0x270 [ 2191.892720] ? rcu_read_lock_any_held+0x75/0xa0 [ 2191.893322] ? vfs_write+0x354/0xa70 [ 2191.893820] ? fput_many+0x2f/0x1a0 [ 2191.894285] ? ksys_write+0x1a9/0x260 [ 2191.894792] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2191.895455] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2191.896113] do_syscall_64+0x33/0x40 [ 2191.896596] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2191.897271] RIP: 0033:0x7f04fc2c5b19 [ 2191.897736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2191.900141] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2191.901165] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2191.902085] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2191.903002] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2191.903972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2191.904972] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:59:25 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x600, 0x0, 0x0, 0x0) 08:59:25 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000) 08:59:25 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:25 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:59:25 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:59:25 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x700, 0x0, 0x0, 0x0) 08:59:25 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xf0ffffff7f0000) 08:59:25 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:25 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2192.163101] FAULT_INJECTION: forcing a failure. [ 2192.163101] name failslab, interval 1, probability 0, space 0, times 0 [ 2192.164708] CPU: 0 PID: 11402 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2192.165631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2192.166687] Call Trace: [ 2192.167041] dump_stack+0x107/0x167 [ 2192.167507] should_fail.cold+0x5/0xa [ 2192.168023] ? create_object.isra.0+0x3a/0xa20 [ 2192.168619] should_failslab+0x5/0x20 [ 2192.169141] kmem_cache_alloc+0x5b/0x360 [ 2192.169668] ? mark_held_locks+0x9e/0xe0 [ 2192.170200] create_object.isra.0+0x3a/0xa20 [ 2192.170770] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2192.171431] kmem_cache_alloc_bulk+0x168/0x320 [ 2192.172034] io_submit_sqes+0x7099/0x86e0 [ 2192.172599] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2192.173286] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2192.173912] ? lock_downgrade+0x6d0/0x6d0 [ 2192.174437] ? find_held_lock+0x2c/0x110 [ 2192.174964] ? io_submit_sqes+0x86e0/0x86e0 [ 2192.175541] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2192.176179] ? wait_for_completion_io+0x270/0x270 [ 2192.176841] ? rcu_read_lock_any_held+0x75/0xa0 [ 2192.177442] ? vfs_write+0x354/0xa70 [ 2192.177930] ? fput_many+0x2f/0x1a0 [ 2192.178411] ? ksys_write+0x1a9/0x260 [ 2192.178913] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2192.179558] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2192.180222] do_syscall_64+0x33/0x40 [ 2192.180732] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2192.181374] RIP: 0033:0x7f30d6b2fb19 [ 2192.181847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2192.184160] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2192.185153] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2192.186060] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2192.186969] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2192.187850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2192.188759] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:59:25 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0xb) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) [ 2192.254417] FAULT_INJECTION: forcing a failure. [ 2192.254417] name failslab, interval 1, probability 0, space 0, times 0 [ 2192.255971] CPU: 0 PID: 11411 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2192.256882] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2192.257944] Call Trace: [ 2192.258297] dump_stack+0x107/0x167 [ 2192.258764] should_fail.cold+0x5/0xa [ 2192.259254] ? create_object.isra.0+0x3a/0xa20 [ 2192.259838] should_failslab+0x5/0x20 [ 2192.260333] kmem_cache_alloc+0x5b/0x360 [ 2192.260916] ? mark_held_locks+0x9e/0xe0 [ 2192.261448] create_object.isra.0+0x3a/0xa20 [ 2192.262035] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2192.262726] kmem_cache_alloc_bulk+0x168/0x320 [ 2192.263345] io_submit_sqes+0x7099/0x86e0 [ 2192.263945] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2192.264611] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2192.265248] ? lock_downgrade+0x6d0/0x6d0 [ 2192.265799] ? find_held_lock+0x2c/0x110 [ 2192.266337] ? io_submit_sqes+0x86e0/0x86e0 [ 2192.266925] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2192.267562] ? wait_for_completion_io+0x270/0x270 [ 2192.268217] ? rcu_read_lock_any_held+0x75/0xa0 [ 2192.268852] ? vfs_write+0x354/0xa70 [ 2192.269347] ? fput_many+0x2f/0x1a0 [ 2192.269816] ? ksys_write+0x1a9/0x260 [ 2192.270335] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2192.271038] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2192.271738] do_syscall_64+0x33/0x40 [ 2192.272231] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2192.272940] RIP: 0033:0x7f04fc2c5b19 [ 2192.273444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2192.275894] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2192.276919] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2192.277875] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2192.278811] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2192.279761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2192.280715] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:59:41 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:59:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x900, 0x0, 0x0, 0x0) 08:59:41 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:41 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:41 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x300000000000000) 08:59:41 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:41 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup3(r3, r4, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index, 0x4, &(0x7f0000000000)=[{&(0x7f0000000180)=""/105, 0x69}], 0x1, 0x11, 0x1, {0x0, r6}}, 0x1f) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x2007, @fd=r4, 0x1ff, 0x0, 0x0, 0x2, 0x0, {0x3, r6}}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:59:41 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) [ 2207.853704] FAULT_INJECTION: forcing a failure. [ 2207.853704] name failslab, interval 1, probability 0, space 0, times 0 [ 2207.855346] CPU: 0 PID: 11429 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2207.856277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2207.857346] Call Trace: [ 2207.857687] dump_stack+0x107/0x167 [ 