2e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:11 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600)

10:39:11 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:39:11 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:11 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9)

10:39:11 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

10:39:11 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

[ 1595.831874] FAULT_INJECTION: forcing a failure.
[ 1595.831874] name failslab, interval 1, probability 0, space 0, times 0
[ 1595.834493] CPU: 0 PID: 9543 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1595.836009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1595.837885] Call Trace:
[ 1595.838490]  dump_stack+0x107/0x167
[ 1595.839301]  should_fail.cold+0x5/0xa
[ 1595.840157]  ? create_object.isra.0+0x3a/0xa30
[ 1595.841211]  should_failslab+0x5/0x20
[ 1595.842050]  kmem_cache_alloc+0x5b/0x310
[ 1595.842202] FAULT_INJECTION: forcing a failure.
[ 1595.842202] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1595.842965]  ? mark_held_locks+0x9e/0xe0
[ 1595.842989]  create_object.isra.0+0x3a/0xa30
[ 1595.843009]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1595.847711]  kmem_cache_alloc_bulk+0x168/0x320
[ 1595.848767]  io_submit_sqes+0x6fe7/0x8610
[ 1595.849744]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1595.850882]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1595.851966]  ? find_held_lock+0x2c/0x110
[ 1595.852890]  ? io_submit_sqes+0x8610/0x8610
[ 1595.853877]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1595.854965]  ? wait_for_completion_io+0x270/0x270
[ 1595.856059]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1595.857117]  ? vfs_write+0x354/0xb10
[ 1595.857960]  ? fput_many+0x2f/0x1a0
[ 1595.858786]  ? ksys_write+0x1a9/0x260
[ 1595.859635]  ? __ia32_sys_read+0xb0/0xb0
[ 1595.860546]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1595.861720]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1595.862866]  do_syscall_64+0x33/0x40
[ 1595.863694]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1595.864846] RIP: 0033:0x7ffb15b8eb19
[ 1595.865674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1595.869772] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1595.871461] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1595.873053] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1595.874639] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1595.876225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1595.877816] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1595.879427] CPU: 1 PID: 9545 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1595.880437] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1595.881676] Call Trace:
[ 1595.882061]  dump_stack+0x107/0x167
[ 1595.882593]  should_fail.cold+0x5/0xa
[ 1595.883151]  _copy_from_user+0x2e/0x1b0
[ 1595.883732]  move_addr_to_kernel.part.0+0x31/0x110
[ 1595.884443]  move_addr_to_kernel+0x4f/0x70
[ 1595.885063]  io_connect+0x47a/0x610
[ 1595.885591]  ? io_prep_rw+0x1050/0x1050
[ 1595.886174]  ? lock_acquire+0x197/0x470
[ 1595.886760]  ? __lock_acquire+0xbb1/0x5b00
[ 1595.887389]  io_issue_sqe+0x1611/0x77d0
[ 1595.887970]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1595.888737]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1595.889521]  ? trace_hardirqs_on+0x5b/0x180
[ 1595.890148]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1595.890966]  ? io_connect+0x610/0x610
[ 1595.891522]  ? lock_acquire+0x1b9/0x470
[ 1595.892101]  ? find_held_lock+0x2c/0x110
[ 1595.892720]  ? __fget_files+0x2cf/0x520
[ 1595.893308]  ? lock_downgrade+0x6d0/0x6d0
[ 1595.893914]  __io_queue_sqe+0x90/0x9d0
[ 1595.894484]  ? io_issue_sqe+0x77d0/0x77d0
[ 1595.895088]  ? __fget_files+0x2f8/0x520
[ 1595.895686]  io_submit_sqes+0x44ab/0x8610
[ 1595.896308]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1595.897042]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1595.897742]  ? find_held_lock+0x2c/0x110
[ 1595.898335]  ? io_submit_sqes+0x8610/0x8610
[ 1595.898965]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1595.899665]  ? wait_for_completion_io+0x270/0x270
[ 1595.900367]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1595.901047]  ? vfs_write+0x354/0xb10
[ 1595.901596]  ? fput_many+0x2f/0x1a0
[ 1595.902130]  ? ksys_write+0x1a9/0x260
[ 1595.902698]  ? __ia32_sys_read+0xb0/0xb0
[ 1595.903289]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1595.904048]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1595.904815]  do_syscall_64+0x33/0x40
[ 1595.905358]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1595.906124] RIP: 0033:0x7fe1afc89b19
[ 1595.906669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1595.909431] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1595.910583] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1595.911610] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1595.912639] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1595.913691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1595.914770] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
[ 1595.945706] FAULT_INJECTION: forcing a failure.
[ 1595.945706] name failslab, interval 1, probability 0, space 0, times 0
[ 1595.947420] CPU: 1 PID: 9542 Comm: syz-executor.6 Not tainted 5.10.244 #1
[ 1595.948430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1595.949677] Call Trace:
[ 1595.950068]  dump_stack+0x107/0x167
[ 1595.950631]  should_fail.cold+0x5/0xa
[ 1595.951190]  ? create_object.isra.0+0x3a/0xa30
[ 1595.951858]  should_failslab+0x5/0x20
10:39:11 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1595.952441]  kmem_cache_alloc+0x5b/0x310
[ 1595.953303]  ? mark_held_locks+0x9e/0xe0
[ 1595.953898]  create_object.isra.0+0x3a/0xa30
[ 1595.954536]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1595.955282]  kmem_cache_alloc_bulk+0x168/0x320
[ 1595.955951]  io_submit_sqes+0x6fe7/0x8610
[ 1595.956589]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1595.957315]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1595.958040]  ? find_held_lock+0x2c/0x110
[ 1595.958655]  ? io_submit_sqes+0x8610/0x8610
[ 1595.959334]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1595.960059]  ? wait_for_completion_io+0x270/0x270
[ 1595.960809]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1595.961498]  ? vfs_write+0x354/0xb10
[ 1595.962040]  ? fput_many+0x2f/0x1a0
[ 1595.962616]  ? ksys_write+0x1a9/0x260
[ 1595.963173]  ? __ia32_sys_read+0xb0/0xb0
[ 1595.963775]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1595.964592]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1595.965369]  do_syscall_64+0x33/0x40
[ 1595.965924]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1595.966698] RIP: 0033:0x7f2b7b21fb19
[ 1595.967252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1595.970032] RSP: 002b:00007f2b78795188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1595.971183] RAX: ffffffffffffffda RBX: 00007f2b7b332f60 RCX: 00007f2b7b21fb19
[ 1595.972258] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1595.973354] RBP: 00007f2b787951d0 R08: 0000000000000000 R09: 0000000000000000
[ 1595.974439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1595.975523] R13: 00007fff89c8b65f R14: 00007f2b78795300 R15: 0000000000022000
10:39:11 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:12 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:12 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

[ 1596.171415] FAULT_INJECTION: forcing a failure.
[ 1596.171415] name failslab, interval 1, probability 0, space 0, times 0
[ 1596.173062] CPU: 1 PID: 9560 Comm: syz-executor.6 Not tainted 5.10.244 #1
[ 1596.173996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1596.175129] Call Trace:
[ 1596.175493]  dump_stack+0x107/0x167
[ 1596.176000]  should_fail.cold+0x5/0xa
[ 1596.176524]  ? create_object.isra.0+0x3a/0xa30
[ 1596.177151]  should_failslab+0x5/0x20
[ 1596.177670]  kmem_cache_alloc+0x5b/0x310
[ 1596.178226]  ? mark_held_locks+0x9e/0xe0
[ 1596.178783]  create_object.isra.0+0x3a/0xa30
[ 1596.179388]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1596.180082]  kmem_cache_alloc_bulk+0x168/0x320
[ 1596.180719]  io_submit_sqes+0x6fe7/0x8610
[ 1596.181295]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.181962]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.182621]  ? find_held_lock+0x2c/0x110
[ 1596.183180]  ? io_submit_sqes+0x8610/0x8610
[ 1596.183768]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1596.184426]  ? wait_for_completion_io+0x270/0x270
[ 1596.185096]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1596.185727]  ? vfs_write+0x354/0xb10
[ 1596.186233]  ? fput_many+0x2f/0x1a0
[ 1596.186731]  ? ksys_write+0x1a9/0x260
[ 1596.187250]  ? __ia32_sys_read+0xb0/0xb0
[ 1596.187800]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1596.188510]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1596.189219]  do_syscall_64+0x33/0x40
[ 1596.189722]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1596.190426] RIP: 0033:0x7f2b7b21fb19
[ 1596.190929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1596.193491] RSP: 002b:00007f2b78795188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1596.194511] RAX: ffffffffffffffda RBX: 00007f2b7b332f60 RCX: 00007f2b7b21fb19
[ 1596.195469] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1596.196437] RBP: 00007f2b787951d0 R08: 0000000000000000 R09: 0000000000000000
[ 1596.197405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1596.198371] R13: 00007fff89c8b65f R14: 00007f2b78795300 R15: 0000000000022000
10:39:12 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:12 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000)

10:39:12 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)

10:39:12 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:12 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1596.322805] FAULT_INJECTION: forcing a failure.
[ 1596.322805] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1596.324375] CPU: 1 PID: 9570 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1596.325248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1596.326341] Call Trace:
[ 1596.326682]  dump_stack+0x107/0x167
[ 1596.327140]  should_fail.cold+0x5/0xa
[ 1596.327626]  _copy_from_user+0x2e/0x1b0
[ 1596.328135]  move_addr_to_kernel.part.0+0x31/0x110
[ 1596.328769]  move_addr_to_kernel+0x4f/0x70
[ 1596.329310]  io_connect+0x47a/0x610
[ 1596.329767]  ? io_prep_rw+0x1050/0x1050
[ 1596.330282]  ? lock_acquire+0x197/0x470
[ 1596.330781]  ? __lock_acquire+0xbb1/0x5b00
[ 1596.331314]  io_issue_sqe+0x1611/0x77d0
[ 1596.331815]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1596.332499]  ? lock_chain_count+0x20/0x20
[ 1596.333050]  ? __is_insn_slot_addr+0x14c/0x290
[ 1596.333666]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1596.334340]  ? io_connect+0x610/0x610
[ 1596.334841]  ? lock_acquire+0x197/0x470
[ 1596.335348]  ? find_held_lock+0x2c/0x110
[ 1596.335881]  ? __fget_files+0x2cf/0x520
[ 1596.336392]  ? lock_downgrade+0x6d0/0x6d0
[ 1596.336947]  __io_queue_sqe+0x90/0x9d0
[ 1596.337451]  ? io_issue_sqe+0x77d0/0x77d0
[ 1596.337975]  ? __fget_files+0x2f8/0x520
[ 1596.338509]  io_submit_sqes+0x44ab/0x8610
[ 1596.339057]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.339706]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.340321]  ? find_held_lock+0x2c/0x110
[ 1596.340844]  ? io_submit_sqes+0x8610/0x8610
[ 1596.341389]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1596.341992]  ? wait_for_completion_io+0x270/0x270
[ 1596.342598]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1596.343177]  ? vfs_write+0x354/0xb10
[ 1596.343638]  ? fput_many+0x2f/0x1a0
[ 1596.344103]  ? ksys_write+0x1a9/0x260
[ 1596.344587]  ? __ia32_sys_read+0xb0/0xb0
[ 1596.345108]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1596.345756]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1596.346410]  do_syscall_64+0x33/0x40
[ 1596.346870]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1596.347514] RIP: 0033:0x7ffb15b8eb19
[ 1596.347974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1596.350365] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1596.351313] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1596.352198] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1596.353137] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1596.354090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1596.355047] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1596.371344] FAULT_INJECTION: forcing a failure.
[ 1596.371344] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1596.372950] CPU: 1 PID: 9576 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1596.373788] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1596.374805] Call Trace:
[ 1596.375133]  dump_stack+0x107/0x167
[ 1596.375584]  should_fail.cold+0x5/0xa
[ 1596.376055]  _copy_from_user+0x2e/0x1b0
[ 1596.376547]  move_addr_to_kernel.part.0+0x31/0x110
[ 1596.377160]  move_addr_to_kernel+0x4f/0x70
[ 1596.377708]  io_connect+0x47a/0x610
[ 1596.378164]  ? io_prep_rw+0x1050/0x1050
[ 1596.378715]  ? __lock_acquire+0xbb1/0x5b00
[ 1596.379272]  io_issue_sqe+0x1611/0x77d0
[ 1596.379787]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1596.380484]  ? lock_chain_count+0x20/0x20
[ 1596.381024]  ? __is_insn_slot_addr+0x14c/0x290
[ 1596.381597]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1596.382249]  ? io_connect+0x610/0x610
[ 1596.382719]  ? lock_acquire+0x197/0x470
[ 1596.383213]  ? find_held_lock+0x2c/0x110
[ 1596.383734]  ? __fget_files+0x2cf/0x520
[ 1596.384240]  ? lock_downgrade+0x6d0/0x6d0
[ 1596.384775]  __io_queue_sqe+0x90/0x9d0
[ 1596.385265]  ? io_issue_sqe+0x77d0/0x77d0
[ 1596.385776]  ? __fget_files+0x2f8/0x520
[ 1596.386270]  io_submit_sqes+0x44ab/0x8610
[ 1596.386788]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.387413]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.387998]  ? find_held_lock+0x2c/0x110
[ 1596.388510]  ? io_submit_sqes+0x8610/0x8610
[ 1596.389046]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1596.389646]  ? wait_for_completion_io+0x270/0x270
[ 1596.390234]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1596.390800]  ? vfs_write+0x354/0xb10
[ 1596.391251]  ? fput_many+0x2f/0x1a0
[ 1596.391701]  ? ksys_write+0x1a9/0x260
[ 1596.392167]  ? __ia32_sys_read+0xb0/0xb0
[ 1596.392676]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1596.393329]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1596.393957]  do_syscall_64+0x33/0x40
10:39:12 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1596.394414]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1596.395266] RIP: 0033:0x7fe1afc89b19
[ 1596.395723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1596.397979] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1596.398938] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1596.399858] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1596.400786] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1596.401713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1596.402599] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:39:12 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:12 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:12 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1596.602098] FAULT_INJECTION: forcing a failure.
[ 1596.602098] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1596.603815] CPU: 1 PID: 9588 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1596.604615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1596.605568] Call Trace:
[ 1596.605887]  dump_stack+0x107/0x167
[ 1596.606309]  should_fail.cold+0x5/0xa
[ 1596.606762]  _copy_from_user+0x2e/0x1b0
[ 1596.607238]  move_addr_to_kernel.part.0+0x31/0x110
[ 1596.607828]  move_addr_to_kernel+0x4f/0x70
[ 1596.608336]  io_connect+0x47a/0x610
[ 1596.608807]  ? io_prep_rw+0x1050/0x1050
[ 1596.609303]  ? mark_lock+0xf5/0x2df0
[ 1596.609747]  io_issue_sqe+0x1611/0x77d0
[ 1596.610217]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1596.610819]  ? lock_chain_count+0x20/0x20
[ 1596.611297]  ? __is_insn_slot_addr+0x14c/0x290
[ 1596.611853]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1596.612457]  ? io_connect+0x610/0x610
[ 1596.612948]  ? mark_held_locks+0x9e/0xe0
[ 1596.613426]  ? find_held_lock+0x2c/0x110
[ 1596.613895]  ? __fget_files+0x2cf/0x520
[ 1596.614366]  ? lock_downgrade+0x6d0/0x6d0
[ 1596.614876]  __io_queue_sqe+0x90/0x9d0
[ 1596.615341]  ? __fget_files+0x2d4/0x520
[ 1596.615813]  ? io_issue_sqe+0x77d0/0x77d0
[ 1596.616293]  ? __fget_files+0x2f8/0x520
[ 1596.616770]  io_submit_sqes+0x44ab/0x8610
[ 1596.617290]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.617861]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1596.618456]  ? find_held_lock+0x2c/0x110
[ 1596.618942]  ? io_submit_sqes+0x8610/0x8610
[ 1596.619463]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1596.620016]  ? wait_for_completion_io+0x270/0x270
[ 1596.620617]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1596.621152]  ? vfs_write+0x354/0xb10
[ 1596.621608]  ? fput_many+0x2f/0x1a0
[ 1596.622023]  ? ksys_write+0x1a9/0x260
[ 1596.622461]  ? __ia32_sys_read+0xb0/0xb0
[ 1596.622948]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1596.623563]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1596.624184]  do_syscall_64+0x33/0x40
[ 1596.624659]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1596.625280] RIP: 0033:0x7fe1afc89b19
[ 1596.625707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1596.627868] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1596.628765] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1596.629622] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1596.630504] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1596.631359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1596.632206] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:39:24 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:24 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:24 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44)