2207.858162] should_fail.cold+0x5/0xa [ 2207.858647] ? create_object.isra.0+0x3a/0xa20 [ 2207.859197] should_failslab+0x5/0x20 [ 2207.859661] kmem_cache_alloc+0x5b/0x360 [ 2207.860154] ? mark_held_locks+0x9e/0xe0 [ 2207.860653] create_object.isra.0+0x3a/0xa20 [ 2207.861231] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2207.861871] kmem_cache_alloc_bulk+0x168/0x320 [ 2207.862515] io_submit_sqes+0x7099/0x86e0 [ 2207.863056] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2207.863694] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2207.864347] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2207.865008] ? lock_downgrade+0x6d0/0x6d0 [ 2207.865544] ? find_held_lock+0x2c/0x110 [ 2207.866071] ? io_submit_sqes+0x86e0/0x86e0 [ 2207.866629] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2207.867230] ? wait_for_completion_io+0x270/0x270 [ 2207.867840] ? rcu_read_lock_any_held+0x75/0xa0 [ 2207.868465] ? vfs_write+0x354/0xa70 [ 2207.869016] ? fput_many+0x2f/0x1a0 [ 2207.869492] ? ksys_write+0x1a9/0x260 [ 2207.870035] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2207.870739] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2207.871438] do_syscall_64+0x33/0x40 [ 2207.871966] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2207.872615] RIP: 0033:0x7f248b5b2b19 [ 2207.873154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2207.875603] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2207.876605] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2207.877581] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2207.878572] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2207.879567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2207.880493] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 08:59:41 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:41 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000) [ 2207.942644] FAULT_INJECTION: forcing a failure. [ 2207.942644] name failslab, interval 1, probability 0, space 0, times 0 [ 2207.944245] CPU: 1 PID: 11430 Comm: syz-executor.1 Not tainted 5.10.173 #1 [ 2207.945217] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2207.946339] Call Trace: [ 2207.946700] dump_stack+0x107/0x167 [ 2207.947189] should_fail.cold+0x5/0xa [ 2207.947694] ? create_object.isra.0+0x3a/0xa20 [ 2207.948278] should_failslab+0x5/0x20 [ 2207.948796] kmem_cache_alloc+0x5b/0x360 [ 2207.949370] ? mark_held_locks+0x9e/0xe0 [ 2207.949937] create_object.isra.0+0x3a/0xa20 [ 2207.950484] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2207.951144] kmem_cache_alloc_bulk+0x168/0x320 [ 2207.951777] io_submit_sqes+0x7099/0x86e0 [ 2207.952380] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2207.953082] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2207.953697] ? lock_downgrade+0x6d0/0x6d0 [ 2207.954261] ? find_held_lock+0x2c/0x110 [ 2207.954831] ? io_submit_sqes+0x86e0/0x86e0 [ 2207.955369] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2207.955994] ? wait_for_completion_io+0x270/0x270 [ 2207.956608] ? rcu_read_lock_any_held+0x75/0xa0 [ 2207.957291] ? vfs_write+0x354/0xa70 [ 2207.957806] ? fput_many+0x2f/0x1a0 [ 2207.958294] ? ksys_write+0x1a9/0x260 [ 2207.958787] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2207.959445] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2207.960118] do_syscall_64+0x33/0x40 [ 2207.960570] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2207.961227] RIP: 0033:0x7f04fc2c5b19 [ 2207.961725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2207.963988] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2207.964964] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2207.965896] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2207.966885] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2207.967851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2207.968834] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 [ 2207.975699] FAULT_INJECTION: forcing a failure. [ 2207.975699] name failslab, interval 1, probability 0, space 0, times 0 [ 2207.978017] CPU: 1 PID: 11439 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2207.978906] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2207.980005] Call Trace: [ 2207.980340] dump_stack+0x107/0x167 [ 2207.980834] should_fail.cold+0x5/0xa [ 2207.981395] ? create_object.isra.0+0x3a/0xa20 [ 2207.982022] should_failslab+0x5/0x20 [ 2207.982545] kmem_cache_alloc+0x5b/0x360 [ 2207.983115] ? mark_held_locks+0x9e/0xe0 [ 2207.983676] create_object.isra.0+0x3a/0xa20 [ 2207.984280] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2207.985026] kmem_cache_alloc_bulk+0x168/0x320 [ 2207.985654] io_submit_sqes+0x7099/0x86e0 [ 2207.986247] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2207.986939] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2207.987602] ? lock_downgrade+0x6d0/0x6d0 [ 2207.988132] ? find_held_lock+0x2c/0x110 [ 2207.988653] ? io_submit_sqes+0x86e0/0x86e0 [ 2207.989278] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2207.989953] ? wait_for_completion_io+0x270/0x270 [ 2207.990613] ? rcu_read_lock_any_held+0x75/0xa0 [ 2207.991256] ? vfs_write+0x354/0xa70 [ 2207.991770] ? fput_many+0x2f/0x1a0 [ 2207.992260] ? ksys_write+0x1a9/0x260 [ 2207.992777] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2207.993505] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2207.994229] do_syscall_64+0x33/0x40 [ 2207.994753] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2207.995465] RIP: 0033:0x7f30d6b2fb19 [ 2207.995994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2207.998437] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2207.999493] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2208.000465] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2208.001488] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2208.002441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2208.003416] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:59:41 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:59:41 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xa00, 0x0, 0x0, 0x0) 08:59:41 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:59:41 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:41 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:59:41 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x80840, 0x0) dup2(r3, r4) [ 2208.352619] FAULT_INJECTION: forcing a failure. [ 2208.352619] name failslab, interval 1, probability 0, space 0, times 0 [ 2208.355382] CPU: 0 PID: 11466 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2208.356794] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2208.358503] Call Trace: [ 2208.359046] dump_stack+0x107/0x167 [ 2208.359782] should_fail.cold+0x5/0xa [ 2208.360532] ? create_object.isra.0+0x3a/0xa20 [ 2208.361451] should_failslab+0x5/0x20 [ 2208.362206] kmem_cache_alloc+0x5b/0x360 [ 