10:39:24 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000)

10:39:24 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:24 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x2, 0x0, 0x0, 0x0)

10:39:24 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)

10:39:24 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1608.946319] FAULT_INJECTION: forcing a failure.
[ 1608.946319] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1608.948154] CPU: 1 PID: 9601 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1608.949037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1608.950087] Call Trace:
[ 1608.950425]  dump_stack+0x107/0x167
[ 1608.950887]  should_fail.cold+0x5/0xa
[ 1608.951376]  __alloc_pages_nodemask+0x182/0x600
[ 1608.951965]  ? lock_acquire+0x197/0x470
[ 1608.952474]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1608.953255]  ? find_held_lock+0x2c/0x110
[ 1608.953773]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1608.954437]  ? lock_downgrade+0x6d0/0x6d0
[ 1608.954548] FAULT_INJECTION: forcing a failure.
[ 1608.954548] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1608.954956]  ? mark_held_locks+0x9e/0xe0
[ 1608.957994]  alloc_pages_current+0x187/0x280
[ 1608.958550]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1608.959221]  ? replace_page_cache_page+0x1200/0x1200
[ 1608.959867]  pte_alloc_one+0x16/0x1a0
[ 1608.960349]  ? replace_page_cache_page+0x1200/0x1200
[ 1608.960998]  handle_mm_fault+0x2ab2/0x3500
[ 1608.961535]  ? __lock_acquire+0x1657/0x5b00
[ 1608.962085]  ? __pmd_alloc+0x630/0x630
[ 1608.962583]  ? vmacache_find+0x55/0x2a0
[ 1608.963087]  ? vmacache_update+0xce/0x140
[ 1608.963611]  do_user_addr_fault+0x56e/0xc60
[ 1608.964163]  exc_page_fault+0xa2/0x1a0
[ 1608.964661]  asm_exc_page_fault+0x1e/0x30
[ 1608.965202] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1608.965880] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1608.968228] RSP: 0018:ffff88804855f7b8 EFLAGS: 00050246
[ 1608.968933] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1608.969831] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88804855f888
[ 1608.970734] RBP: ffff88804855f888 R08: 0000000000000001 R09: ffff88804855f907
[ 1608.971634] R10: ffffed10090abf20 R11: 0000000000000001 R12: 0000000020000100
[ 1608.972552] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1608.973487]  _copy_from_user+0x172/0x1b0
[ 1608.974011]  move_addr_to_kernel.part.0+0x31/0x110
[ 1608.974635]  move_addr_to_kernel+0x4f/0x70
[ 1608.975172]  io_connect+0x47a/0x610
[ 1608.975631]  ? io_prep_rw+0x1050/0x1050
[ 1608.976149]  ? lock_acquire+0x197/0x470
[ 1608.976658]  ? __lock_acquire+0xbb1/0x5b00
[ 1608.977197]  io_issue_sqe+0x1611/0x77d0
[ 1608.977697]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1608.978355]  ? lock_chain_count+0x20/0x20
[ 1608.978873]  ? __is_insn_slot_addr+0x14c/0x290
[ 1608.979446]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1608.980100]  ? io_connect+0x610/0x610
[ 1608.980580]  ? lock_acquire+0x197/0x470
[ 1608.981088]  ? find_held_lock+0x2c/0x110
[ 1608.981612]  ? __fget_files+0x2cf/0x520
[ 1608.982116]  ? lock_downgrade+0x6d0/0x6d0
[ 1608.982643]  __io_queue_sqe+0x90/0x9d0
[ 1608.983134]  ? io_issue_sqe+0x77d0/0x77d0
[ 1608.983650]  ? __fget_files+0x2f8/0x520
[ 1608.984158]  io_submit_sqes+0x44ab/0x8610
[ 1608.984713]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1608.985366]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1608.985978]  ? find_held_lock+0x2c/0x110
[ 1608.986488]  ? io_submit_sqes+0x8610/0x8610
[ 1608.987038]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1608.987651]  ? wait_for_completion_io+0x270/0x270
[ 1608.988268]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1608.988866]  ? vfs_write+0x354/0xb10
[ 1608.989336]  ? fput_many+0x2f/0x1a0
[ 1608.989790]  ? ksys_write+0x1a9/0x260
[ 1608.990268]  ? __ia32_sys_read+0xb0/0xb0
[ 1608.990779]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1608.991441]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1608.992089]  do_syscall_64+0x33/0x40
[ 1608.992558]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1608.993205] RIP: 0033:0x7ffb15b8eb19
[ 1608.993672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1608.996012] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1608.996987] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1608.997880] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1608.998778] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1608.999681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1609.000595] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1609.001532] CPU: 0 PID: 9603 Comm: syz-executor.6 Not tainted 5.10.244 #1
[ 1609.003033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1609.004838] Call Trace:
[ 1609.005416]  dump_stack+0x107/0x167
[ 1609.006215]  should_fail.cold+0x5/0xa
[ 1609.007050]  _copy_from_user+0x2e/0x1b0
[ 1609.007919]  move_addr_to_kernel.part.0+0x31/0x110
[ 1609.008998]  move_addr_to_kernel+0x4f/0x70
[ 1609.009917]  io_connect+0x47a/0x610
[ 1609.010709]  ? io_prep_rw+0x1050/0x1050
[ 1609.011581]  ? lock_acquire+0x197/0x470
[ 1609.012451]  ? __lock_acquire+0xbb1/0x5b00
[ 1609.013393]  io_issue_sqe+0x1611/0x77d0
[ 1609.014265]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1609.015401]  ? lock_chain_count+0x20/0x20
[ 1609.016299]  ? __is_insn_slot_addr+0x14c/0x290
[ 1609.017312]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1609.018449]  ? io_connect+0x610/0x610
[ 1609.019283]  ? lock_acquire+0x197/0x470
[ 1609.020145]  ? find_held_lock+0x2c/0x110
[ 1609.021040]  ? __fget_files+0x2cf/0x520
[ 1609.021902]  ? lock_downgrade+0x6d0/0x6d0
[ 1609.022804]  __io_queue_sqe+0x90/0x9d0
[ 1609.023653]  ? io_issue_sqe+0x77d0/0x77d0
[ 1609.024546]  ? __fget_files+0x2f8/0x520
[ 1609.025430]  io_submit_sqes+0x44ab/0x8610
[ 1609.026348]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1609.027419]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1609.028460]  ? find_held_lock+0x2c/0x110
[ 1609.029352]  ? io_submit_sqes+0x8610/0x8610
[ 1609.030283]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1609.031324]  ? wait_for_completion_io+0x270/0x270
[ 1609.032362]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1609.033365]  ? vfs_write+0x354/0xb10
[ 1609.034169]  ? fput_many+0x2f/0x1a0
[ 1609.034958]  ? ksys_write+0x1a9/0x260
[ 1609.035776]  ? __ia32_sys_read+0xb0/0xb0
[ 1609.036654]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1609.037790]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1609.038906]  do_syscall_64+0x33/0x40
[ 1609.039706]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1609.040814] RIP: 0033:0x7f2b7b21fb19
[ 1609.041612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1609.045577] RSP: 002b:00007f2b78795188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1609.047215] RAX: ffffffffffffffda RBX: 00007f2b7b332f60 RCX: 00007f2b7b21fb19
[ 1609.048752] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1609.050279] RBP: 00007f2b787951d0 R08: 0000000000000000 R09: 0000000000000000
[ 1609.051798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1609.053334] R13: 00007fff89c8b65f R14: 00007f2b78795300 R15: 0000000000022000
10:39:24 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1609.069275] FAULT_INJECTION: forcing a failure.
[ 1609.069275] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1609.072027] CPU: 0 PID: 9611 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1609.073499] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1609.075263] Call Trace:
[ 1609.075824]  dump_stack+0x107/0x167
[ 1609.076603]  should_fail.cold+0x5/0xa
[ 1609.077433]  _copy_from_user+0x2e/0x1b0
[ 1609.078277]  move_addr_to_kernel.part.0+0x31/0x110
[ 1609.079316]  move_addr_to_kernel+0x4f/0x70
[ 1609.080213]  io_connect+0x47a/0x610
[ 1609.080995]  ? io_prep_rw+0x1050/0x1050
[ 1609.081859]  ? __lock_acquire+0xbb1/0x5b00
[ 1609.082758]  io_issue_sqe+0x1611/0x77d0
[ 1609.083612]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1609.084726]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1609.085894]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1609.086999]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1609.088153]  ? io_connect+0x610/0x610
[ 1609.088975]  ? lock_acquire+0x197/0x470
[ 1609.089821]  ? find_held_lock+0x2c/0x110
[ 1609.090690]  ? __fget_files+0x2cf/0x520
[ 1609.091527]  ? lock_downgrade+0x6d0/0x6d0
[ 1609.092402]  __io_queue_sqe+0x90/0x9d0
[ 1609.093260]  ? io_issue_sqe+0x77d0/0x77d0
[ 1609.094127]  ? __fget_files+0x2f8/0x520
[ 1609.094979]  io_submit_sqes+0x44ab/0x8610
[ 1609.095876]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1609.096932]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1609.097957]  ? find_held_lock+0x2c/0x110
[ 1609.098818]  ? io_submit_sqes+0x8610/0x8610
[ 1609.099729]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1609.100758]  ? wait_for_completion_io+0x270/0x270
[ 1609.101768]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1609.102742]  ? vfs_write+0x354/0xb10
[ 1609.103528]  ? fput_many+0x2f/0x1a0
[ 1609.104290]  ? ksys_write+0x1a9/0x260
[ 1609.105096]  ? __ia32_sys_read+0xb0/0xb0
[ 1609.105957]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1609.107056]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1609.108140]  do_syscall_64+0x33/0x40
[ 1609.108926]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1609.110101] RIP: 0033:0x7fe1afc89b19
[ 1609.110980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1609.115356] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1609.117166] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1609.118854] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1609.120553] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1609.122256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1609.123944] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:39:25 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x0, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:25 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000)

10:39:25 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:25 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x6, 0x0, 0x0, 0x0)

10:39:25 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:25 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:39:25 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x0, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1609.392546] FAULT_INJECTION: forcing a failure.
[ 1609.392546] name failslab, interval 1, probability 0, space 0, times 0
[ 1609.393984] CPU: 1 PID: 9638 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1609.394820] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1609.395769] Call Trace:
[ 1609.396087]  dump_stack+0x107/0x167
[ 1609.396506]  should_fail.cold+0x5/0xa
[ 1609.396957]  ? memcg_alloc_page_obj_cgroups+0x73/0x100
[ 1609.397579]  should_failslab+0x5/0x20
[ 1609.398015]  __kmalloc_node+0x76/0x420
[ 1609.398493]  memcg_alloc_page_obj_cgroups+0x73/0x100
[ 1609.399088]  memcg_slab_post_alloc_hook+0x1f0/0x430
[ 1609.399707]  kmem_cache_alloc_bulk+0x182/0x320
[ 1609.400250]  io_submit_sqes+0x6fe7/0x8610
[ 1609.400783]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1609.401401]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1609.401987]  ? find_held_lock+0x2c/0x110
[ 1609.402460]  ? io_submit_sqes+0x8610/0x8610
[ 1609.402959]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1609.403520]  ? wait_for_completion_io+0x270/0x270
[ 1609.404074]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1609.404627]  ? vfs_write+0x354/0xb10
[ 1609.405063]  ? fput_many+0x2f/0x1a0
[ 1609.405507]  ? ksys_write+0x1a9/0x260
[ 1609.405944]  ? __ia32_sys_read+0xb0/0xb0
[ 1609.406435]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1609.407054]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1609.407686]  do_syscall_64+0x33/0x40
[ 1609.408146]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1609.408775] RIP: 0033:0x7fe1afc89b19
[ 1609.409214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1609.411402] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1609.412313] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1609.413169] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1609.413986] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1609.414863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1609.415700] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:39:38 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)

10:39:38 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000)

10:39:38 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x0, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:38 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45)

10:39:38 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x2000000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:38 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:38 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:39:38 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x600, 0x0, 0x0, 0x0)