2208.362991] ? mark_held_locks+0x9e/0xe0 [ 2208.363777] create_object.isra.0+0x3a/0xa20 [ 2208.364625] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2208.365618] kmem_cache_alloc_bulk+0x168/0x320 [ 2208.366505] io_submit_sqes+0x7099/0x86e0 [ 2208.367334] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2208.368285] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2208.369254] ? lock_downgrade+0x6d0/0x6d0 [ 2208.370052] ? find_held_lock+0x2c/0x110 [ 2208.370894] ? io_submit_sqes+0x86e0/0x86e0 [ 2208.371794] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2208.372780] ? wait_for_completion_io+0x270/0x270 [ 2208.373800] ? rcu_read_lock_any_held+0x75/0xa0 [ 2208.374760] ? vfs_write+0x354/0xa70 [ 2208.375499] ? fput_many+0x2f/0x1a0 [ 2208.376234] ? ksys_write+0x1a9/0x260 [ 2208.377059] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2208.378127] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2208.379173] do_syscall_64+0x33/0x40 [ 2208.379944] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2208.381017] RIP: 0033:0x7f30d6b2fb19 [ 2208.381763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2208.385481] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2208.387000] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2208.388416] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2208.389882] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2208.391342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2208.392744] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 08:59:57 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:59:57 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xb00, 0x0, 0x0, 0x0) 08:59:57 executing program 5: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x5479}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_setup(0x4, &(0x7f0000000740), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0}}, 0x0) syz_io_uring_submit(r1, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r2, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000140)=0x1c) 08:59:57 executing program 3: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r6 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:57 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x0, 0x2, 0xf8, 0x29, 0x0, 0x8, 0x40003, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xb9, 0x2, @perf_config_ext={0x5, 0x20}, 0x40000, 0x6, 0x80000000, 0x7, 0x5, 0x92, 0x9, 0x0, 0x1, 0x0, 0xa6}, r3, 0x4, r0, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1800001, 0x2010, r1, 0x10000000) syz_io_uring_submit(r4, r5, &(0x7f0000000980)=@IORING_OP_WRITEV={0x2, 0x5, 0x2007, @fd=r1, 0x5, &(0x7f00000008c0)=[{&(0x7f0000000300)="73f5d05329504676963bea9d3e8b20cb27c37f658fad79e339024b18e33b38f20892fcf3097ada451fa54ca3645c2c2234365f3e030d07fef25d8eb33fad501e6a02ceccf291ec3d735c59e7cfe40306c5cba8891bf55e582069b7b0430ccbf1f77450c02ea48d489378f5b9f9e082bcf2a5bd675e2d46462b23245b8e9be57cc0c61daf9e974e030e9c7523bcf5a0cba22a3ebf28f001c2f81620f4e421804a2746d4d642b09a45f88f8f52fe07a49aad00db6078fc681fc68a4109303ce3a59b7e", 0xc2}, {&(0x7f0000000240)="ef8f6ad4036f43f04608ebc8533a8716af707c799336370f9d648256d3fd19fc88af7128512ca74e87bc80e6d780fba26aa53d5b319f28c639f0d6c584d9c028598f638f1f80089942f30ed9bb720409affe2d73481e3e4a43a40fb7548fa2f4d03ddd5b6fa017a848587d", 0x6b}, {&(0x7f0000000500)="15926c149b217f53a19e9384aa046a75e01eef0f4db13719edb1bba7c730876f6e39142f9fcab960fd956ca85aeceffc1dc608b21c6f6c867b17542b381172c2ee3b29511aa897fdc4ee2eac5d7a33db1bee93f53370d05efde758082af72067d6b2b11eb8bcc51208a2ea9df011dd1ba7de297b0f10940c0ef8f4eb7d55854a4a8dbafd857bd8dea02e07e77f2141f324ac8e378e238a8c4b537b25c63cbbfe1e5ba3659751478fd8b5bd1146bba0b22c60517cd8a3749ee844f349444a8472e54e43868c557ffd3acc30df2faf8faed27fa60f569f6d90d1c2e6df1bd8fb9292571cc740edd411045f00", 0xeb}, {&(0x7f0000000400)="67879d61d383496ac13a5f13f68596accec88516aaecc61eff625190459f18c20d90fc325f2b64970fe40e65cb29ca34f69bb34dc573482208a7d3d0f27d1bbc01da99bf7f8ac5dbb4579f88b637cf1d6c548bca3feceb1fbb8569b74f4734", 0x5f}, {&(0x7f0000000600)="cb69156f70bff43a61201b50e193da71de29f692e790fe849eab3776722cc5ed59679fef921416ade1eca6f162bcb967379d3c829c78c744501bc3e5e3f1a54579ee1b0391fd7092d780b1c4da24dfa95252f3d462b248e61ae738f8e68d596a9cb5aaa67433", 0x66}, {&(0x7f0000000680)="ce5588b371f95fda1c611475eec4688209c43e718a1e5ab495e9887e1ce5d1fb4271cb8d2f8aef26cfe7c6d6e0e176c10ea68b7b993219fe81e6879c445d18024a67ec725399ef9e4cd24f", 0x4b}, {&(0x7f0000000700)="f849fc7778dc6aa9e8c40ec61b15174aa7b1d84cc585ef43083266d79c86963737ab4756a2ef4e0eb6c30cdc280368a2104016c40156d62f06e449beacfe0df9f3a1e32dc5ee23ac0e495c081d485abfd22db20fcda797b624f8387db190ef1396d9f4a4c6544b09bb8fce3944431faaec355953ffa7f99c34266e963fb94b7513424e9500dd52b9d72d405059f108fe425ba446fcf755b49380a33f35ab28fa", 0xa0}, {&(0x7f00000001c0)="2d0f3f0dff", 0x5}, {&(0x7f00000007c0)="472644331045ce72ef63f007f42f1d4ed463623a46cf0d366c4699918ca13e0398702409fbd36177f54293f6d568e86e936e0456fb8500032af0edcf23af9cb40675ea606c2cc93c346cc836985075a1e67ed8e3d335cdbf5caea71205c650f0c9aaf3717b883d3d46bbc361dc8f370794537094148474e1b87c75159e1588d9762e3cf32609fa9127717aeae1a00de0d41d15d77aa66f40bfc460be5ecd67b7cc0717bf4759069869c371bcec3225f449cf3b47bd10627351288fb428b2565763e2489fd421fca51e6efb4be6bc08544281664bc67dbc28d66ebba9d436f3a6f95c1a6ea315", 0xe6}], 0x9, 0xa}, 0xfffffff9) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:59:57 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4}, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 08:59:57 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:57 executing program 1: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2224.286644] FAULT_INJECTION: forcing a failure. [ 2224.286644] name failslab, interval 1, probability 0, space 0, times 0 [ 2224.288372] CPU: 0 PID: 11486 Comm: syz-executor.4 Not tainted 5.10.173 #1 [ 2224.289363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.290460] Call Trace: [ 2224.290838] dump_stack+0x107/0x167 [ 2224.291339] should_fail.cold+0x5/0xa [ 2224.291864] ? create_object.isra.0+0x3a/0xa20 [ 2224.292489] should_failslab+0x5/0x20 [ 2224.293003] kmem_cache_alloc+0x5b/0x360 [ 2224.293581] ? mark_held_locks+0x9e/0xe0 [ 2224.294129] create_object.isra.0+0x3a/0xa20 [ 2224.294715] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2224.295418] kmem_cache_alloc_bulk+0x168/0x320 [ 2224.296042] io_submit_sqes+0x7099/0x86e0 [ 2224.296620] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.297332] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.297970] ? lock_downgrade+0x6d0/0x6d0 [ 2224.298539] ? find_held_lock+0x2c/0x110 [ 2224.299088] ? io_submit_sqes+0x86e0/0x86e0 [ 2224.299681] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2224.300342] ? wait_for_completion_io+0x270/0x270 [ 2224.300473] FAULT_INJECTION: forcing a failure. [ 2224.300473] name failslab, interval 1, probability 