[ 1622.374072] FAULT_INJECTION: forcing a failure.
[ 1622.374072] name failslab, interval 1, probability 0, space 0, times 0
[ 1622.376593] CPU: 0 PID: 9657 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1622.378109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1622.379928] Call Trace:
[ 1622.380515]  dump_stack+0x107/0x167
[ 1622.381326]  should_fail.cold+0x5/0xa
[ 1622.382171]  ? ptlock_alloc+0x1d/0x70
[ 1622.383022]  should_failslab+0x5/0x20
[ 1622.383870]  kmem_cache_alloc+0x5b/0x310
[ 1622.384778]  ptlock_alloc+0x1d/0x70
[ 1622.385593]  pte_alloc_one+0x68/0x1a0
[ 1622.386447]  ? replace_page_cache_page+0x1200/0x1200
[ 1622.387587]  handle_mm_fault+0x2ab2/0x3500
[ 1622.388537]  ? __lock_acquire+0x1657/0x5b00
[ 1622.389547]  ? __pmd_alloc+0x630/0x630
[ 1622.390424]  ? vmacache_find+0x55/0x2a0
[ 1622.391306]  ? vmacache_update+0xce/0x140
[ 1622.392234]  do_user_addr_fault+0x56e/0xc60
[ 1622.393220]  exc_page_fault+0xa2/0x1a0
[ 1622.394090]  asm_exc_page_fault+0x1e/0x30
[ 1622.395030] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1622.396252] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1622.400468] RSP: 0018:ffff888045f8f7b8 EFLAGS: 00050246
[ 1622.401696] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1622.403330] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff888045f8f888
[ 1622.404967] RBP: ffff888045f8f888 R08: 0000000000000001 R09: ffff888045f8f907
[ 1622.406607] R10: ffffed1008bf1f20 R11: 0000000000000001 R12: 0000000020000100
[ 1622.408262] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1622.409934]  _copy_from_user+0x172/0x1b0
[ 1622.410603] FAULT_INJECTION: forcing a failure.
[ 1622.410603] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1622.410878]  move_addr_to_kernel.part.0+0x31/0x110
[ 1622.414489]  move_addr_to_kernel+0x4f/0x70
[ 1622.415463]  io_connect+0x47a/0x610
[ 1622.416300]  ? io_prep_rw+0x1050/0x1050
[ 1622.417240]  ? lock_acquire+0x197/0x470
[ 1622.418161]  ? __lock_acquire+0xbb1/0x5b00
[ 1622.419145]  io_issue_sqe+0x1611/0x77d0
[ 1622.420074]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1622.421313]  ? lock_chain_count+0x20/0x20
[ 1622.422278]  ? __is_insn_slot_addr+0x14c/0x290
[ 1622.423334]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1622.424559]  ? io_connect+0x610/0x610
[ 1622.425463]  ? lock_acquire+0x197/0x470
[ 1622.426391]  ? find_held_lock+0x2c/0x110
[ 1622.427348]  ? __fget_files+0x2cf/0x520
[ 1622.428274]  ? lock_downgrade+0x6d0/0x6d0
[ 1622.429261]  __io_queue_sqe+0x90/0x9d0
[ 1622.430180]  ? io_issue_sqe+0x77d0/0x77d0
[ 1622.431157]  ? __fget_files+0x2f8/0x520
[ 1622.432114]  io_submit_sqes+0x44ab/0x8610
[ 1622.433136]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1622.434315]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1622.435462]  ? find_held_lock+0x2c/0x110
[ 1622.436432]  ? io_submit_sqes+0x8610/0x8610
[ 1622.437479]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1622.438636]  ? wait_for_completion_io+0x270/0x270
[ 1622.439796]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1622.440909]  ? vfs_write+0x354/0xb10
[ 1622.441817]  ? fput_many+0x2f/0x1a0
[ 1622.442700]  ? ksys_write+0x1a9/0x260
[ 1622.443625]  ? __ia32_sys_read+0xb0/0xb0
[ 1622.444620]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1622.445893]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1622.447142]  do_syscall_64+0x33/0x40
[ 1622.448047]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1622.449312] RIP: 0033:0x7ffb15b8eb19
[ 1622.450224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1622.454766] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1622.456672] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1622.458454] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1622.460262] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1622.462057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1622.463853] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1622.465668] CPU: 1 PID: 9659 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1622.467130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1622.468909] Call Trace:
[ 1622.469515]  dump_stack+0x107/0x167
[ 1622.470288]  should_fail.cold+0x5/0xa
[ 1622.471099]  _copy_from_user+0x2e/0x1b0
[ 1622.471949]  move_addr_to_kernel.part.0+0x31/0x110
[ 1622.473003]  move_addr_to_kernel+0x4f/0x70
[ 1622.473899]  io_connect+0x47a/0x610
[ 1622.474686]  ? io_prep_rw+0x1050/0x1050
[ 1622.475561]  ? __lock_acquire+0xbb1/0x5b00
[ 1622.476466]  io_issue_sqe+0x1611/0x77d0
[ 1622.477333]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1622.478456]  ? lock_chain_count+0x20/0x20
[ 1622.479339]  ? __is_insn_slot_addr+0x14c/0x290
[ 1622.480322]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1622.481453]  ? io_connect+0x610/0x610
[ 1622.482262]  ? lock_acquire+0x197/0x470
[ 1622.483110]  ? find_held_lock+0x2c/0x110
[ 1622.483986]  ? __fget_files+0x2cf/0x520
[ 1622.484826]  ? lock_downgrade+0x6d0/0x6d0
[ 1622.485731]  __io_queue_sqe+0x90/0x9d0
[ 1622.486568]  ? io_issue_sqe+0x77d0/0x77d0
[ 1622.487443]  ? __fget_files+0x2f8/0x520
[ 1622.488314]  io_submit_sqes+0x44ab/0x8610
[ 1622.489251]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1622.490308]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1622.491338]  ? find_held_lock+0x2c/0x110
[ 1622.492198]  ? io_submit_sqes+0x8610/0x8610
[ 1622.493123]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1622.494139]  ? wait_for_completion_io+0x270/0x270
[ 1622.495178]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1622.496169]  ? vfs_write+0x354/0xb10
[ 1622.496972]  ? fput_many+0x2f/0x1a0
[ 1622.497736]  ? ksys_write+0x1a9/0x260
[ 1622.498537]  ? __ia32_sys_read+0xb0/0xb0
[ 1622.499400]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1622.500518]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1622.501623]  do_syscall_64+0x33/0x40
[ 1622.502405]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1622.503493] RIP: 0033:0x7fe1afc89b19
[ 1622.504288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1622.508262] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1622.509895] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1622.511415] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1622.512941] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1622.514454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1622.515974] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
[ 1622.521569] FAULT_INJECTION: forcing a failure.
[ 1622.521569] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1622.524339] CPU: 1 PID: 9660 Comm: syz-executor.6 Not tainted 5.10.244 #1
[ 1622.525797] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1622.527581] Call Trace:
[ 1622.528147]  dump_stack+0x107/0x167
[ 1622.528940]  should_fail.cold+0x5/0xa
[ 1622.529755]  _copy_from_user+0x2e/0x1b0
[ 1622.530615]  move_addr_to_kernel.part.0+0x31/0x110
[ 1622.531672]  move_addr_to_kernel+0x4f/0x70
[ 1622.532579]  io_connect+0x47a/0x610
[ 1622.533369]  ? io_prep_rw+0x1050/0x1050
[ 1622.534237]  ? __lock_acquire+0xbb1/0x5b00
[ 1622.535157]  io_issue_sqe+0x1611/0x77d0
[ 1622.536022]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1622.537141]  ? lock_chain_count+0x20/0x20
[ 1622.538024]  ? __is_insn_slot_addr+0x14c/0x290
[ 1622.539004]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1622.540121]  ? io_connect+0x610/0x610
[ 1622.540946]  ? lock_acquire+0x197/0x470
[ 1622.541793]  ? find_held_lock+0x2c/0x110
[ 1622.542650]  ? __fget_files+0x2cf/0x520
[ 1622.543508]  ? lock_downgrade+0x6d0/0x6d0
[ 1622.544382]  __io_queue_sqe+0x90/0x9d0
[ 1622.545218]  ? io_issue_sqe+0x77d0/0x77d0
[ 1622.546094]  ? __fget_files+0x2f8/0x520
[ 1622.546948]  io_submit_sqes+0x44ab/0x8610
[ 1622.547862]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1622.548941]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1622.549978]  ? find_held_lock+0x2c/0x110
[ 1622.550842]  ? io_submit_sqes+0x8610/0x8610
[ 1622.551761]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1622.552792]  ? wait_for_completion_io+0x270/0x270
[ 1622.553830]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1622.554830]  ? vfs_write+0x354/0xb10
[ 1622.555618]  ? fput_many+0x2f/0x1a0
[ 1622.556386]  ? ksys_write+0x1a9/0x260
[ 1622.557203]  ? __ia32_sys_read+0xb0/0xb0
[ 1622.558065]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1622.559168]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1622.560285]  do_syscall_64+0x33/0x40
[ 1622.561090]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1622.562190] RIP: 0033:0x7f2b7b21fb19
[ 1622.562974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1622.566915] RSP: 002b:00007f2b78795188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1622.568540] RAX: ffffffffffffffda RBX: 00007f2b7b332f60 RCX: 00007f2b7b21fb19
[ 1622.570073] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1622.571592] RBP: 00007f2b787951d0 R08: 0000000000000000 R09: 0000000000000000
[ 1622.573109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1622.574638] R13: 00007fff89c8b65f R14: 00007f2b78795300 R15: 0000000000022000
10:39:38 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x6000000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:38 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:38 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0)

10:39:38 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:38 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000)

10:39:38 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46)

10:39:38 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1623.060757] FAULT_INJECTION: forcing a failure.
[ 1623.060757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1623.063327] CPU: 0 PID: 9683 Comm: syz-executor.6 Not tainted 5.10.244 #1
[ 1623.064635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1623.066233] Call Trace:
[ 1623.066741]  dump_stack+0x107/0x167
[ 1623.067617]  should_fail.cold+0x5/0xa
[ 1623.068341]  _copy_from_user+0x2e/0x1b0
[ 1623.069108]  move_addr_to_kernel.part.0+0x31/0x110
[ 1623.070033]  move_addr_to_kernel+0x4f/0x70
[ 1623.070832]  io_connect+0x47a/0x610
[ 1623.071516]  ? io_prep_rw+0x1050/0x1050
[ 1623.072283]  ? __lock_acquire+0xbb1/0x5b00
[ 1623.073096]  io_issue_sqe+0x1611/0x77d0
[ 1623.073854]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1623.074840]  ? lock_chain_count+0x20/0x20
[ 1623.075620]  ? __is_insn_slot_addr+0x14c/0x290
[ 1623.076482]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1623.077483]  ? io_connect+0x610/0x610
[ 1623.078205]  ? lock_acquire+0x197/0x470
[ 1623.078957]  ? find_held_lock+0x2c/0x110
[ 1623.079734]  ? __fget_files+0x2cf/0x520
[ 1623.080485]  ? lock_downgrade+0x6d0/0x6d0
[ 1623.081287]  __io_queue_sqe+0x90/0x9d0
[ 1623.082024]  ? io_issue_sqe+0x77d0/0x77d0
[ 1623.082813]  ? __fget_files+0x2f8/0x520
[ 1623.083576]  io_submit_sqes+0x44ab/0x8610
[ 1623.084383]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1623.085328]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1623.086247]  ? find_held_lock+0x2c/0x110
[ 1623.087015]  ? io_submit_sqes+0x8610/0x8610
[ 1623.087843]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1623.088750]  ? wait_for_completion_io+0x270/0x270
[ 1623.089665]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1623.090526]  ? vfs_write+0x354/0xb10
[ 1623.091223]  ? fput_many+0x2f/0x1a0
[ 1623.091902]  ? ksys_write+0x1a9/0x260
[ 1623.092610]  ? __ia32_sys_read+0xb0/0xb0
[ 1623.093370]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1623.094346]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1623.095308]  do_syscall_64+0x33/0x40
[ 1623.095999]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1623.096959] RIP: 0033:0x7f2b7b21fb19
[ 1623.097656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1623.101109] RSP: 002b:00007f2b78795188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1623.102535] RAX: ffffffffffffffda RBX: 00007f2b7b332f60 RCX: 00007f2b7b21fb19
[ 1623.103867] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1623.105220] RBP: 00007f2b787951d0 R08: 0000000000000000 R09: 0000000000000000
[ 1623.106550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1623.107886] R13: 00007fff89c8b65f R14: 00007f2b78795300 R15: 0000000000022000
[ 1636.802235] FAULT_INJECTION: forcing a failure.
[ 1636.802235] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1636.803950] CPU: 0 PID: 9696 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1636.804826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1636.805928] Call Trace:
[ 1636.806271]  dump_stack+0x107/0x167
[ 1636.806747]  should_fail.cold+0x5/0xa
[ 1636.807243]  _copy_from_user+0x2e/0x1b0
[ 1636.807757]  move_addr_to_kernel.part.0+0x31/0x110
[ 1636.808388]  move_addr_to_kernel+0x4f/0x70
[ 1636.808937]  io_connect+0x47a/0x610
[ 1636.809416]  ? io_prep_rw+0x1050/0x1050
[ 1636.809939]  ? __lock_acquire+0xbb1/0x5b00
[ 1636.810484]  io_issue_sqe+0x1611/0x77d0
[ 1636.810997]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1636.811673]  ? lock_chain_count+0x20/0x20
[ 1636.812211]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1636.812886]  ? io_connect+0x610/0x610
[ 1636.813390]  ? lock_acquire+0x197/0x470
[ 1636.813902]  ? find_held_lock+0x2c/0x110
[ 1636.814429]  ? __fget_files+0x2cf/0x520
[ 1636.814941]  ? lock_downgrade+0x6d0/0x6d0
[ 1636.815490]  __io_queue_sqe+0x90/0x9d0
[ 1636.815997]  ? io_issue_sqe+0x77d0/0x77d0
[ 1636.816533]  ? __fget_files+0x2f8/0x520
[ 1636.817052]  io_submit_sqes+0x44ab/0x8610
[ 1636.817815]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1636.818451]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1636.819067]  ? find_held_lock+0x2c/0x110
[ 1636.819582]  ? io_submit_sqes+0x8610/0x8610
[ 1636.820142]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1636.820757]  ? wait_for_completion_io+0x270/0x270
[ 1636.821401]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1636.821994]  ? vfs_write+0x354/0xb10
[ 1636.822472]  ? fput_many+0x2f/0x1a0
[ 1636.822937]  ? ksys_write+0x1a9/0x260
[ 1636.823423]  ? __ia32_sys_read+0xb0/0xb0
[ 1636.823948]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1636.824628]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1636.825305]  do_syscall_64+0x33/0x40
[ 1636.825780]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1636.826440] RIP: 0033:0x7fe1afc89b19
[ 1636.826910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1636.829249] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1636.830219] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1636.831119] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1636.832042] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1636.832970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1636.833890] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:39:52 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:39:52 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6000000)

10:39:52 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:52 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)

10:39:52 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:52 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:39:52 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0)

10:39:52 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47)

[ 1636.874963] FAULT_INJECTION: forcing a failure.
[ 1636.874963] name failslab, interval 1, probability 0, space 0, times 0
[ 1636.877604] CPU: 1 PID: 9705 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1636.879099] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1636.880894] Call Trace:
[ 1636.881487]  dump_stack+0x107/0x167
[ 1636.882280]  should_fail.cold+0x5/0xa
[ 1636.883103]  ? create_object.isra.0+0x3a/0xa30
[ 1636.884096]  should_failslab+0x5/0x20
[ 1636.884923]  kmem_cache_alloc+0x5b/0x310
[ 1636.885815]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1636.887100]  create_object.isra.0+0x3a/0xa30
[ 1636.888043]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1636.889137]  kmem_cache_alloc+0x159/0x310
[ 1636.890026]  ptlock_alloc+0x1d/0x70
[ 1636.890801]  pte_alloc_one+0x68/0x1a0
[ 1636.891634]  ? replace_page_cache_page+0x1200/0x1200
[ 1636.892725]  handle_mm_fault+0x2ab2/0x3500
[ 1636.893644]  ? __lock_acquire+0x1657/0x5b00
[ 1636.894574]  ? __pmd_alloc+0x630/0x630
[ 1636.895435]  ? vmacache_find+0x55/0x2a0
[ 1636.896286]  ? vmacache_update+0xce/0x140
[ 1636.897199]  do_user_addr_fault+0x56e/0xc60
[ 1636.898142]  exc_page_fault+0xa2/0x1a0
[ 1636.898973]  asm_exc_page_fault+0x1e/0x30
[ 1636.899892] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1636.901057] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1636.905021] RSP: 0018:ffff888047ce77b8 EFLAGS: 00050246
[ 1636.906175] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1636.907701] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff888047ce7888
[ 1636.909250] RBP: ffff888047ce7888 R08: 0000000000000001 R09: ffff888047ce7907
[ 1636.910790] R10: ffffed1008f9cf20 R11: 0000000000000001 R12: 0000000020000100
[ 1636.912341] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1636.913939]  _copy_from_user+0x172/0x1b0
[ 1636.914839]  move_addr_to_kernel.part.0+0x31/0x110
[ 1636.915915]  move_addr_to_kernel+0x4f/0x70
[ 1636.916848]  io_connect+0x47a/0x610
[ 1636.917644]  ? io_prep_rw+0x1050/0x1050
[ 1636.918508]  ? lock_acquire+0x197/0x470
[ 1636.919366]  ? __lock_acquire+0xbb1/0x5b00
[ 1636.920287]  io_issue_sqe+0x1611/0x77d0
[ 1636.921163]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1636.922291]  ? lock_chain_count+0x20/0x20
[ 1636.923200]  ? __is_insn_slot_addr+0x14c/0x290
[ 1636.924196]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1636.925327]  ? io_connect+0x610/0x610
[ 1636.926154]  ? lock_acquire+0x197/0x470
[ 1636.927013]  ? find_held_lock+0x2c/0x110
[ 1636.927903]  ? __fget_files+0x2cf/0x520
[ 1636.928759]  ? lock_downgrade+0x6d0/0x6d0
[ 1636.929665]  __io_queue_sqe+0x90/0x9d0
[ 1636.930498]  ? io_issue_sqe+0x77d0/0x77d0
[ 1636.931390]  ? __fget_files+0x2f8/0x520
[ 1636.932253]  io_submit_sqes+0x44ab/0x8610
[ 1636.933178]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1636.934254]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1636.935276]  ? find_held_lock+0x2c/0x110
[ 1636.936156]  ? io_submit_sqes+0x8610/0x8610
[ 1636.937089]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1636.938138]  ? wait_for_completion_io+0x270/0x270
[ 1636.939167]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1636.940168]  ? vfs_write+0x354/0xb10
[ 1636.940965]  ? fput_many+0x2f/0x1a0
[ 1636.941751]  ? ksys_write+0x1a9/0x260
[ 1636.942563]  ? __ia32_sys_read+0xb0/0xb0
[ 1636.943455]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1636.944563]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1636.945689]  do_syscall_64+0x33/0x40
[ 1636.946499]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1636.947582] RIP: 0033:0x7ffb15b8eb19
[ 1636.948394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1636.952366] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1636.953989] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1636.955492] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1636.957007] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1636.958544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1636.960072] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1636.973424] FAULT_INJECTION: forcing a failure.
[ 1636.973424] name fail_usercopy, interval 1, probability 0, space 0, times 0
10:39:52 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:39:52 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1636.975964] CPU: 1 PID: 9707 Comm: syz-executor.6 Not tainted 5.10.244 #1
[ 1636.977654] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1636.979438] Call Trace:
[ 1636.980004]  dump_stack+0x107/0x167
[ 1636.980785]  should_fail.cold+0x5/0xa
[ 1636.981637]  _copy_from_user+0x2e/0x1b0
[ 1636.982505]  move_addr_to_kernel.part.0+0x31/0x110
[ 1636.983558]  move_addr_to_kernel+0x4f/0x70
[ 1636.984462]  io_connect+0x47a/0x610
[ 1636.985266]  ? io_prep_rw+0x1050/0x1050
[ 1636.986138]  ? __lock_acquire+0xbb1/0x5b00
[ 1636.987050]  io_issue_sqe+0x1611/0x77d0
[ 1636.987916]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1636.989043]  ? lock_chain_count+0x20/0x20
[ 1636.989938]  ? __is_insn_slot_addr+0x14c/0x290
[ 1636.990928]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1636.992054]  ? io_connect+0x610/0x610
[ 1636.992866]  ? lock_acquire+0x197/0x470
[ 1636.993731]  ? find_held_lock+0x2c/0x110
[ 1636.994595]  ? __fget_files+0x2cf/0x520
[ 1636.995443]  ? lock_downgrade+0x6d0/0x6d0
[ 1636.996326]  __io_queue_sqe+0x90/0x9d0
[ 1636.997176]  ? io_issue_sqe+0x77d0/0x77d0
[ 1636.998057]  ? __fget_files+0x2f8/0x520
[ 1636.998914]  io_submit_sqes+0x44ab/0x8610
[ 1636.999833]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.000893]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.001937]  ? find_held_lock+0x2c/0x110
[ 1637.002817]  ? io_submit_sqes+0x8610/0x8610
[ 1637.003747]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1637.004779]  ? wait_for_completion_io+0x270/0x270
[ 1637.005815]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1637.006345] FAULT_INJECTION: forcing a failure.
[ 1637.006345] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1637.006807]  ? vfs_write+0x354/0xb10
[ 1637.006832]  ? fput_many+0x2f/0x1a0
[ 1637.009816]  ? ksys_write+0x1a9/0x260
[ 1637.010634]  ? __ia32_sys_read+0xb0/0xb0
[ 1637.011504]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1637.012620]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1637.013724]  do_syscall_64+0x33/0x40
[ 1637.014514]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1637.015600] RIP: 0033:0x7f2b7b21fb19
[ 1637.016388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1637.020331] RSP: 002b:00007f2b78795188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1637.021958] RAX: ffffffffffffffda RBX: 00007f2b7b332f60 RCX: 00007f2b7b21fb19
[ 1637.023480] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1637.024983] RBP: 00007f2b787951d0 R08: 0000000000000000 R09: 0000000000000000
[ 1637.026504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1637.028008] R13: 00007fff89c8b65f R14: 00007f2b78795300 R15: 0000000000022000
[ 1637.029563] CPU: 0 PID: 9714 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1637.030425] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1637.031402] Call Trace:
[ 1637.031718]  dump_stack+0x107/0x167
[ 1637.032151]  should_fail.cold+0x5/0xa
[ 1637.032610]  _copy_from_user+0x2e/0x1b0
[ 1637.033096]  move_addr_to_kernel.part.0+0x31/0x110
[ 1637.033686]  move_addr_to_kernel+0x4f/0x70
[ 1637.034191]  io_connect+0x47a/0x610
[ 1637.034618]  ? io_prep_rw+0x1050/0x1050
[ 1637.035101]  ? __lock_acquire+0xbb1/0x5b00
[ 1637.035604]  io_issue_sqe+0x1611/0x77d0
[ 1637.036084]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1637.036716]  ? lock_chain_count+0x20/0x20
[ 1637.037221]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1637.037835]  ? io_connect+0x610/0x610
[ 1637.038290]  ? lock_acquire+0x197/0x470
[ 1637.038752]  ? find_held_lock+0x2c/0x110
[ 1637.039237]  ? __fget_files+0x2cf/0x520
[ 1637.039700]  ? lock_downgrade+0x6d0/0x6d0
[ 1637.040197]  __io_queue_sqe+0x90/0x9d0
[ 1637.040666]  ? io_issue_sqe+0x77d0/0x77d0
[ 1637.041158]  ? __fget_files+0x2f8/0x520
[ 1637.041638]  io_submit_sqes+0x44ab/0x8610
[ 1637.042143]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.042730]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.043303]  ? find_held_lock+0x2c/0x110
[ 1637.043777]  ? io_submit_sqes+0x8610/0x8610
[ 1637.044296]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1637.044860]  ? wait_for_completion_io+0x270/0x270
[ 1637.045464]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1637.046003]  ? vfs_write+0x354/0xb10
[ 1637.046435]  ? fput_many+0x2f/0x1a0
[ 1637.046858]  ? ksys_write+0x1a9/0x260
[ 1637.047323]  ? __ia32_sys_read+0xb0/0xb0
[ 1637.047797]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1637.048431]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1637.049031]  do_syscall_64+0x33/0x40
[ 1637.049477]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1637.050074] RIP: 0033:0x7fe1afc89b19
[ 1637.050507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1637.052661] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1637.053569] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1637.054410] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1637.055247] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1637.056076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1637.056903] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:39:53 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000)

10:39:53 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x40000000, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:53 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:39:53 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x0, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1637.255582] FAULT_INJECTION: forcing a failure.
[ 1637.255582] name failslab, interval 1, probability 0, space 0, times 0
[ 1637.257057] CPU: 0 PID: 9728 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1637.257848] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1637.258804] Call Trace:
[ 1637.259114]  dump_stack+0x107/0x167
[ 1637.259550]  should_fail.cold+0x5/0xa
[ 1637.259992]  should_failslab+0x5/0x20
[ 1637.260446]  kmem_cache_alloc_bulk+0x4b/0x320
[ 1637.260968]  io_submit_sqes+0x6fe7/0x8610
[ 1637.261488]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.262062]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.262630]  ? find_held_lock+0x2c/0x110
[ 1637.263102]  ? io_submit_sqes+0x8610/0x8610
[ 1637.263609]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1637.264164]  ? wait_for_completion_io+0x270/0x270
[ 1637.264720]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1637.265265]  ? vfs_write+0x354/0xb10
[ 1637.265690]  ? fput_many+0x2f/0x1a0
[ 1637.266108]  ? ksys_write+0x1a9/0x260
[ 1637.266545]  ? __ia32_sys_read+0xb0/0xb0
[ 1637.267015]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1637.267618]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1637.268210]  do_syscall_64+0x33/0x40
[ 1637.268635]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1637.269240] RIP: 0033:0x7fe1afc89b19
[ 1637.269667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1637.271840] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1637.272747] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1637.273594] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1637.274425] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1637.275255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1637.276073] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:39:53 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0)

10:39:53 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2, 0x8}}}}, 0xde8)

10:39:53 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)

[ 1637.419869] FAULT_INJECTION: forcing a failure.
[ 1637.419869] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1637.421523] CPU: 0 PID: 9741 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1637.422309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1637.423263] Call Trace:
[ 1637.423567]  dump_stack+0x107/0x167
[ 1637.423993]  should_fail.cold+0x5/0xa
[ 1637.424454]  __alloc_pages_nodemask+0x182/0x600
[ 1637.424999]  ? lock_acquire+0x197/0x470
[ 1637.425481]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1637.426207]  ? find_held_lock+0x2c/0x110
[ 1637.426697]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1637.427330]  ? lock_downgrade+0x6d0/0x6d0
[ 1637.427808]  ? mark_held_locks+0x9e/0xe0
[ 1637.428276]  alloc_pages_current+0x187/0x280
[ 1637.428781]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1637.429421]  ? replace_page_cache_page+0x1200/0x1200
[ 1637.430004]  pte_alloc_one+0x16/0x1a0
[ 1637.430441]  ? replace_page_cache_page+0x1200/0x1200
[ 1637.431025]  handle_mm_fault+0x2ab2/0x3500
[ 1637.431551]  ? __lock_acquire+0x1657/0x5b00
[ 1637.432083]  ? find_held_lock+0x2c/0x110
[ 1637.432561]  ? pgtable_bad+0x90/0x90
[ 1637.432987]  ? __pmd_alloc+0x630/0x630
[ 1637.433475]  ? vmacache_find+0x55/0x2a0
[ 1637.433950]  do_user_addr_fault+0x56e/0xc60
[ 1637.434464]  exc_page_fault+0xa2/0x1a0
[ 1637.434923]  asm_exc_page_fault+0x1e/0x30
[ 1637.435421] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1637.436105] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1637.438241] RSP: 0018:ffff888017dcf7b8 EFLAGS: 00050287
[ 1637.438888] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1637.439730] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff888017dcf888
[ 1637.440554] RBP: ffff888017dcf888 R08: 0000000000000001 R09: ffff888017dcf907
[ 1637.441419] R10: ffffed1002fb9f20 R11: 0000000000000001 R12: 0000000020000100
[ 1637.442247] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1637.443116]  _copy_from_user+0x172/0x1b0
[ 1637.443605]  move_addr_to_kernel.part.0+0x31/0x110
[ 1637.444170]  move_addr_to_kernel+0x4f/0x70
[ 1637.444669]  io_connect+0x47a/0x610
[ 1637.445124]  ? io_prep_rw+0x1050/0x1050
[ 1637.445600]  ? lock_acquire+0x197/0x470
[ 1637.446067]  ? __lock_acquire+0xbb1/0x5b00
[ 1637.446554]  io_issue_sqe+0x1611/0x77d0
[ 1637.447041]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1637.447687]  ? lock_chain_count+0x20/0x20
[ 1637.448182]  ? __is_insn_slot_addr+0x14c/0x290
[ 1637.448712]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1637.449361]  ? io_connect+0x610/0x610
[ 1637.449836]  ? lock_acquire+0x197/0x470
[ 1637.450311]  ? find_held_lock+0x2c/0x110
[ 1637.450782]  ? __fget_files+0x2cf/0x520
[ 1637.451262]  ? lock_downgrade+0x6d0/0x6d0
[ 1637.451739]  __io_queue_sqe+0x90/0x9d0
[ 1637.452211]  ? io_issue_sqe+0x77d0/0x77d0
[ 1637.452717]  ? __fget_files+0x2f8/0x520
[ 1637.453194]  io_submit_sqes+0x44ab/0x8610
[ 1637.453685]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.454291]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.454863]  ? find_held_lock+0x2c/0x110
[ 1637.455355]  ? io_submit_sqes+0x8610/0x8610
[ 1637.455854]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1637.456437]  ? wait_for_completion_io+0x270/0x270
[ 1637.457030]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1637.457576]  ? vfs_write+0x354/0xb10
[ 1637.458005]  ? fput_many+0x2f/0x1a0
[ 1637.458441]  ? ksys_write+0x1a9/0x260
[ 1637.458886]  ? __ia32_sys_read+0xb0/0xb0
[ 1637.459378]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1637.460010]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1637.460621]  do_syscall_64+0x33/0x40
[ 1637.461082]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1637.461748] RIP: 0033:0x7ffb15b8eb19
[ 1637.462203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1637.464354] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1637.465254] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1637.466077] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1637.466915] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1637.467778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1637.468604] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:39:53 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x2, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:39:53 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0)