0, space 0, times 0 [ 2224.300991] ? rcu_read_lock_any_held+0x75/0xa0 [ 2224.301006] ? vfs_write+0x354/0xa70 [ 2224.301023] ? fput_many+0x2f/0x1a0 [ 2224.301035] ? ksys_write+0x1a9/0x260 [ 2224.301065] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2224.305552] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.306253] do_syscall_64+0x33/0x40 [ 2224.306747] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2224.307433] RIP: 0033:0x7f30d6b2fb19 [ 2224.307939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2224.310451] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2224.311502] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2224.312420] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2224.313339] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.314438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2224.315453] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 [ 2224.316460] CPU: 1 PID: 11488 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2224.317504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.318630] Call Trace: [ 2224.319248] dump_stack+0x107/0x167 [ 2224.319735] should_fail.cold+0x5/0xa [ 2224.320241] ? __io_queue_sqe+0x691/0xa60 [ 2224.320796] should_failslab+0x5/0x20 [ 2224.321344] kmem_cache_alloc_trace+0x55/0x2c0 [ 2224.321976] __io_queue_sqe+0x691/0xa60 [ 2224.322520] ? io_timeout_prep+0x8b0/0x8b0 [ 2224.323121] io_submit_sqes+0x4484/0x86e0 [ 2224.323716] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.324423] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.325094] ? lock_downgrade+0x6d0/0x6d0 [ 2224.325698] ? find_held_lock+0x2c/0x110 [ 2224.326268] ? io_submit_sqes+0x86e0/0x86e0 [ 2224.326935] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2224.327607] ? wait_for_completion_io+0x270/0x270 [ 2224.328263] ? rcu_read_lock_any_held+0x75/0xa0 [ 2224.328919] ? vfs_write+0x354/0xa70 [ 2224.329514] ? fput_many+0x2f/0x1a0 [ 2224.330019] ? ksys_write+0x1a9/0x260 [ 2224.330572] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2224.331304] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.332028] do_syscall_64+0x33/0x40 [ 2224.332566] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2224.333305] RIP: 0033:0x7f248b5b2b19 [ 2224.333824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2224.336416] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2224.337493] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2224.338495] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2224.339487] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.340482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2224.341745] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2224.343111] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI [ 2224.344582] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 2224.345689] CPU: 1 PID: 11488 Comm: syz-executor.0 Not tainted 5.10.173 #1 [ 2224.346665] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.347894] RIP: 0010:__io_queue_sqe+0x69f/0xa60 [ 2224.348569] Code: 0f 85 24 03 00 00 48 8b 3d d6 8a da 02 ba 48 00 00 00 be 20 0a 00 00 e8 cf ce 7d ff 48 8d 78 14 49 89 c5 48 89 f8 48 c1 e8 03 <42> 0f b6 14 20 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 [ 2224.352484] RSP: 0018:ffff888051597b28 EFLAGS: 00010213 [ 2224.354345] RAX: 0000000000000002 RBX: 1ffff1100a2b2f6b RCX: 0000000000000000 [ 2224.355337] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000014 [ 2224.356319] RBP: ffff888051070500 R08: 0000000000000000 R09: ffffffff8509e133 [ 2224.357354] R10: fffffbfff0a13c26 R11: 0000000000000001 R12: dffffc0000000000 [ 2224.358337] R13: 0000000000000000 R14: ffff888051070558 R15: ffff888051070548 [ 2224.359316] FS: 00007f2488b28700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 2224.360406] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2224.361205] CR2: 00007f2488b27f78 CR3: 00000000520ee000 CR4: 0000000000350ee0 [ 2224.362175] Call Trace: [ 2224.362536] ? io_timeout_prep+0x8b0/0x8b0 [ 2224.363115] io_submit_sqes+0x4484/0x86e0 [ 2224.363772] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.364651] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.365365] ? lock_downgrade+0x6d0/0x6d0 [ 2224.365909] ? find_held_lock+0x2c/0x110 [ 2224.366447] ? io_submit_sqes+0x86e0/0x86e0 [ 2224.367033] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2224.367676] ? wait_for_completion_io+0x270/0x270 [ 2224.368335] ? rcu_read_lock_any_held+0x75/0xa0 [ 2224.368952] ? vfs_write+0x354/0xa70 [ 2224.369496] ? fput_many+0x2f/0x1a0 [ 2224.370004] ? ksys_write+0x1a9/0x260 [ 2224.370537] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2224.371285] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.371993] do_syscall_64+0x33/0x40 [ 2224.372510] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2224.373247] RIP: 0033:0x7f248b5b2b19 [ 2224.373787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2224.376387] RSP: 002b:00007f2488b28188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2224.377584] RAX: ffffffffffffffda RBX: 00007f248b6c5f60 RCX: 00007f248b5b2b19 [ 2224.378556] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2224.379594] RBP: 00007f2488b281d0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.380601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2224.381634] R13: 00007ffe2f40efaf R14: 00007f2488b28300 R15: 0000000000022000 [ 2224.382628] Modules linked in: [ 2224.384174] ---[ end trace 2f84e92f6e7ffd80 ]--- [ 2224.385094] RIP: 0010:__io_queue_sqe+0x69f/0xa60 [ 2224.385878] Code: 0f 85 24 03 00 00 48 8b 3d d6 8a da 02 ba 48 00 00 00 be 20 0a 00 00 e8 cf ce 7d ff 48 8d 78 14 49 89 c5 48 89 f8 48 c1 e8 03 <42> 0f b6 14 20 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 [ 2224.388483] RSP: 0018:ffff888051597b28 EFLAGS: 00010213 [ 2224.389324] RAX: 0000000000000002 RBX: 1ffff1100a2b2f6b RCX: 0000000000000000 [ 2224.390385] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000014 [ 2224.391432] RBP: ffff888051070500 R08: 0000000000000000 R09: ffffffff8509e133 [ 2224.392479] R10: fffffbfff0a13c26 R11: 0000000000000001 R12: dffffc0000000000 [ 2224.393544] R13: 0000000000000000 R14: ffff888051070558 R15: ffff888051070548 [ 2224.394560] FS: 00007f2488b28700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 2224.395755] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2224.396596] CR2: 00007f2488b27f78 CR3: 00000000520ee000 CR4: 0000000000350ee0 08:59:57 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) [ 2224.404353] FAULT_INJECTION: forcing a failure. [ 2224.404353] name failslab, interval 1, probability 0, space 0, times 0 [ 2224.406052] CPU: 1 PID: 11482 Comm: syz-executor.3 Tainted: G D 5.10.173 #1 [ 2224.407159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.408253] Call Trace: [ 2224.408612] dump_stack+0x107/0x167 [ 2224.409108] should_fail.cold+0x5/0xa [ 2224.409665] should_failslab+0x5/0x20 [ 2224.410181] kmem_cache_alloc_bulk+0x4b/0x320 [ 2224.410785] io_submit_sqes+0x7099/0x86e0 [ 2224.411338] ? percpu_ref_tryget_many+0x166/0x2d0 [ 2224.411993] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.412643] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.413313] ? lock_downgrade+0x6d0/0x6d0 [ 2224.413862] ? io_submit_sqes+0x86e0/0x86e0 [ 2224.414444] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2224.415102] ? wait_for_completion_io+0x270/0x270 [ 2224.415772] ? vfs_write+0x354/0xa70 [ 2224.416311] ? fput_many+0x2f/0x1a0 [ 2224.416886] ? ksys_write+0x1a9/0x260 [ 2224.417471] ? __ia32_sys_read+0xb0/0xb0 [ 2224.418075] ? fpregs_assert_state_consistent+0xb9/0xe0 [ 2224.418799] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.419571] do_syscall_64+0x33/0x40 [ 2224.420119] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2224.420811] RIP: 0033:0x7fa5e06bcb19 [ 2224.421338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2224.423955] RSP: 002b:00007fa5ddc32188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2224.425011] RAX: ffffffffffffffda RBX: 00007fa5e07cff60 RCX: 00007fa5e06bcb19 [ 2224.426046] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2224.427010] RBP: 00007fa5ddc321d0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.428004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2224.428990] R13: 00007fff5690601f R14: 00007fa5ddc32300 R15: 0000000000022000 [ 2224.451990] FAULT_INJECTION: forcing a failure. [ 2224.451990] name failslab, interval 1, probability 0, space 0, times 0 [ 2224.453594] CPU: 0 PID: 11493 Comm: syz-executor.1 Tainted: G D 5.10.173 #1 [ 2224.454672] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.455775] Call Trace: [ 2224.456148] dump_stack+0x107/0x167 [ 2224.456650] should_fail.cold+0x5/0xa [ 2224.457192] should_failslab+0x5/0x20 [ 2224.457708] kmem_cache_alloc_bulk+0x4b/0x320 [ 2224.458313] io_submit_sqes+0x7099/0x86e0 [ 2224.458874] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.459547] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.460190] ? lock_downgrade+0x6d0/0x6d0 [ 2224.460773] ? io_submit_sqes+0x86e0/0x86e0 [ 2224.461415] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2224.462062] ? wait_for_completion_io+0x270/0x270 [ 2224.462731] ? vfs_write+0x354/0xa70 [ 2224.463236] ? fput_many+0x2f/0x1a0 [ 2224.463791] ? ksys_write+0x1a9/0x260 [ 2224.464373] ? __ia32_sys_read+0xb0/0xb0 [ 2224.464906] ? fpregs_assert_state_consistent+0xb9/0xe0 [ 2224.465660] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.466341] do_syscall_64+0x33/0x40 [ 2224.466841] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2224.467576] RIP: 0033:0x7f04fc2c5b19 [ 2224.468116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2224.470685] RSP: 002b:00007f04f983b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2224.471790] RAX: ffffffffffffffda RBX: 00007f04fc3d8f60 RCX: 00007f04fc2c5b19 [ 2224.472749] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2224.473816] RBP: 00007f04f983b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.474777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2224.475752] R13: 00007ffe010b05ff R14: 00007f04f983b300 R15: 0000000000022000 08:59:57 executing program 5: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.pending_reads\x00', 0x18000, 0x8) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r1, 0x8930, &(0x7f0000000b40)={'sit0\x00', 0x0}) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000001c0)=0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x2344, 0x28, 0x100, 0x70bd28, 0x25dfdbfc, {0xd}, [@generic="0046cad55181c791b4bcd6ae7de7806e5a177f67f1977606ab337680eb8f1e19bb6c2e614b9bcb948154469df44374bfc21e4ceaaa1efaeb9ba4a29ca039cdf002fbe236a7b2b149586cf05e5dbc284ed3422a806045f59799b256931a669a820f20e1ea4e25e0", @nested={0x1024, 0x6a, 0x0, 0x1, [@typed={0xc, 0x92, 0x0, 0x0, @u64=0x40}, @generic="1c8f92a0745d59c963e528459f34558c6ad00d30430edadc59f09bef73cf8dca58a91209d8955666062d5bb60a2cfd631404f63447a9a814190a5c05f245f8f43ceb02aba7be67cb46dd715b94a0eca2d80a265688726c0b0ac807b54cdf21f366f0dc78e180dcc5a7b67f111cf41158b3b7e2eeae02d2c61da4e8e96e6f969b02f26ac53c7b34149c19d0c3eeb1a2fe27bf28c847b9462676baab3447643a9ad60b017694fce517e73d29d321ba0cfef0395e4bb4483d3b6bdab3d6dbcda22b42fb30bdc337907e26f617b66debe1a840aaaa9b8b3990ed4f7dc9b358ad886e012adaf89be90bc99611f99635e94c8045ebe5a22fcf7ba246f63e15f6d4ab57ee7f01231fce356dc48f8ca771bc626005869384e378d2ad27150f8e80628c1ce481e2a98ef50109bc47a7ff2cc43555fe09b6a66c5614346d09266a1ce002cb351ed066f49f46e5a3796ffcd6c483053a9c92924cae4a4fa57bfd163bfbf1578114c4456cae12bde7e07ce51ac820a00ec4e4ba2e48c9798125d7abb85ec40c8ec7170426d8a29cdff0c317b9bdbb2d76a72d7eb6d61dc525267da2357ac0eb35aa52aee64a5eb5164c95566e02284df88b34e52c91e12bb4409b6288493492b224a6f5b0f32b044199ebb31b30559e5ad34253e67797347f8ef75e80433c626fd15f67713ab7776dbdd8e033c09f20e408d50d6e1cd59be8b0cc65c59734e74cda6c3ae9cdc3bf1605b95d61e17ec951da1ba6c6bc6e6f3ab4928889a76315114fde007441d58fd676e951b901c3d2127b1b9400221068a43e57c8e117135b365e44df4d27bc6c15a187d4b616a4a194743b77d171b11a1155c2144e7d429f95cc3d07efa578ae35cec09d4a91885c288f450754478b6cad82cfefb5a792794920cdbd4f85aecfa6dcdbe1d8b6c2d81085fc5faecfedbca73bf6b55db1b1f7187953d43c1da164a297821142221c99f65c01db215355687e1d02e13690f58e3dd5041665095688e23352b7579aa2e84a951355f782b949a829835a23b2cb5791c5997ecf1a8b344d4f51e60f23416422989aa621b8612d3119f21f456d5a752be67f69095434bdd81284ee1fd2952421aa25218226092e99cadc952a030dc1c58198dede573a9566526bff746b4fa4bfbcea6a3a042f240ca02a41ff416fc4fcec74b67e0beca7799dd58cb12d9759461b0074aec9ca026354b67da8616d932096985a4507de76a99efc34d0b1de47262951207fc2539fc4445d41ffd7ae6cde0a39d3fd555048b35582fcb4eafd918200c73a1364ba1cd9cd46f7c2da81f7f7e1ebf0fef5b590351737cc7ae0b7ec94aa0b9f83876d47dfa0adbd0d34799eaebaa16d8933103d49fa031ca957310453228f335e2f82d8adb9df0b161ba630af62993a2e9a1f983a6c413c17dedf42febe434f55ecdfb15acaf28760d00e770f744681f17f6e777ac77061226dbb53015fcbacfbeb80e8fd73750c3854644848c8a0d514ad2a4ac7847df7c57fa2689407d57e55768bba235eb1ec43b0cebf751f235ba4f17c9ce2e4815e019f6153cdd2fae3d353a6d45745029a23e515e433b355e9427288e0071db1185e262bbf6d3c3d5e16b477192b3b2785db34c6f0960429c56254512a16ad961643c2a9c1e8f99e39f60dbdf4860b1d6313c84533efc7df1561d0d0d0bd60a1fd0e667c166c3258bc62b00fc7e6f82b8649bd804cb9d2b2fa44fb36a216a03df74f9591a12df3c2f5b4159fbdbf19eab8c43cd07b2421dfdfb80cff29b4899bb7c2d8f4b6b5abc147091b56c7d330229eedc9d6f8bb5193806df6518248dddc35a97d6a05d3104f68d446e7ec957ca8a6f218fcf829057530b55274631c502bcca6da3cafdd5b1e9758cdf6d3734adea1aa91d7332d2d86a499e1aad90a7444c10f8415f15710c64514051faeb5d404c6cc5c148c394d3c043707107fe6db33226db909368e58d4d8104ba022aae4b2dc1b6be8f041061a1bb55149dd6c973b9bf12bd886ad806f63c991795dca40ef9657b287a5ae5cb01d45e2b537925c98ce91ab218c4ef03c8ede2bd2342474de4a5e7bf99dad048c9ec44127b965e22