10:39:53 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:39:53 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x0, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1637.600195] FAULT_INJECTION: forcing a failure.
[ 1637.600195] name failslab, interval 1, probability 0, space 0, times 0
[ 1637.601687] CPU: 0 PID: 9749 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1637.602478] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1637.603428] Call Trace:
[ 1637.603734]  dump_stack+0x107/0x167
[ 1637.604154]  should_fail.cold+0x5/0xa
[ 1637.604596]  should_failslab+0x5/0x20
[ 1637.605031]  kmem_cache_alloc_bulk+0x4b/0x320
[ 1637.605569]  io_submit_sqes+0x6fe7/0x8610
[ 1637.606085]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.606669]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1637.607224]  ? find_held_lock+0x2c/0x110
[ 1637.607697]  ? io_submit_sqes+0x8610/0x8610
[ 1637.608204]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1637.608759]  ? wait_for_completion_io+0x270/0x270
[ 1637.609321]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1637.609850]  ? vfs_write+0x354/0xb10
[ 1637.610278]  ? fput_many+0x2f/0x1a0
[ 1637.610697]  ? ksys_write+0x1a9/0x260
[ 1637.611132]  ? __ia32_sys_read+0xb0/0xb0
[ 1637.611600]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1637.612209]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1637.612800]  do_syscall_64+0x33/0x40
[ 1637.613234]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1637.613826] RIP: 0033:0x7fe1afc89b19
[ 1637.614256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1637.616386] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1637.617266] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1637.618086] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1637.618903] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1637.619716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1637.620538] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:40:06 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48)

10:40:06 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)

10:40:06 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:40:06 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000)

10:40:06 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x6, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:06 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2, 0x8}}}}, 0xde8)

10:40:06 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x2000000, 0x0, 0x0, 0x0)

10:40:06 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x0, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1650.176532] FAULT_INJECTION: forcing a failure.
[ 1650.176532] name failslab, interval 1, probability 0, space 0, times 0
[ 1650.179106] CPU: 1 PID: 9775 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1650.180554] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1650.182317] Call Trace:
[ 1650.182883]  dump_stack+0x107/0x167
[ 1650.183656]  should_fail.cold+0x5/0xa
[ 1650.184470]  ? ptlock_alloc+0x1d/0x70
[ 1650.185299]  should_failslab+0x5/0x20
[ 1650.186107]  kmem_cache_alloc+0x5b/0x310
[ 1650.186977]  ptlock_alloc+0x1d/0x70
[ 1650.187748]  pte_alloc_one+0x68/0x1a0
[ 1650.188557]  ? replace_page_cache_page+0x1200/0x1200
[ 1650.189639]  handle_mm_fault+0x2ab2/0x3500
[ 1650.190535]  ? __lock_acquire+0x1657/0x5b00
[ 1650.191452]  ? find_held_lock+0x2c/0x110
[ 1650.192309]  ? pgtable_bad+0x90/0x90
[ 1650.193097]  ? __pmd_alloc+0x630/0x630
[ 1650.193936]  ? vmacache_find+0x55/0x2a0
[ 1650.194779]  do_user_addr_fault+0x56e/0xc60
[ 1650.195696]  exc_page_fault+0xa2/0x1a0
[ 1650.196517]  asm_exc_page_fault+0x1e/0x30
[ 1650.197397] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1650.198642] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1650.202509] RSP: 0018:ffff8880461ff7b8 EFLAGS: 00050287
[ 1650.203621] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1650.205122] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff8880461ff888
[ 1650.206633] RBP: ffff8880461ff888 R08: 0000000000000001 R09: ffff8880461ff907
[ 1650.208131] R10: ffffed1008c3ff20 R11: 0000000000000001 R12: 0000000020000100
[ 1650.209626] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1650.211160]  _copy_from_user+0x172/0x1b0
[ 1650.212012]  move_addr_to_kernel.part.0+0x31/0x110
[ 1650.213034]  move_addr_to_kernel+0x4f/0x70
[ 1650.213931]  io_connect+0x47a/0x610
[ 1650.214698]  ? io_prep_rw+0x1050/0x1050
[ 1650.215541]  ? lock_acquire+0x197/0x470
[ 1650.216374]  ? __lock_acquire+0xbb1/0x5b00
[ 1650.217270]  io_issue_sqe+0x1611/0x77d0
[ 1650.218120]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1650.219208]  ? lock_chain_count+0x20/0x20
[ 1650.220071]  ? __is_insn_slot_addr+0x14c/0x290
[ 1650.221026]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1650.222127]  ? io_connect+0x610/0x610
[ 1650.222930]  ? lock_acquire+0x197/0x470
[ 1650.223755]  ? find_held_lock+0x2c/0x110
[ 1650.224610]  ? __fget_files+0x2cf/0x520
[ 1650.225462]  ? lock_downgrade+0x6d0/0x6d0
[ 1650.226336]  __io_queue_sqe+0x90/0x9d0
[ 1650.227165]  ? io_issue_sqe+0x77d0/0x77d0
[ 1650.228022]  ? __fget_files+0x2f8/0x520
[ 1650.228870]  io_submit_sqes+0x44ab/0x8610
[ 1650.229772]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1650.230979]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1650.232144]  ? find_held_lock+0x2c/0x110
[ 1650.233135]  ? io_submit_sqes+0x8610/0x8610
[ 1650.234188]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1650.235349]  ? wait_for_completion_io+0x270/0x270
[ 1650.236510]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1650.237650]  ? vfs_write+0x354/0xb10
[ 1650.238577]  ? fput_many+0x2f/0x1a0
[ 1650.239484]  ? ksys_write+0x1a9/0x260
[ 1650.240439]  ? __ia32_sys_read+0xb0/0xb0
[ 1650.241466]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1650.242765]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1650.244037]  do_syscall_64+0x33/0x40
[ 1650.244938]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1650.246198] RIP: 0033:0x7ffb15b8eb19
[ 1650.247108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1650.250647] FAULT_INJECTION: forcing a failure.
[ 1650.250647] name failslab, interval 1, probability 0, space 0, times 0
[ 1650.251605] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1650.251626] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1650.251642] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1650.258485] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1650.260221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1650.261967] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1650.263717] CPU: 0 PID: 9779 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1650.264667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1650.265812] Call Trace:
[ 1650.266176]  dump_stack+0x107/0x167
[ 1650.266674]  should_fail.cold+0x5/0xa
[ 1650.267197]  ? create_object.isra.0+0x3a/0xa30
[ 1650.267853]  should_failslab+0x5/0x20
[ 1650.268381]  kmem_cache_alloc+0x5b/0x310
[ 1650.268936]  ? mark_held_locks+0x9e/0xe0
[ 1650.269502]  create_object.isra.0+0x3a/0xa30
[ 1650.270113]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1650.270815]  kmem_cache_alloc_bulk+0x168/0x320
[ 1650.271447]  io_submit_sqes+0x6fe7/0x8610
[ 1650.272025]  ? __io_uring_add_tctx_node+0xe6/0x520
[ 1650.272707]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1650.273395]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1650.274054]  ? find_held_lock+0x2c/0x110
[ 1650.274614]  ? io_submit_sqes+0x8610/0x8610
[ 1650.275206]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1650.275867]  ? wait_for_completion_io+0x270/0x270
[ 1650.276528]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1650.277168]  ? vfs_write+0x354/0xb10
[ 1650.277688]  ? fput_many+0x2f/0x1a0
[ 1650.278191]  ? ksys_write+0x1a9/0x260
[ 1650.278712]  ? __ia32_sys_read+0xb0/0xb0
[ 1650.279276]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1650.279992]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1650.280696]  do_syscall_64+0x33/0x40
[ 1650.281216]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1650.281933] RIP: 0033:0x7fe1afc89b19
[ 1650.282451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1650.284977] RSP: 002b:00007fe1ad1de188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1650.286057] RAX: ffffffffffffffda RBX: 00007fe1afd9d020 RCX: 00007fe1afc89b19
[ 1650.287040] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1650.288018] RBP: 00007fe1ad1de1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1650.288994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1650.289977] R13: 00007ffdd93ef63f R14: 00007fe1ad1de300 R15: 0000000000022000
10:40:06 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x0, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:40:06 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x6000000, 0x0, 0x0, 0x0)

10:40:06 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2, 0x8}}}}, 0xde8)

10:40:06 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:40:06 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0)

10:40:06 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:40:06 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x600, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:06 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:40:21 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:21 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:40:21 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)

10:40:21 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x2, 0x0, 0x0, 0x0)

10:40:21 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000)

10:40:21 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x40000000, 0x0, 0x0, 0x0)

10:40:21 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:40:21 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0xde8)

[ 1665.214748] FAULT_INJECTION: forcing a failure.
[ 1665.214748] name failslab, interval 1, probability 0, space 0, times 0
[ 1665.216238] CPU: 0 PID: 9821 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1665.217074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1665.218092] Call Trace:
[ 1665.218420]  dump_stack+0x107/0x167
[ 1665.218875]  should_fail.cold+0x5/0xa
[ 1665.219342]  ? create_object.isra.0+0x3a/0xa30
[ 1665.219895]  should_failslab+0x5/0x20
[ 1665.220362]  kmem_cache_alloc+0x5b/0x310
[ 1665.220859]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1665.221616]  create_object.isra.0+0x3a/0xa30
[ 1665.222151]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1665.222776]  kmem_cache_alloc+0x159/0x310
[ 1665.223289]  ptlock_alloc+0x1d/0x70
[ 1665.223736]  pte_alloc_one+0x68/0x1a0
[ 1665.224203]  ? replace_page_cache_page+0x1200/0x1200
[ 1665.224821]  handle_mm_fault+0x2ab2/0x3500
[ 1665.225340]  ? __lock_acquire+0x1657/0x5b00
[ 1665.225876]  ? find_held_lock+0x2c/0x110
[ 1665.226371]  ? pgtable_bad+0x90/0x90
[ 1665.226825]  ? __pmd_alloc+0x630/0x630
[ 1665.227307]  ? vmacache_find+0x55/0x2a0
[ 1665.227797]  do_user_addr_fault+0x56e/0xc60
[ 1665.228331]  exc_page_fault+0xa2/0x1a0
[ 1665.228806]  asm_exc_page_fault+0x1e/0x30
[ 1665.229312] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1665.230039] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1665.232276] RSP: 0018:ffff88804a2af7b8 EFLAGS: 00050287
[ 1665.232922] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1665.233797] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff88804a2af888
[ 1665.234663] RBP: ffff88804a2af888 R08: 0000000000000001 R09: ffff88804a2af907
[ 1665.235533] R10: ffffed1009455f20 R11: 0000000000000001 R12: 0000000020000100
[ 1665.236402] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1665.237283]  _copy_from_user+0x172/0x1b0
[ 1665.237790]  move_addr_to_kernel.part.0+0x31/0x110
[ 1665.238397]  move_addr_to_kernel+0x4f/0x70
[ 1665.238912]  io_connect+0x47a/0x610
[ 1665.239353]  ? io_prep_rw+0x1050/0x1050
[ 1665.239844]  ? lock_acquire+0x197/0x470
[ 1665.240330]  ? __lock_acquire+0xbb1/0x5b00
[ 1665.240846]  io_issue_sqe+0x1611/0x77d0
[ 1665.241334]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1665.242016]  ? lock_chain_count+0x20/0x20
[ 1665.242519]  ? __is_insn_slot_addr+0x14c/0x290
[ 1665.243076]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1665.243711]  ? io_connect+0x610/0x610
[ 1665.244180]  ? lock_acquire+0x197/0x470
[ 1665.244677]  ? find_held_lock+0x2c/0x110
[ 1665.245198]  ? __fget_files+0x2cf/0x520
[ 1665.245698]  ? lock_downgrade+0x6d0/0x6d0
[ 1665.246215]  __io_queue_sqe+0x90/0x9d0
[ 1665.246696]  ? io_issue_sqe+0x77d0/0x77d0
[ 1665.247213]  ? __fget_files+0x2f8/0x520
[ 1665.247715]  io_submit_sqes+0x44ab/0x8610
[ 1665.248237]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1665.248856]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1665.249462]  ? find_held_lock+0x2c/0x110
[ 1665.249968]  ? io_submit_sqes+0x8610/0x8610
[ 1665.250494]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1665.251076]  ? wait_for_completion_io+0x270/0x270
[ 1665.251662]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1665.252222]  ? vfs_write+0x354/0xb10
[ 1665.252673]  ? fput_many+0x2f/0x1a0
[ 1665.253136]  ? ksys_write+0x1a9/0x260
[ 1665.253619]  ? __ia32_sys_read+0xb0/0xb0
[ 1665.254121]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1665.254788]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1665.255413]  do_syscall_64+0x33/0x40
[ 1665.255865]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1665.256488] RIP: 0033:0x7ffb15b8eb19
[ 1665.256937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1665.259227] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1665.260147] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1665.261006] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1665.261884] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1665.262788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1665.263665] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1665.267277] FAULT_INJECTION: forcing a failure.
[ 1665.267277] name failslab, interval 1, probability 0, space 0, times 0
[ 1665.268677] CPU: 0 PID: 9827 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1665.269539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1665.270565] Call Trace:
[ 1665.270888]  dump_stack+0x107/0x167
[ 1665.271347]  should_fail.cold+0x5/0xa
[ 1665.271810]  ? create_object.isra.0+0x3a/0xa30
[ 1665.272358]  should_failslab+0x5/0x20
[ 1665.272813]  kmem_cache_alloc+0x5b/0x310
[ 1665.273301]  ? mark_held_locks+0x9e/0xe0
[ 1665.273807]  create_object.isra.0+0x3a/0xa30
[ 1665.274359]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1665.274973]  kmem_cache_alloc_bulk+0x168/0x320
[ 1665.275550]  io_submit_sqes+0x6fe7/0x8610
[ 1665.276055]  ? __io_uring_add_tctx_node+0xe6/0x520
[ 1665.276661]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1665.277262]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1665.277851]  ? find_held_lock+0x2c/0x110
[ 1665.278343]  ? io_submit_sqes+0x8610/0x8610
[ 1665.278869]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1665.279468]  ? wait_for_completion_io+0x270/0x270
[ 1665.280086]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1665.280671]  ? vfs_write+0x354/0xb10
[ 1665.281128]  ? fput_many+0x2f/0x1a0
[ 1665.281600]  ? ksys_write+0x1a9/0x260
[ 1665.282060]  ? __ia32_sys_read+0xb0/0xb0
[ 1665.282572]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1665.283215]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1665.283839]  do_syscall_64+0x33/0x40
[ 1665.284304]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1665.284922] RIP: 0033:0x7fe1afc89b19
[ 1665.285391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1665.287640] RSP: 002b:00007fe1ad1de188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1665.288552] RAX: ffffffffffffffda RBX: 00007fe1afd9d020 RCX: 00007fe1afc89b19
[ 1665.289426] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1665.290306] RBP: 00007fe1ad1de1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1665.291163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1665.292030] R13: 00007ffdd93ef63f R14: 00007fe1ad1de300 R15: 0000000000022000
10:40:21 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1665.348963] FAULT_INJECTION: forcing a failure.
[ 1665.348963] name failslab, interval 1, probability 0, space 0, times 0
[ 1665.350488] CPU: 0 PID: 9832 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1665.351300] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1665.352292] Call Trace:
[ 1665.352603]  dump_stack+0x107/0x167
[ 1665.353032]  should_fail.cold+0x5/0xa
[ 1665.353493]  ? create_object.isra.0+0x3a/0xa30
[ 1665.354039]  should_failslab+0x5/0x20
[ 1665.354491]  kmem_cache_alloc+0x5b/0x310
[ 1665.354969]  ? mark_held_locks+0x9e/0xe0
[ 1665.355448]  create_object.isra.0+0x3a/0xa30
[ 1665.355962]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1665.356577]  kmem_cache_alloc_bulk+0x168/0x320
[ 1665.357121]  io_submit_sqes+0x6fe7/0x8610
[ 1665.357652]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1665.358245]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1665.358816]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1665.359428]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1665.359962]  ? trace_hardirqs_on+0x5b/0x180
[ 1665.360480]  ? io_submit_sqes+0x8610/0x8610
[ 1665.360994]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1665.361541]  ? finish_task_switch+0x126/0x5d0
[ 1665.362080]  ? finish_task_switch+0xef/0x5d0
[ 1665.362602]  ? __switch_to+0x572/0xf70
[ 1665.363056]  ? __switch_to_asm+0x3a/0x60
[ 1665.363537]  ? __switch_to_asm+0x34/0x60
[ 1665.364010]  ? __schedule+0x82c/0x1ea0
[ 1665.364468]  ? io_schedule_timeout+0x140/0x140
[ 1665.364997]  ? copy_kernel_to_fpregs+0x9e/0xe0
[ 1665.365561]  ? trace_event_raw_event_x86_fpu+0x390/0x390
[ 1665.366195]  ? ksys_write+0x1a9/0x260
[ 1665.366650]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1665.367262]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1665.367865]  do_syscall_64+0x33/0x40
[ 1665.368300]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1665.368898] RIP: 0033:0x7fe1afc89b19
[ 1665.369338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1665.371526] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1665.372425] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1665.373278] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1665.374119] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1665.374970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1665.375815] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:40:21 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:21 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000)