cfc372804a6750af231bc989bfae773e23dcefe026fac66c7bf4b055d531242159fa3c1ce537cec5bf3437329d9f6fb815e9243d0eb97a09cc03cbfac8cde0bfc9c7fa5b56ba3c6f11707da3d3022f69be96a221b19c0757dd99be58330e7989952fd231c4f1bb838d460382a221cfb5b41e74c0aec1177954c317766303fb487f68089d3d5f2717ddb91799205a4fcfba5911efb24659e91b7c4827d99752535263387b016ec05f937efb8ef0ef35ce86b76d10252ff2f2ee8853a9568a728dc775bbed37cf816847091410b6c3b1e837e4bbfea4ea6d1dc1355462e5b424b9ef135b9065577a8408370ecb70d7c94f7bcb3a78f543fa4da7e00670cda51d68c3d71893a67d9ea63a3523b5b53f58c670831fe199bab9fcf55860dc2b2a87d89260078bfea694b9fbdcd09fae45f30a62967e9f5bd1a5b01bdc31443e63a98f88fc50e5a3c1ef05dff704c8692850992465a00f16f3d55c135123d7d53d160eeea7ffbc4490c826b32ee3ba34349d1515e8fce9f4170fa98f1e05f61dfabb8b31d1adb03bf98d2bf9f68883f3a60615375bf57828f2786f1ead1e2fbdbe28032a422fc23cf34b50666feac6f12161ecc273e2f80d91c6235af8a641b0b5e1e288f45b380dfae1dc686b57c0e09b386ca860833f101aa7ebb1e513c1a16e080df920361b0425e6c16f11974f4e33046126a4e4a4640a2b3ad788a816b9de8b0b76476bddd1ead137ceac9a18ab7be03b2a8a9597a7c6df30519f49b19c8ea302759340985c61c1a0399e6ff6a8cf29813e1d8881e6d471968e4a082408c40f7fe37d5887544ae57eae0e99548685b18e2570bbfac0741aa8e21409705eb75b206c96e5fa6677930867dcdae3864c7b49ebde8816b71afd441b7374c8fb6865f70f5205d211b2dcbeedb65093858da2c164561eac79b603492fc5f15141d465dfed31a75c22556199df8c50f131ed27d6a9cc73e15e345b28fa24b82dc56abaf71ca4b5b7e9b91543695e7b4863807b95f10dc509f9257446af8fe1cad4ebe3a7c4a10dc09e47327594d97e441be13db2671b0ff8516e0f024da74960d6909656c45f1fe6032459beb9d307a8f5efad11c2d36780fdd4ddbfc02255f0931e09b7b0e667dd57292f263975b000754e66daf73181e582b97f92e58df145badd89189499adfdd9616889cd8d0578fbd2137b3b2de65dcb5e988d5eb48f5709a3fe85553e1462685f1a54ee05d9ceafa78ddba37c887fa520649850d8b9060e0e250da9e35a76cd4bc4f910ec03130eee62c89d7de151b3c772f88b1efa8f072f0d3bcdb54bb27e58cbd340348e5a89a27d8a358d30be4007b174fb0364263e57ec068e9988c872265b0e47dddeec52628fc0e0098ea9cef962a4617f5489331f0bad77aecdf0f376416e3d2803d560db012af3ca2926c316a64112b3092bf243f4580496ed4cfbacce7562286e3a82388d68cab7571d77c947b4a75014b85ed7d226062e0b758bdfa1461b27e3468bdb7ab218341587f7ff14d10b5d37516e8d5c600b2d4c961b798adea47ccd4f88bf3eafcd893e1207f49c300275a3cf5786ed89c296fbc8489c965739f8cd2ad2f9df190ffac5cc29479f7bf427c7665d52ba036ee414e4d176d09e26c0cf61c5379f632b3265315b4ee2434329101be71e6e4645e605459c9946110714738114c8ad32bc79a00c369901bdf759b4ed11d4c2da211b87a735e3001951c5f6ea72a9a1c7d516b03fd37f6a7671bca6da54c8698f12e5eba05caba8405ac202da16e5e07ff3865b47b706cf71243e8955a9c6aafe5c9b165b7c24a085dd73b43b191a2a9e1488783b7146c5b89a1a5633953d3f9a0d806f40d69d1cb11312a87848da7dd333db28049af01640c5fce2b8227f734f631604a3df2a74b9ba799153429c4fb38b1b25ae041a7bd885fddd93e02f05f30eed6f413651b356030a2e99bef498a06d2a27e9ad265c56899ff96048eca1800f77c82cf5487dd8e1a4383cb4c42da144f0d9979e5109b62c28067a3f5e5033fcd9304e92b3d8bfd058920bfdfa89a9742c43d094252694d5867b7d25034e0260c0dc186b40edefb3c11864949fa06646a99b2cd79a7b60f20acbf4f8a7b74bbb3f9d8d8b98788b6284dfa5c8b780f70d0437af77cf94335f554119f91421ae254f48c99072da0fa5a28902f81740e08b9d5956533da99b8931a9e292f520a937ad40ea51dc451d967906a896150e1fa39c2a2e3a39318e2067abeb974477e571f1dc2b7adc5e5378d9c25393339a77098c4cd7ba756b877cb3a593a736e4444a6858114ac29fde00e4286fdc6d87d0aa560ad70a8e166ab617c28d71812aaece789fa3c94e6c677e7ce6853bb39eb9c414ffb01c0a29893628f596ba012438de8186e501292fbe32e9779f396dfe1dbd3aeb38433ee3db357427e982db744c306ff48c7d3a8c609da2b15e67042c4e0d369cf56ffacce2178b2765b74e930f5a6b8e7ca3a838a221b16c913c880ad28e1070e8dc6debbba47290b6b4270dc6ed1249d448bde09b57c2d665d2a646de17d54b7f629220d1595a9f9ad7baf161fc03348f395346fb61702c1c9c34cd05cff7dd2459bc42c6ca3d435b60ffa411059f4c76c9e2798c403331b2c177b47b7bcd3983223a5d7281f22f7c2a4e21f7021fd7c90c6afb490b20eebebdc1c508ccc293d958108b29f85727cdad1c0785611996d164273f298d5e900b57ff645e79f67d2a93ef9f3264613508f4bf02f1dfd8c8deda80b3d402c77c4832f9c4bf43f43f9b0f8d01a5bc108d57be4f510cfb1c7c2199f694f6e5541dd6de2b8be176685991a2c99116009702fa3b08942bb5c553823dddd3ae864fb7dc29d4ffe80023f32ccdbd6e54da283b9bef8cbc07bbbe6f039ca51dbc14367e9eb14dc071f320e2ee096f52b621c3300b6910b8b7aee3fda6c05081e49271bf243a8821481b97200c29b4b439063d7514c4437078355d8568ccc237b54ba9e30c12f1f6b1153d3eb4466e15c8e1914d3ad6f325e9bab496da060c49f3251af527937b2ead846b762af6a5f6848aa51381b3ee7b0cb61dacf5a5ad2e21a30f0fbde2ab2bab118b37d10aa5a56f81393a275fcfe4e6505611e806f233080c36b4c83c9f260c7e1ca0834446182087a86b237f274e1f17ac058a6d9f5b0299d47069b536200b52f5f386afa0614b1ea7d18f67f8ca5a5a060c12e01f210f82e71c4ebdd9c26840b5856f8c675709c78be671ed5e1dde7997190455fd7ba14e41c774f9edaa694296e6a242808053303c20016a359a00d1f7ad501895dff058d311a71f856eb5ee3bd95da18d32a96fc9d77662dd977ba3aa03d3b45256e5fa62cea19cdf25fe98a63651c6a88dec27ec60973310c8d3c36f11777237096d9bb7f72fe12dc13dcef634097c36dd935db4a5dce284ed2aa0b8eabf8e4da157f4a6c1afb680e44af4833206b1f863f85ee66a70bd96bc214a6e0201b38431f592c2ec0baf143b50a399d934225474c4fa3ba2ef166e86382c55d5acee4f9f1351766718f544301ad1bb756d9ae8c95359b1a22d75bccb8124f9d767adeed9eea9aeb3298ecc574440c730aff27f419570b7f010fdb0cb923119846ff0404b59d143c4297bb21d51d2a922188157a327b1cb9975b45aeaa585beb870a8d77765a75e030e2cf61700692b895029a", @generic="76bcd5cafa3a1248", @typed={0xa, 0x36, 0x0, 0x0, @str='wlan0\x00'}]}, @nested={0xeb, 0x26, 0x0, 0x1, [@typed={0x8, 0x87, 0x0, 0x0, @fd=r1}, @generic="439348b069d15b6eac78e7bcf3fb1c7214e2bab1d7473b1fa216df64d5373c417d83363a4c843b7c3fa5eb59bb11dfc05d4726818506f05cde6226a73357da0f8d0a44d1cbd9adf47ece0ef89ef1fb89639404e2f26f1b561b9aec1fa6152bedfdbf838b1c25fd171515bee22d967b125dbe374ce6627c63a8a3195c12feea18ac9dcc1f6251c4975a499f239b6841bf46c0256aaad40c16bb5a3f5ef1a7ea60bc9ec61a08328e4bdcbb685c29c8760ae32f532a5680cba2596e7660da5ca0932b4cbd31578f7d4391230a9a024eecb0dd070a31afa02508a7e935a4ab7f97"]}, @typed={0x8, 0x3b, 0x0, 0x0, @fd=r2}, @typed={0x6, 0x3, 0x0, 0x0, @str='-\x00'}, @typed={0x103, 0x11, 0x0, 0x0, @binary="a67f5f8193b725086076216332592de612db3ee90b96ac8a6a8716820477a4ab9093677497bb1cd0bb4881710f29e346a2d657ceec71e432d0e8ddca0cf167a26f474c4e2426c70e426f590115e833713c56a12889ce1865e097351a2e62086c1287649c10dcc7d700953a44f308682132bdfa011ca2fcd0ef504403b983c7f5aa91034c45863cdc32d79f7c99fe702c79f4abe7462833c611609d5efd8a3a6bbd9f3ca87c0f52162415418edc34776249743701c1c210568253abb01b7c76d669d9e5547dd6bdfe687a02dfb9e40c716c650e86f5a6967bea4493a0265e21cdf28886daba4c0108ab03dead7b53803cc6747ac1917256392c61a0e9d55bf7"}, @generic="8ceba43122b16cf7ab7a98c62816f73d3faa72d1b690806c26ec7bb5d0b635f10a0f54cf249bba3e3b5272c6ae645e717011299f8c8df2b13a2845223f52366d814f7756b02c7012bd5b39feddf3c435e11ac32bb5843bbbc7c07aad5bf9b708eea350a22215b85169af8ca88ec60a886a97d8b6c0f3816a748d6e128e9c5c27c3d554abfede4f478b4fa0a29e0fd25a3e242dd8bc3b33817bf0e0", @typed={0x8, 0x89, 0x0, 0x0, @uid=r3}, @generic="e8923672ffc6281adadfac1cdb1b1ed40f409b00487c3bdfc89a01342ff4a071264028c1c204238ee17d832069c654973e664a0132674067545b3e6442421776c97eb6e70e01a5aa000869cee938f24cb3dabf8deca607b386f4f8eafae3368f3a91e2ffb976285b1abdcfcfff2de1eb290ace0fd124802d77a4a0b5ad89774115ed2f6c94bdbb43fb0bd5bfb21dea4bdb0e8606e452ff3cfdfc4cebfd8fe76d248b042a919156bd01b85e5f867c5be97a394c19b794e9add356eb44044eb4780ed8b8a51930f5153f200f035ec6a53b5321383102aa4ebb3044695d88cd0cf5a63d88c8eb40af2ebee7efec34f8224c679d31bd501cb4ed2c37e9f89914eccbafe027188cbfeaf6b9e6cd71c52e2e363d7ecc7a66082e494c97d9ae397d17eec35f849eb9cb44308a599e4e79b5307ca3fddfa55ac0755008d6296b6691fa1ba89e03a9ffbda1ab24f398e6e152952d9bdfbf45c3427908f3753f6b8fab4948cf068570a9691ddd1d60d94c67d0a134f8b593c2b99d8399c87fcc55c5a6c35dd66e9e6f3530464d1f002b7b70fa8a7fec18ccdde7e83ef70a70869750257323783daf70db404a76f156d325878a7a8c9e473d70223d0cef832ace559cc626cdba30cacd85dd806463a30c21360f5d0848327373e3558267dbee846e75ced7cedbdfae2ae33cd393de6f979fca091c834c5669f8dba89be82c9bdab4221513e5771c226c7917dd2f9a8830a10087b83c6ed1f6df69f56e779e48add8fa30c607edfe714ee5da959c5cdb3335d5fc536b99c23ed3e6441be4d3296971a9b7d95e5460381326d6b15598d8e66f3fcc60430da7fb608b88640114f9a8ea4e408f7ebfd252bf0beb5c53e79f911a86ae7f58886a07ceece449e5781e9409410742c774207656c6dc2c65174ba0351b193d02c3216fd0d776979aa95d656ebe877154fea300dade8d923f00733e6fcf427127fd37cb9c16e3f3d06bea40cd08bd19b41d8146f6e64b9826ad52f9ce827eb14fd789409cf1060af8090358baaaae5073f5779e07309e987e73b0ad378b5f1ab3dd62e5937de279d08f2a5b942eb276410f5081fb8a32659da18bfa61307efe8d1fc435d90162c4b08585cd35f0b500c61527770f0f5f0bae97ae4b0b9e9f6b1928253074f83396c6e1c538bc03e2f2f9a8218b29149572d9ccc2159d6acb0441fc851d892fdac3de8d82d17f842c980f2434c0871f767e1de7e16b6e197c76cdfc8b4cb8c73935a9ebc14dca989d9d43b80d09c09a3114d33f176d0ebe7184e6c554c5d1173c2d343b41b606c61634e6a0c7ca6e8d7921bc8e424446c053b40c33bde8c31d589585b440dece1b188a402e83a7740534c111314537a79eaaf21169b14300946ae560a679a8be7446db87bd76f975cc37542af9347fc9b5352d3d8bc15586ef6f96a2eefa48fe5cff8293f18cd2c1d4c7596b26624fe31fa93e15884cc0a3389621e9c770e09727564bb9bde991bbb681c6285391a704454dbd49f8889a5a6492c7e69c1b1dc1da766e47f8d74f13b0ccc77536796503c520663f50111a67d2af7e9f75a67638b27db17c5d1ef296a00c095d67bd24d2073c6906e11a142a7d8eed1d6594ba659edf8464cb6ed932935dd692841ff623c7eb083706f6e1f005b515e7fca88916c598d0d946fe67eca7c992c50c21b1f6d22659418e9c2756f7f27a35b5362c928750d174de867df3af79ac7c25465a647c9a7013ab355194584e1a3a2fc64e78afe0726732e0070addc0cffcac46aec4d8b2489fa82c46d0ec64d2fd875fa33d50268a2be08b9c331381ae96162c6a1741ce2680cbbc28e9a4c898c455673058a0385d5c96cf43a7efd0bdce3cc03e6315d9a52342fe8582c1c17acf2bac4c51b295c0b3c1978fcbf8fd103b974a53a920f52a4ba9de6acdf52a9c569f910d93b53c62768fd10ca499374c1f2a7008a6b7b10ad04093f7f3f865bc8ee335f3148707037e2e582a2489883c84cbb1a058050af8ad89fbe2d2662923b857bddbfa06bae5b1599220f585788ee1a91246f3e1cad9cc5f638797c66aa71f48dda135226b367e764e2447cc750f611720a4460ffe1dce002b3e452de523983e7311f30219de2821b4f6ebc56d2259519dd40cea34c737bbf8b21f460af50a3e634d74da0c99e966739bd4490d206040cca663910533bde9c94fb98ca80762d6f5fb8530cc0e540372312e1d65d9c9098d0fcf03934ac70dd9d0d712d4316348e47fb3aaf060639a3c7452ba16ec7304ab750187e0d34c75161d7e3a8f9fff35df49afa8a3881bd77ba03f944f95c3b9ef742c3df452eac35075453bbb2114900b0730fc026ac8bad14fae75bf8e10208a3938624451fb06c8b38eb6516fd8a0e9727bcf7351f184d90e929f2d9e5931bcc0a11a6df935c273f9f2a504180388204bf870934637eb51fa28a4d0c80fdd6cb0a8728c7117998a79a1d5b99375f6d18643259362e93cda5dd1a20377a7b73497d8de0a51e51f02a4fba0db551e01dbb39aa5ba0d0d3623e459e8d8d0022cef59209a344e27858dc993c6c343d5976c5e2db4627a124466bdfe3338252ca931597720a0dfb98a5407897c379f098f5705beb075fa7da815e3ad98e1d1ddaaf6a95765f38f0990e00c60b68c1373d2a7e8c628110bb4d811493100e825b62ba0f78a7dcf2453d8006444072c13eb2aea4815659b50e8ba06f86416f88a5dd4ce6f1c09a226adc63f541170ef8ebabc6ddcecce23f812939694ac8bc78c0723f3929271f9befbd0efa604bd3b843eeb3f5076de7ce38806cf189329f124427491c602aa7b6387cbe345f38e605fab44d08137b0750aa070c3ae022a113e5f26972a8b4e1e40ebe41eadc4fbc6bccf65932f9d92c4bbaa773ff72a742fbcfe3048ce94647e866d71bdbaabc490f719dfcd247c8bd0b3c476a9d59509d6255bf63cb26e2bd1307a3d82abeae356d063a0ba245c91ffc9006e8040cdf79f90f1a66464eff377adb5765a342ab78deb0f40f76b8363ffdcf57c2cb5566ed6ec5340780b79cc5bcff47d27cad6d9084bfcab262527568c2427c60a2e82aae1f61d7839b94ba8b0625ec28ade0a38475cd2425482190d6a05c0e93b920e275c639365326f63cca16f6d28b115ce3b2bc6c2e76ca23a36fa159677702e3a5352fe3d2e5f6c8d6a3067a6d97b14534f4a05b44e7bc1c20514441e581a91bab21c7180357e09e37c01701169235265549aeade489813fafea010c4c4f3b14cf29a20ed8c2535490a8bf97e1e71319c2f8c33451e7b413f28abb672be6ce65e7b8d9fd4858f769608fde84c4fef4baa4f9c4b1c2c7d7fd8018dbb6c549b534eee5afd889837930366e2e4e903137ce1a84cbd92cd59fe0aaa0184e3d85bb41d02878f17fe9a1806b8b226628346bf7c1ab1ac83c09ea6c0dc476d135b3a26fe0eff34f42d059e46c83546ae7cce93abb94aea86757df869c1a32e0b74a63776eb092506c9ebabe80d9c7396a1f69b489a3bd0353b4ef99775d856487e72e215b761e2f262dff6200a5a4eee96dcb53667673e29277775d129bb1921add2df2a4cdaa8da83bd97ca652cc20b5eac2b02a941d62eed116bd806741404a7fdcfde2de0a10dd1da2b84f4bd9be1b46af76e8776d80b2ddc9c14c6ed14ff4e36055b8e53cfa7d6e57eebba8b328155045f75bfdb38e4a507c7270b139d5910fef276bb8dfb71b45708cdf742789f8b015f4f14aa2a631cc7d525c7228d5b28fb3ef011654beeda9bee6389316ef6a0930679adfaa06fe52316a3d76b769c0c58dcc852400da3bf730cd1920dc1ab9507250954de62d5af526130459236b42fbd9b8b4a4a3c90eada6debe06e58a466a9d0ef04d71966fe346e0fe7ea92f0c2574d091f868f10ae46c7c6f344cdd36f4948bc1d035d8d1987064cac2e8214f8c55e5f175e84b662e1c31e828b1adbac8bdc1872a8acea2e05d7a5346bedab46f0bb525f0cd43c615c75377a76e13db5bccc0b0af4a2887a7415617e09531251e2a54bc086b4076b996a07452d94ee7b628a54a594071d2397a883ffffa98b9ce7be1191305b6d63afea43287c24067c62644610a66b440ac751076d07073d933c4d51e93598b6885211dfb1c1a1abcd5a986d7d44aa6a6a1bdb160f3fa32c6287f182064dce26ff5bba1fa0bfb8c68c58022c649d5d3a203f4b0e5f4d7a1646e95513645267fb0c4256c813297b3ac8ab9e44d708dd09eae9e417ec655131ff1bc6d27793ef1800163a27c10d4c163781d367bbcc0a4faf5406a40d6158280e964757bb52f88b92b8cecf82f3ddfee38c7118aa01e5fa345a4a84c1b0978e82e402c82298af76d5daede441a8018ea2e138558e30420f8a5af4ea10d0be60af97d2836cece6056770941fbcccf8eaee06190db2feafdc7ee06b93c35e4f41c05b8dd62e4e6f8bdbbb620dafc20a0838c7e96852685f487fce88f1b73d80cc044c419126b1b33d1f364b45c409e8bba88aaad5c8c240c6932566d7cdc6c0efe1d2b527c04cec804fe80695a241c1f831c1fcb15d3e31742ec682c6323e18c8c47ecebeb9600f1191290d4350d8ec0517a6396abe8eb584c2e1671eeaa085a435079cafa922f6b8a5d94d6d485a5cf2c4069473cc1802d53b17ba119238aa596e134925a8c870cac3bc2598b1ce0cee2f339f9b361e28a7def3e81361b9a70cbb7e17bc62e792d0d4a2462bf21a54fe3852d306a03bfeadab44e9d5cfd498c3e5efeb58dc1d40f1565120e72fdda42ea9f853f087c979008c6ebd414e3ee1f1b04d66306c37b512bd41ffed1fdd3afccc9d73007fdb389e90b36097789c6d51f8f31a497527a4c0a5f4060267987a3589d0574b85c93a2eb13