10:40:21 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0xde8)

10:40:21 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:21 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2, 0x0, 0x0)

10:40:33 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)

10:40:33 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x6, 0x0, 0x0, 0x0)

10:40:33 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0xde8)

10:40:33 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:40:33 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:33 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x200000000000000)

10:40:33 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x6, 0x0, 0x0)

10:40:33 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1677.569272] FAULT_INJECTION: forcing a failure.
[ 1677.569272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1677.571819] CPU: 0 PID: 9859 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1677.573247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1677.574983] Call Trace:
[ 1677.575536]  dump_stack+0x107/0x167
[ 1677.576297]  should_fail.cold+0x5/0xa
[ 1677.577094]  _copy_from_user+0x2e/0x1b0
[ 1677.577942]  move_addr_to_kernel.part.0+0x31/0x110
[ 1677.578977]  move_addr_to_kernel+0x4f/0x70
[ 1677.579868]  io_connect+0x47a/0x610
[ 1677.580640]  ? io_prep_rw+0x1050/0x1050
[ 1677.581493]  ? __lock_acquire+0xbb1/0x5b00
[ 1677.582397]  io_issue_sqe+0x1611/0x77d0
[ 1677.583229]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1677.584321]  ? lock_chain_count+0x20/0x20
[ 1677.585185]  ? __is_insn_slot_addr+0x14c/0x290
[ 1677.586145]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1677.587232]  ? io_connect+0x610/0x610
[ 1677.588028]  ? lock_acquire+0x197/0x470
[ 1677.588852]  ? find_held_lock+0x2c/0x110
[ 1677.589710]  ? __fget_files+0x2cf/0x520
[ 1677.590536]  ? lock_downgrade+0x6d0/0x6d0
[ 1677.591419]  __io_queue_sqe+0x90/0x9d0
[ 1677.592239]  ? io_issue_sqe+0x77d0/0x77d0
[ 1677.593107]  ? __fget_files+0x2f8/0x520
[ 1677.593969]  io_submit_sqes+0x44ab/0x8610
[ 1677.594868]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1677.595914]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1677.596930]  ? find_held_lock+0x2c/0x110
[ 1677.597800]  ? io_submit_sqes+0x8610/0x8610
[ 1677.598714]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1677.599731]  ? wait_for_completion_io+0x270/0x270
[ 1677.600751]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1677.601737]  ? vfs_write+0x354/0xb10
[ 1677.602521]  ? fput_many+0x2f/0x1a0
[ 1677.603289]  ? ksys_write+0x1a9/0x260
[ 1677.604091]  ? __ia32_sys_read+0xb0/0xb0
[ 1677.604951]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1677.606063]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1677.607150]  do_syscall_64+0x33/0x40
[ 1677.607934]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1677.609014] RIP: 0033:0x7ffb15b8eb19
[ 1677.609804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1677.613712] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1677.615310] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1677.616811] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1677.618320] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1677.619822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1677.621321] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1677.623380] FAULT_INJECTION: forcing a failure.
[ 1677.623380] name failslab, interval 1, probability 0, space 0, times 0
[ 1677.625867] CPU: 1 PID: 9869 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1677.627311] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1677.629068] Call Trace:
[ 1677.629630]  dump_stack+0x107/0x167
[ 1677.630411]  should_fail.cold+0x5/0xa
[ 1677.631217]  ? create_object.isra.0+0x3a/0xa30
[ 1677.632182]  should_failslab+0x5/0x20
[ 1677.632991]  kmem_cache_alloc+0x5b/0x310
[ 1677.633860]  ? mark_held_locks+0x9e/0xe0
[ 1677.634721]  create_object.isra.0+0x3a/0xa30
[ 1677.635651]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1677.636733]  kmem_cache_alloc_bulk+0x168/0x320
[ 1677.637718]  io_submit_sqes+0x6fe7/0x8610
[ 1677.638621]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1677.639671]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1677.640691]  ? find_held_lock+0x2c/0x110
[ 1677.641553]  ? io_submit_sqes+0x8610/0x8610
[ 1677.642480]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1677.643504]  ? wait_for_completion_io+0x270/0x270
[ 1677.644525]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1677.645503]  ? vfs_write+0x354/0xb10
[ 1677.646297]  ? fput_many+0x2f/0x1a0
[ 1677.647069]  ? ksys_write+0x1a9/0x260
[ 1677.647873]  ? __ia32_sys_read+0xb0/0xb0
[ 1677.648734]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1677.649853]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1677.650939]  do_syscall_64+0x33/0x40
[ 1677.651725]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1677.652804] RIP: 0033:0x7fe1afc89b19
[ 1677.653588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1677.657459] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1677.659074] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1677.660583] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1677.662101] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1677.663613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1677.665120] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:40:46 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0x0)

10:40:46 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)

10:40:46 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600000000000000)

10:40:46 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x600, 0x0, 0x0, 0x0)

10:40:46 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2, 0x8}}}}, 0xde8)

10:40:46 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:40:46 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:46 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x600, 0x0, 0x0)

[ 1690.166548] FAULT_INJECTION: forcing a failure.
[ 1690.166548] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1690.169070] CPU: 0 PID: 9892 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1690.170525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1690.172274] Call Trace:
[ 1690.172833]  dump_stack+0x107/0x167
[ 1690.173607]  should_fail.cold+0x5/0xa
[ 1690.174427]  __alloc_pages_nodemask+0x182/0x600
[ 1690.175413]  ? lock_acquire+0x197/0x470
[ 1690.176256]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1690.177522]  ? find_held_lock+0x2c/0x110
[ 1690.178409]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1690.179517]  ? lock_downgrade+0x6d0/0x6d0
[ 1690.180392]  ? mark_held_locks+0x9e/0xe0
[ 1690.181241]  alloc_pages_current+0x187/0x280
[ 1690.182171]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1690.183279]  ? replace_page_cache_page+0x1200/0x1200
[ 1690.184370]  pte_alloc_one+0x16/0x1a0
[ 1690.185164]  ? replace_page_cache_page+0x1200/0x1200
[ 1690.186259]  handle_mm_fault+0x2ab2/0x3500
[ 1690.187169]  ? __lock_acquire+0x1657/0x5b00
[ 1690.188079]  ? __pmd_alloc+0x630/0x630
[ 1690.188905]  ? vmacache_find+0x55/0x2a0
[ 1690.189762]  do_user_addr_fault+0x56e/0xc60
[ 1690.190709]  exc_page_fault+0xa2/0x1a0
[ 1690.191541]  asm_exc_page_fault+0x1e/0x30
[ 1690.192418] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1690.193564] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1690.197501] RSP: 0018:ffff88803b20f7b8 EFLAGS: 00050246
[ 1690.198679] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1690.200209] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88803b20f888
[ 1690.201742] RBP: ffff88803b20f888 R08: 0000000000000001 R09: ffff88803b20f907
[ 1690.203275] R10: ffffed1007641f20 R11: 0000000000000001 R12: 0000000020000100
[ 1690.204418] FAULT_INJECTION: forcing a failure.
[ 1690.204418] name failslab, interval 1, probability 0, space 0, times 0
[ 1690.204791] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1690.204834]  _copy_from_user+0x172/0x1b0
[ 1690.209492]  move_addr_to_kernel.part.0+0x31/0x110
[ 1690.210540]  move_addr_to_kernel+0x4f/0x70
[ 1690.211438]  io_connect+0x47a/0x610
[ 1690.212217]  ? io_prep_rw+0x1050/0x1050
[ 1690.213070]  ? __lock_acquire+0xbb1/0x5b00
[ 1690.213978]  io_issue_sqe+0x1611/0x77d0
[ 1690.214824]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1690.215950]  ? lock_chain_count+0x20/0x20
[ 1690.216825]  ? __is_insn_slot_addr+0x14c/0x290
[ 1690.217795]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1690.218914]  ? io_connect+0x610/0x610
[ 1690.219728]  ? lock_acquire+0x197/0x470
[ 1690.220565]  ? find_held_lock+0x2c/0x110
[ 1690.221431]  ? __fget_files+0x2cf/0x520
[ 1690.222293]  ? lock_downgrade+0x6d0/0x6d0
[ 1690.223168]  __io_queue_sqe+0x90/0x9d0
[ 1690.223990]  ? io_issue_sqe+0x77d0/0x77d0
[ 1690.224859]  ? __fget_files+0x2f8/0x520
[ 1690.225709]  io_submit_sqes+0x44ab/0x8610
[ 1690.226640]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1690.227705]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1690.228720]  ? find_held_lock+0x2c/0x110
[ 1690.229582]  ? io_submit_sqes+0x8610/0x8610
[ 1690.230517]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1690.231541]  ? wait_for_completion_io+0x270/0x270
[ 1690.232572]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1690.233552]  ? vfs_write+0x354/0xb10
[ 1690.234359]  ? fput_many+0x2f/0x1a0
[ 1690.235126]  ? ksys_write+0x1a9/0x260
[ 1690.235929]  ? __ia32_sys_read+0xb0/0xb0
[ 1690.236792]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1690.237908]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1690.238993]  do_syscall_64+0x33/0x40
[ 1690.239788]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1690.240877] RIP: 0033:0x7ffb15b8eb19
[ 1690.241660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1690.245542] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1690.247163] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1690.248684] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1690.250200] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1690.251710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1690.253225] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1690.254778] CPU: 1 PID: 9897 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1690.256240] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1690.258001] Call Trace:
[ 1690.258575]  dump_stack+0x107/0x167
[ 1690.259351]  should_fail.cold+0x5/0xa
[ 1690.260162]  ? create_object.isra.0+0x3a/0xa30
[ 1690.261146]  should_failslab+0x5/0x20
[ 1690.261962]  kmem_cache_alloc+0x5b/0x310
[ 1690.262830]  ? mark_held_locks+0x9e/0xe0
[ 1690.263693]  create_object.isra.0+0x3a/0xa30
[ 1690.264620]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1690.265703]  kmem_cache_alloc_bulk+0x168/0x320
[ 1690.266686]  io_submit_sqes+0x6fe7/0x8610
[ 1690.267594]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1690.268666]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1690.269689]  ? find_held_lock+0x2c/0x110
[ 1690.270575]  ? io_submit_sqes+0x8610/0x8610
[ 1690.271491]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1690.272529]  ? wait_for_completion_io+0x270/0x270
[ 1690.273585]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1690.274581]  ? vfs_write+0x354/0xb10
[ 1690.275378]  ? fput_many+0x2f/0x1a0
[ 1690.276149]  ? ksys_write+0x1a9/0x260
[ 1690.276960]  ? __ia32_sys_read+0xb0/0xb0
[ 1690.277847]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1690.278980]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1690.280099]  do_syscall_64+0x33/0x40
[ 1690.280893]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1690.281982] RIP: 0033:0x7fe1afc89b19
[ 1690.282770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1690.287045] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1690.289111] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1690.291063] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1690.292996] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1690.294764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1690.296286] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:40:46 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0)

10:40:46 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x6000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:46 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2, 0x8}}}}, 0xde8)

10:40:46 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0x0)

10:40:46 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:46 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0)

10:40:46 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0)

10:40:46 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000)

10:40:46 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0)

[ 1696.999346] kworker/dying (334) used greatest stack depth: 23512 bytes left
10:40:58 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000000000000)

10:40:58 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:58 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0x0)

10:40:58 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2, 0x8}}}}, 0xde8)

10:40:58 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)

10:40:58 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:40:58 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0)

10:40:58 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0)

[ 1702.842349] FAULT_INJECTION: forcing a failure.
[ 1702.842349] name failslab, interval 1, probability 0, space 0, times 0
[ 1702.844878] CPU: 1 PID: 9940 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1702.846343] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1702.848094] Call Trace:
[ 1702.848664]  dump_stack+0x107/0x167
[ 1702.849447]  should_fail.cold+0x5/0xa
[ 1702.850281]  ? ptlock_alloc+0x1d/0x70
[ 1702.851087]  should_failslab+0x5/0x20
[ 1702.851892]  kmem_cache_alloc+0x5b/0x310
[ 1702.852764]  ptlock_alloc+0x1d/0x70
[ 1702.853535]  pte_alloc_one+0x68/0x1a0
[ 1702.854350]  ? replace_page_cache_page+0x1200/0x1200
[ 1702.855422]  handle_mm_fault+0x2ab2/0x3500
[ 1702.856321]  ? __lock_acquire+0x1657/0x5b00
[ 1702.857255]  ? __pmd_alloc+0x630/0x630
[ 1702.858094]  ? vmacache_find+0x55/0x2a0
[ 1702.858943]  do_user_addr_fault+0x56e/0xc60
[ 1702.859868]  exc_page_fault+0xa2/0x1a0
[ 1702.860694]  asm_exc_page_fault+0x1e/0x30
[ 1702.861575] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1702.862724] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1702.866623] RSP: 0018:ffff8880487077b8 EFLAGS: 00050246
[ 1702.867743] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1702.869255] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff888048707888
[ 1702.870765] RBP: ffff888048707888 R08: 0000000000000001 R09: ffff888048707907
[ 1702.872263] R10: ffffed10090e0f20 R11: 0000000000000001 R12: 0000000020000100
[ 1702.873761] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1702.875270]  _copy_from_user+0x172/0x1b0
[ 1702.876131]  move_addr_to_kernel.part.0+0x31/0x110
[ 1702.877176]  move_addr_to_kernel+0x4f/0x70
[ 1702.878074]  io_connect+0x47a/0x610
[ 1702.878841]  ? io_prep_rw+0x1050/0x1050
[ 1702.879695]  ? __lock_acquire+0xbb1/0x5b00
[ 1702.880597]  io_issue_sqe+0x1611/0x77d0
[ 1702.881440]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1702.882569]  ? lock_chain_count+0x20/0x20
[ 1702.883458]  ? __is_insn_slot_addr+0x14c/0x290
[ 1702.884438]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1702.885563]  ? io_connect+0x610/0x610
[ 1702.886389]  ? lock_acquire+0x197/0x470
[ 1702.887251]  ? find_held_lock+0x2c/0x110
[ 1702.888245]  ? __fget_files+0x2cf/0x520
[ 1702.889226]  ? lock_downgrade+0x6d0/0x6d0
[ 1702.890138]  __io_queue_sqe+0x90/0x9d0
[ 1702.890985]  ? io_issue_sqe+0x77d0/0x77d0
[ 1702.891874]  ? __fget_files+0x2f8/0x520
[ 1702.892750]  io_submit_sqes+0x44ab/0x8610
[ 1702.893670]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1702.894750]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1702.895786]  ? find_held_lock+0x2c/0x110
[ 1702.896674]  ? io_submit_sqes+0x8610/0x8610
[ 1702.897601]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1702.898649]  ? wait_for_completion_io+0x270/0x270
[ 1702.899687]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1702.900676]  ? vfs_write+0x354/0xb10
[ 1702.901470]  ? fput_many+0x2f/0x1a0
[ 1702.902252]  ? ksys_write+0x1a9/0x260
[ 1702.903067]  ? __ia32_sys_read+0xb0/0xb0
[ 1702.903950]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1702.905074]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1702.906188]  do_syscall_64+0x33/0x40
[ 1702.906982]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1702.908084] RIP: 0033:0x7ffb15b8eb19
[ 1702.908880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1702.912827] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1702.914468] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1702.915998] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1702.917528] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1702.919062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1702.920592] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1702.951614] FAULT_INJECTION: forcing a failure.
[ 1702.951614] name failslab, interval 1, probability 0, space 0, times 0
[ 1702.954131] CPU: 1 PID: 9950 Comm: syz-executor.7 Not tainted 5.10.244 #1
[ 1702.955614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1702.957405] Call Trace:
[ 1702.957969]  dump_stack+0x107/0x167
[ 1702.958762]  should_fail.cold+0x5/0xa
[ 1702.959575]  ? create_object.isra.0+0x3a/0xa30
[ 1702.960551]  should_failslab+0x5/0x20
[ 1702.961549]  kmem_cache_alloc+0x5b/0x310
[ 1702.962439]  ? mark_held_locks+0x9e/0xe0
[ 1702.963323]  create_object.isra.0+0x3a/0xa30
[ 1702.964269]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1702.965372]  kmem_cache_alloc_bulk+0x168/0x320
[ 1702.966375]  io_submit_sqes+0x6fe7/0x8610
[ 1702.967291]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1702.968357]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1702.969396]  ? find_held_lock+0x2c/0x110
[ 1702.970295]  ? io_submit_sqes+0x8610/0x8610
[ 1702.971232]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1702.972277]  ? wait_for_completion_io+0x270/0x270
[ 1702.973317]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1702.974320]  ? vfs_write+0x354/0xb10
[ 1702.975125]  ? fput_many+0x2f/0x1a0
[ 1702.975908]  ? ksys_write+0x1a9/0x260
[ 1702.976722]  ? __ia32_sys_read+0xb0/0xb0
[ 1702.977596]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1702.978757]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1702.979873]  do_syscall_64+0x33/0x40
[ 1702.980669]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1702.981783] RIP: 0033:0x7fe1afc89b19
[ 1702.982604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1702.986601] RSP: 002b:00007fe1ad1ff188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1702.988246] RAX: ffffffffffffffda RBX: 00007fe1afd9cf60 RCX: 00007fe1afc89b19
[ 1702.989776] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1702.991328] RBP: 00007fe1ad1ff1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1702.992868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1702.994433] R13: 00007ffdd93ef63f R14: 00007fe1ad1ff300 R15: 0000000000022000
10:40:58 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000, 0x0, 0x0)

10:40:59 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:59 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0xde8)

10:40:59 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x6000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:40:59 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0)

10:40:59 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x6000000, 0x0, 0x0)

10:41:13 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)

10:41:13 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:41:13 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0)

10:41:13 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffff00000000)

10:41:13 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0)

10:41:13 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:13 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x80000000000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:41:13 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0xde8)

[ 1717.681364] FAULT_INJECTION: forcing a failure.
[ 1717.681364] name failslab, interval 1, probability 0, space 0, times 0
[ 1717.683795] CPU: 1 PID: 9990 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1717.685234] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1717.686974] Call Trace:
[ 1717.687539]  dump_stack+0x107/0x167
[ 1717.688295]  should_fail.cold+0x5/0xa
[ 1717.689084]  ? create_object.isra.0+0x3a/0xa30
[ 1717.690046]  should_failslab+0x5/0x20
[ 1717.690854]  kmem_cache_alloc+0x5b/0x310
[ 1717.691713]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1717.692983]  create_object.isra.0+0x3a/0xa30
[ 1717.693901]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1717.694999]  kmem_cache_alloc+0x159/0x310
[ 1717.695877]  ptlock_alloc+0x1d/0x70
[ 1717.696646]  pte_alloc_one+0x68/0x1a0
[ 1717.697451]  ? replace_page_cache_page+0x1200/0x1200
[ 1717.698540]  handle_mm_fault+0x2ab2/0x3500
[ 1717.699432]  ? __lock_acquire+0x1657/0x5b00
[ 1717.700344]  ? __pmd_alloc+0x630/0x630
[ 1717.701170]  ? vmacache_find+0x55/0x2a0
[ 1717.702029]  do_user_addr_fault+0x56e/0xc60
[ 1717.702970]  exc_page_fault+0xa2/0x1a0
[ 1717.703805]  asm_exc_page_fault+0x1e/0x30
[ 1717.704673] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1717.705801] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1717.709671] RSP: 0018:ffff88803f42f7b8 EFLAGS: 00050246
[ 1717.710799] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1717.712284] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88803f42f888
[ 1717.713771] RBP: ffff88803f42f888 R08: 0000000000000001 R09: ffff88803f42f907
[ 1717.715277] R10: ffffed1007e85f20 R11: 0000000000000001 R12: 0000000020000100
[ 1717.716784] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1717.718311]  _copy_from_user+0x172/0x1b0
[ 1717.719174]  move_addr_to_kernel.part.0+0x31/0x110
[ 1717.720208]  move_addr_to_kernel+0x4f/0x70
[ 1717.721106]  io_connect+0x47a/0x610
[ 1717.721882]  ? io_prep_rw+0x1050/0x1050
[ 1717.722748]  ? __lock_acquire+0xbb1/0x5b00
[ 1717.723637]  io_issue_sqe+0x1611/0x77d0
[ 1717.724475]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1717.725576]  ? lock_chain_count+0x20/0x20
[ 1717.726471]  ? __is_insn_slot_addr+0x14c/0x290
[ 1717.727460]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1717.728583]  ? io_connect+0x610/0x610
[ 1717.729401]  ? lock_acquire+0x197/0x470
[ 1717.730255]  ? find_held_lock+0x2c/0x110
[ 1717.731142]  ? __fget_files+0x2cf/0x520
[ 1717.731996]  ? lock_downgrade+0x6d0/0x6d0
[ 1717.732885]  __io_queue_sqe+0x90/0x9d0
[ 1717.733716]  ? io_issue_sqe+0x77d0/0x77d0
[ 1717.734605]  ? __fget_files+0x2f8/0x520
[ 1717.735460]  io_submit_sqes+0x44ab/0x8610
[ 1717.736382]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1717.737449]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1717.738494]  ? find_held_lock+0x2c/0x110
[ 1717.739378]  ? io_submit_sqes+0x8610/0x8610
[ 1717.740296]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1717.741328]  ? wait_for_completion_io+0x270/0x270
[ 1717.742364]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1717.743341]  ? vfs_write+0x354/0xb10
[ 1717.744129]  ? fput_many+0x2f/0x1a0
[ 1717.744906]  ? ksys_write+0x1a9/0x260
[ 1717.745720]  ? __ia32_sys_read+0xb0/0xb0
[ 1717.746589]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1717.747700]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1717.748799]  do_syscall_64+0x33/0x40
[ 1717.749597]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1717.750697] RIP: 0033:0x7ffb15b8eb19
[ 1717.751493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1717.755404] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1717.757018] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1717.758551] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1717.760069] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1717.761592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1717.763107] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:41:13 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}}}}}, 0xde8)

10:41:13 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000, 0x0, 0x0)

10:41:13 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:13 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x2000000, 0x0, 0x0, 0x0)

10:41:13 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x200000000000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:41:13 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:41:13 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
syz_io_uring_setup(0x1a01, &(0x7f0000000240)={0x0, 0x86fd, 0x36, 0x1, 0x264}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000071000/0x4000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=<r6=>0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r6, &(0x7f0000000340)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2, 0x0, @fd_index=0x9, 0x3, 0x0, 0x0, 0x1d, 0x1, {0x3, r7}}, 0xab4)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:41:14 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0)

[ 1718.086755] FAULT_INJECTION: forcing a failure.
[ 1718.086755] name failslab, interval 1, probability 0, space 0, times 0
[ 1718.089269] CPU: 1 PID: 10021 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1718.090748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1718.092522] Call Trace:
[ 1718.093091]  dump_stack+0x107/0x167
[ 1718.093874]  should_fail.cold+0x5/0xa
[ 1718.094717]  should_failslab+0x5/0x20
[ 1718.095527]  kmem_cache_alloc_bulk+0x4b/0x320
[ 1718.096493]  io_submit_sqes+0x6fe7/0x8610
[ 1718.097394]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1718.098489]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1718.099508]  ? find_held_lock+0x2c/0x110
[ 1718.100398]  ? io_submit_sqes+0x8610/0x8610
[ 1718.101321]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1718.102352]  ? wait_for_completion_io+0x270/0x270
[ 1718.103391]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1718.104389]  ? vfs_write+0x354/0xb10
[ 1718.105180]  ? fput_many+0x2f/0x1a0
[ 1718.105970]  ? ksys_write+0x1a9/0x260
[ 1718.106840]  ? __ia32_sys_read+0xb0/0xb0
[ 1718.107706]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1718.108838]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1718.109928]  do_syscall_64+0x33/0x40
[ 1718.110721]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1718.111807] RIP: 0033:0x7f88fdc0eb19
[ 1718.112596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1718.116501] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1718.118103] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1718.119617] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1718.121153] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1718.122668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1718.124198] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:41:14 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)

10:41:14 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0x0)