498ca4f181c3a9e4ed66b5c7cc9ab5ffe2cac0561b53c526c275bbbc86a0f18f76b06954ccd5ddfefd38ee2b9ac95231809ab425745952a28c4de6525a41ad8e3307b4a5715804165f8229f57443ed6d4c119df8c4b52ffce741af4548c60d380ef5cadec87be79b6899bc09b3f0230f6375ad14aff36b1713fadc3050390090eca85e62ce453d8854704ee9d1a34e934bbfb3dddf470b85ac3efc440f07db9b8b93390444b5419fe244a999053ffc4e66babe31bead044b957a625e66cf0455cf62d498705b2c4f14f0f437f550cb85a3e40342b3dc47d216511325131e96d07c5c09db76cbce0ce6696982e520e787e98a13f7a2b10323148a879b8362e1a9adf16d326f92acd5b54c3376ccea29f4654549648020b41b75c88690c58478cca92f00a55a37697e04255a92b5345ca7a051bc99f540525c95826f741022c63ab0ac1e8c32349e26cbaeb901863c3502328f5843313be0aec3bc0e4df1dd8633dac8fe0a07b2d25b4f53566e0d5db49da16929e6ee4b8807667e7daf20f6dc8b3bc6a98ea12c3b58030f90ed31694ba16521b5dd331fcfa11ef0593a321dd165152a69bc2822a7755096c11bbf896560726028dec36105aae72f1639c658f177ef7fee48d7558e38edeff6f95b02fac6bf5a8fc567535e6648d862e6b263300a06ea0fadc38f94395dec8f8c422058bb433b8daf2b5a50eb4d507d197dcfd5262536776d83d11ff1e8924c6b9a98c803b820ef37754a323214cdc8db16c5b115c88a2937839b258a8e7c8bf1f1e16898bb8b2cd45516f140be0c231e2c9e4f82a117eb836f04cf83f12ce4e9c01a8206aae715a63f9ac1a39b73fb5ca4715f8e8ed780da16db10ce057973cae8b7cd690e9b2f195dcce994c10b0fed0efedd3b5e1abde6bccc3"]}, 0x2344}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) r4 = syz_io_uring_setup(0x645f, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x100000, 0x26d, 0x0, r0}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r7, 0x0, 0x0}, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x8010, r4, 0x8000000) io_uring_enter(r4, 0x58ab, 0x0, 0x0, 0x0, 0x0) 08:59:57 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xc00, 0x0, 0x0, 0x0) 08:59:57 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000008, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000080)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index, 0x4, &(0x7f0000000000)=[{&(0x7f0000000180)=""/105, 0x69}], 0x1, 0x11, 0x1, {0x0, r4}}, 0x1f) syz_io_uring_submit(r2, r1, &(0x7f0000000040)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000300), &(0x7f0000000000)='./file0\x00', 0x10, 0x800, 0x0, {0x0, r4}}, 0x8000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) 08:59:57 executing program 4: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140), 0x8, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r3, 0x10000000) 08:59:57 executing program 6: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f00000001c0)={0x0, 0x8}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xdcf}, 0x0, 0x0, 0x400, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x4}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x5) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, r5, 0x10000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 08:59:57 executing program 7: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), &(0x7f0000000100)=0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r2, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0xd00, 0x0, 0x0, 0x0) 08:59:57 executing program 5: r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000140), 0x210000, 0x0) write$P9_RSTAT(r0, &(0x7f0000000180)={0x3d, 0x7d, 0x1, {0x0, 0x36, 0x7, 0x1ff, {0x8, 0x2, 0x8}, 0x10000, 0x1000, 0x7, 0x1, 0x1, '\x00', 0x1, '\x00', 0x1, '\x00'}}, 0x3d) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x12001, 0x0, {0x3}}, 0x3) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) copy_file_range(r1, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0) [ 2224.560895] FAULT_INJECTION: forcing a failure. [ 2224.560895] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2224.562966] CPU: 1 PID: 11515 Comm: syz-executor.4 Tainted: G D 5.10.173 #1 [ 2224.564159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.565416] Call Trace: [ 2224.565785] dump_stack+0x107/0x167 [ 2224.566287] should_fail.cold+0x5/0xa [ 2224.566823] __alloc_pages_nodemask+0x182/0x690 [ 2224.567533] ? perf_trace_lock+0xac/0x490 [ 2224.568122] ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230 [ 2224.569003] ? lock_release+0x4df/0x6b0 [ 2224.569616] ? lock_release+0x6b0/0x6b0 [ 2224.570171] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 2224.570822] alloc_pages_current+0x187/0x280 [ 2224.571462] allocate_slab+0x26f/0x380 [ 2224.572059] ___slab_alloc+0x470/0x700 [ 2224.572649] ? drain_obj_stock+0xf9/0x4a0 [ 2224.573332] ? io_submit_sqes+0x7099/0x86e0 [ 2224.573934] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 2224.574563] kmem_cache_alloc_bulk+0x1ec/0x320 [ 2224.575198] io_submit_sqes+0x7099/0x86e0 [ 2224.575802] ? __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.576555] __do_sys_io_uring_enter+0x6b5/0x17b0 [ 2224.577253] ? io_submit_sqes+0x86e0/0x86e0 [ 2224.577830] ? recalibrate_cpu_khz+0x10/0x10 [ 2224.578424] ? ktime_get+0x158/0x1f0 [ 2224.578970] ? lapic_timer_set_periodic+0x60/0x60 [ 2224.579598] ? clockevents_program_event+0x131/0x360 [ 2224.580283] ? tick_program_event+0xa8/0x140 [ 2224.580918] ? hrtimer_interrupt+0x771/0x9b0 [ 2224.581569] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.582308] do_syscall_64+0x33/0x40 [ 2224.582838] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2224.583514] RIP: 0033:0x7f30d6b2fb19 [ 2224.584019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2224.586610] RSP: 002b:00007f30d40a5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2224.587664] RAX: ffffffffffffffda RBX: 00007f30d6c42f60 RCX: 00007f30d6b2fb19 [ 2224.588625] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2224.589622] RBP: 00007f30d40a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.590634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2224.591573] R13: 00007ffd80c8ba0f R14: 00007f30d40a5300 R15: 0000000000022000 VM DIAGNOSIS: 08:59:57 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffffea0000e838c0 RCX=ffffffff8163e7bc RDX=1ffffd40001d0719 RSI=ffffffff8163e4fe RDI=ffffea0000e838c8 RBP=ffffea0000e838c0 RSP=ffff88800cddf750 R8 =0000000000000001 R9 =ffffea0000e838f3 R10=0000000000000000 R11=0000000000000001 R12=ffffea0000e838c8 R13=ffff888043717400 R14=dffffc0000000000 R15=00007f11b0a81000 RIP=ffffffff816d8d13 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffd977c8ff8 CR3=0000000045438000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff822d312c RDI=ffffffff879e4160 RBP=ffffffff879e4120 RSP=ffff8880515974b0 R8 =0000000000000000 R9 =ffffffff856728cf R10=000000000000000a R11=0000000000000001 R12=0000000000000020 R13=fffffbfff0f3c878 R14=fffffbfff0f3c82e R15=dffffc0000000000 RIP=ffffffff822d3180 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2488b28700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2488b27f78 CR3=00000000520ee000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffffffffffffffffffffffff0000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000