[ 1718.264661] FAULT_INJECTION: forcing a failure.
[ 1718.264661] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1718.266370] CPU: 0 PID: 10031 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1718.267321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1718.268456] Call Trace:
[ 1718.268830]  dump_stack+0x107/0x167
[ 1718.269333]  should_fail.cold+0x5/0xa
[ 1718.269857]  __alloc_pages_nodemask+0x182/0x600
[ 1718.270504]  ? lock_acquire+0x197/0x470
[ 1718.271048]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1718.271874]  ? find_held_lock+0x2c/0x110
[ 1718.272438]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1718.273146]  ? lock_downgrade+0x6d0/0x6d0
[ 1718.273704]  ? mark_held_locks+0x9e/0xe0
[ 1718.274276]  alloc_pages_current+0x187/0x280
[ 1718.274878]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1718.275600]  ? replace_page_cache_page+0x1200/0x1200
[ 1718.276292]  pte_alloc_one+0x16/0x1a0
[ 1718.276810]  ? replace_page_cache_page+0x1200/0x1200
[ 1718.277504]  handle_mm_fault+0x2ab2/0x3500
[ 1718.278087]  ? __schedule+0x82c/0x1ea0
[ 1718.278644]  ? __pmd_alloc+0x630/0x630
[ 1718.279205]  ? vmacache_find+0x55/0x2a0
[ 1718.279763]  do_user_addr_fault+0x56e/0xc60
[ 1718.280373]  exc_page_fault+0xa2/0x1a0
[ 1718.280899]  asm_exc_page_fault+0x1e/0x30
[ 1718.281461] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1718.282227] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1718.284711] RSP: 0018:ffff88803721f7b8 EFLAGS: 00050246
[ 1718.285430] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1718.286402] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88803721f888
[ 1718.287348] RBP: ffff88803721f888 R08: 0000000000000001 R09: ffff88803721f907
[ 1718.288305] R10: ffffed1006e43f20 R11: 0000000000000001 R12: 0000000020000100
[ 1718.289276] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1718.290269]  _copy_from_user+0x172/0x1b0
[ 1718.290834]  move_addr_to_kernel.part.0+0x31/0x110
[ 1718.291525]  move_addr_to_kernel+0x4f/0x70
[ 1718.292099]  io_connect+0x47a/0x610
[ 1718.292587]  ? io_prep_rw+0x1050/0x1050
[ 1718.293134]  ? __lock_acquire+0xbb1/0x5b00
[ 1718.293705]  io_issue_sqe+0x1611/0x77d0
[ 1718.294252]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1718.294949]  ? lock_chain_count+0x20/0x20
[ 1718.295507]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1718.296213]  ? io_connect+0x610/0x610
[ 1718.296730]  ? lock_acquire+0x197/0x470
[ 1718.297265]  ? find_held_lock+0x2c/0x110
[ 1718.297805]  ? __fget_files+0x2cf/0x520
[ 1718.298342]  ? lock_downgrade+0x6d0/0x6d0
[ 1718.298895]  __io_queue_sqe+0x90/0x9d0
[ 1718.299423]  ? io_issue_sqe+0x77d0/0x77d0
[ 1718.299973]  ? __fget_files+0x2f8/0x520
[ 1718.300520]  io_submit_sqes+0x44ab/0x8610
[ 1718.301103]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1718.301786]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1718.302447]  ? find_held_lock+0x2c/0x110
[ 1718.303004]  ? io_submit_sqes+0x8610/0x8610
[ 1718.303597]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1718.304249]  ? wait_for_completion_io+0x270/0x270
[ 1718.304899]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1718.305537]  ? vfs_write+0x354/0xb10
[ 1718.306032]  ? fput_many+0x2f/0x1a0
[ 1718.306524]  ? ksys_write+0x1a9/0x260
[ 1718.307031]  ? __ia32_sys_read+0xb0/0xb0
[ 1718.307584]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1718.308286]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1718.308967]  do_syscall_64+0x33/0x40
[ 1718.309466]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1718.310154] RIP: 0033:0x7ffb15b8eb19
[ 1718.310669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1718.313165] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1718.314177] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1718.315137] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1718.316074] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1718.317028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1718.318009] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:41:14 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x6000000, 0x0, 0x0, 0x0)

10:41:14 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:14 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x80000000000000, 0x0, 0x0)

10:41:14 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x600000000000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:41:27 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)

10:41:27 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:41:27 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:41:27 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0x0)

10:41:27 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r3, 0x0, 0x0)
r4 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x100000001)
r5 = syz_io_uring_setup(0x88b, &(0x7f0000000240)={0x0, 0x6e4f, 0x20, 0x3, 0x244, 0x0, r4}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000340))
syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2000, @fd, 0x3, 0x0, 0x0, 0x2, 0x1}, 0xa426)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r8, 0x0, 0x0, 0x1000002)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f00000001c0)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x25c, 0x0, 0x2, 0x70bd28, 0x25dfdbff, {}, [{{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8, 0x7, 0x1}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r9}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r9}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}}]}}]}, 0x25c}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r8, 0xc018937c, &(0x7f00000007c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r5, @ANYBLOB="6531000000000000000000000000feff9777a8edb9f84d3f62bb97b9edd8847c98a3c12679118ae2b3cdfef2899dbad7b1ca02a0e93b02dfe8ffdf19308549a2c2eee509dde9cc9e0dac5ec42a4bdb636d10aa5e4854"])
r10 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r10, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:41:27 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0)

10:41:27 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x200000000000000, 0x0, 0x0)

10:41:27 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x2, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1731.800812] FAULT_INJECTION: forcing a failure.
[ 1731.800812] name failslab, interval 1, probability 0, space 0, times 0
[ 1731.803649] CPU: 1 PID: 10066 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1731.805414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1731.807363] Call Trace:
[ 1731.807938]  dump_stack+0x107/0x167
[ 1731.808730]  should_fail.cold+0x5/0xa
[ 1731.809557]  ? ptlock_alloc+0x1d/0x70
[ 1731.810518]  should_failslab+0x5/0x20
[ 1731.811537]  kmem_cache_alloc+0x5b/0x310
[ 1731.812516]  ptlock_alloc+0x1d/0x70
[ 1731.813426]  pte_alloc_one+0x68/0x1a0
[ 1731.814254]  ? replace_page_cache_page+0x1200/0x1200
[ 1731.815366]  handle_mm_fault+0x2ab2/0x3500
[ 1731.816285]  ? __lock_acquire+0x1657/0x5b00
[ 1731.817220]  ? find_held_lock+0x2c/0x110
[ 1731.818401]  ? pgtable_bad+0x90/0x90
[ 1731.819343]  ? __pmd_alloc+0x630/0x630
[ 1731.820343]  ? vmacache_find+0x55/0x2a0
[ 1731.821308]  do_user_addr_fault+0x56e/0xc60
[ 1731.822421]  exc_page_fault+0xa2/0x1a0
[ 1731.823270]  asm_exc_page_fault+0x1e/0x30
[ 1731.824314] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1731.825910] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1731.830082] RSP: 0018:ffff888045a977b8 EFLAGS: 00050287
[ 1731.831258] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1731.832811] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff888045a97888
[ 1731.834379] RBP: ffff888045a97888 R08: 0000000000000001 R09: ffff888045a97907
[ 1731.835955] R10: ffffed1008b52f20 R11: 0000000000000001 R12: 0000000020000100
[ 1731.837657] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1731.839564]  _copy_from_user+0x172/0x1b0
[ 1731.840606]  move_addr_to_kernel.part.0+0x31/0x110
[ 1731.841676]  move_addr_to_kernel+0x4f/0x70
[ 1731.842611]  io_connect+0x47a/0x610
[ 1731.843620]  ? io_prep_rw+0x1050/0x1050
[ 1731.844660]  ? __lock_acquire+0xbb1/0x5b00
[ 1731.845802]  io_issue_sqe+0x1611/0x77d0
[ 1731.846764]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1731.847924]  ? lock_chain_count+0x20/0x20
[ 1731.848826]  ? __is_insn_slot_addr+0x14c/0x290
[ 1731.849839]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1731.851196]  ? io_connect+0x610/0x610
[ 1731.852158]  ? lock_acquire+0x197/0x470
[ 1731.853114]  ? find_held_lock+0x2c/0x110
[ 1731.854141]  ? __fget_files+0x2cf/0x520
[ 1731.855019]  ? lock_downgrade+0x6d0/0x6d0
[ 1731.855928]  __io_queue_sqe+0x90/0x9d0
[ 1731.856785]  ? io_issue_sqe+0x77d0/0x77d0
[ 1731.857686]  ? __fget_files+0x2f8/0x520
[ 1731.858582]  io_submit_sqes+0x44ab/0x8610
[ 1731.859511]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1731.860815]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1731.862167]  ? find_held_lock+0x2c/0x110
[ 1731.863173]  ? io_submit_sqes+0x8610/0x8610
[ 1731.864265]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1731.865313]  ? wait_for_completion_io+0x270/0x270
[ 1731.866484]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1731.867612]  ? vfs_write+0x354/0xb10
[ 1731.868581]  ? fput_many+0x2f/0x1a0
[ 1731.869454]  ? ksys_write+0x1a9/0x260
[ 1731.870353]  ? __ia32_sys_read+0xb0/0xb0
[ 1731.871337]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1731.872478]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1731.873711]  do_syscall_64+0x33/0x40
[ 1731.874649]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1731.875893] RIP: 0033:0x7ffb15b8eb19
[ 1731.876821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1731.880832] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1731.882491] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1731.884097] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1731.885974] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1731.887608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1731.889164] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1731.948287] FAULT_INJECTION: forcing a failure.
[ 1731.948287] name failslab, interval 1, probability 0, space 0, times 0
[ 1731.951014] CPU: 1 PID: 10068 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1731.952759] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1731.954757] Call Trace:
[ 1731.955322]  dump_stack+0x107/0x167
[ 1731.956103]  should_fail.cold+0x5/0xa
[ 1731.956905]  ? create_object.isra.0+0x3a/0xa30
[ 1731.957875]  should_failslab+0x5/0x20
[ 1731.958843]  kmem_cache_alloc+0x5b/0x310
[ 1731.959734]  create_object.isra.0+0x3a/0xa30
[ 1731.960823]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1731.962023]  kmem_cache_alloc_bulk+0x168/0x320
[ 1731.963070]  io_submit_sqes+0x6fe7/0x8610
[ 1731.963969]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1731.965013]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1731.966057]  ? find_held_lock+0x2c/0x110
[ 1731.967050]  ? io_submit_sqes+0x8610/0x8610
[ 1731.968153]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1731.969257]  ? wait_for_completion_io+0x270/0x270
[ 1731.970407]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1731.971386]  ? vfs_write+0x354/0xb10
[ 1731.972167]  ? fput_many+0x2f/0x1a0
[ 1731.972940]  ? ksys_write+0x1a9/0x260
[ 1731.973792]  ? __ia32_sys_read+0xb0/0xb0
[ 1731.974788]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1731.976233]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1731.977388]  do_syscall_64+0x33/0x40
[ 1731.978230]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1731.979334] RIP: 0033:0x7f88fdc0eb19
[ 1731.980122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1731.984491] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1731.986108] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1731.987769] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1731.989488] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1731.991382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1731.993034] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:41:28 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0x0)

10:41:28 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x600000000000000, 0x0, 0x0)

10:41:41 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0)

10:41:41 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x6, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:41 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)

[ 1745.626372] FAULT_INJECTION: forcing a failure.
[ 1745.626372] name failslab, interval 1, probability 0, space 0, times 0
[ 1745.627908] CPU: 1 PID: 10098 Comm: syz-executor.2 Not tainted 5.10.244 #1
10:41:41 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:41:41 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000000000000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:41:41 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x40000000, 0x0, 0x0, 0x0)

10:41:41 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000340)={0x0, <r7=>0x0})
perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0x40, 0x1, 0x19, 0x40, 0x0, 0x9, 0x10000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x6, 0x3ff}, 0x200, 0x5, 0x1, 0x1, 0x8, 0x401, 0xff, 0x0, 0x5, 0x0, 0x7}, r7, 0xe, r5, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r6, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:41:41 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1745.628785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1745.629987] Call Trace:
[ 1745.630318]  dump_stack+0x107/0x167
[ 1745.630772]  should_fail.cold+0x5/0xa
[ 1745.631253]  should_failslab+0x5/0x20
[ 1745.631719]  kmem_cache_alloc_bulk+0x4b/0x320
[ 1745.632276]  io_submit_sqes+0x6fe7/0x8610
[ 1745.632815]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1745.633438]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1745.634050]  ? find_held_lock+0x2c/0x110
[ 1745.634594]  ? io_submit_sqes+0x8610/0x8610
[ 1745.635124]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1745.635721]  ? wait_for_completion_io+0x270/0x270
[ 1745.636306]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1745.636873]  ? vfs_write+0x354/0xb10
[ 1745.637341]  ? fput_many+0x2f/0x1a0
[ 1745.637606] FAULT_INJECTION: forcing a failure.
[ 1745.637606] name failslab, interval 1, probability 0, space 0, times 0
[ 1745.637806]  ? ksys_write+0x1a9/0x260
[ 1745.637829]  ? __ia32_sys_read+0xb0/0xb0
[ 1745.641619]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1745.642284]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1745.642944]  do_syscall_64+0x33/0x40
[ 1745.643408]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1745.644035] RIP: 0033:0x7f66d25a7b19
[ 1745.644501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1745.646751] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1745.647677] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1745.648549] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1745.649425] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1745.650306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1745.651182] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1745.652102] CPU: 0 PID: 10094 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1745.653608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1745.655381] Call Trace:
[ 1745.655945]  dump_stack+0x107/0x167
[ 1745.656718]  should_fail.cold+0x5/0xa
[ 1745.657538]  ? create_object.isra.0+0x3a/0xa30
[ 1745.658514]  should_failslab+0x5/0x20
[ 1745.659348]  kmem_cache_alloc+0x5b/0x310
[ 1745.660210]  ? mark_held_locks+0x9e/0xe0
[ 1745.661089]  create_object.isra.0+0x3a/0xa30
[ 1745.662031]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1745.663152]  kmem_cache_alloc_bulk+0x168/0x320
[ 1745.664147]  io_submit_sqes+0x6fe7/0x8610
[ 1745.665067]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1745.666138]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1745.667194]  ? io_submit_sqes+0x8610/0x8610
[ 1745.668123]  ? recalibrate_cpu_khz+0x10/0x10
[ 1745.669070]  ? ktime_get+0x158/0x1f0
[ 1745.669859]  ? setup_APIC_eilvt+0x2f0/0x2f0
[ 1745.670796]  ? clockevents_program_event+0x131/0x360
[ 1745.671881]  ? tick_program_event+0xa8/0x140
[ 1745.672829]  ? hrtimer_interrupt+0x771/0x9b0
[ 1745.673793]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1745.674932]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1745.676032]  do_syscall_64+0x33/0x40
[ 1745.676833]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1745.677927] RIP: 0033:0x7f88fdc0eb19
[ 1745.678741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1745.682657] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1745.684278] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1745.685801] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1745.687339] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1745.688858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1745.690375] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1745.702064] FAULT_INJECTION: forcing a failure.
[ 1745.702064] name failslab, interval 1, probability 0, space 0, times 0
[ 1745.703632] CPU: 1 PID: 10102 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1745.704495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1745.705507] Call Trace:
[ 1745.705825]  dump_stack+0x107/0x167
[ 1745.706277]  should_fail.cold+0x5/0xa
[ 1745.706751]  ? create_object.isra.0+0x3a/0xa30
[ 1745.707308]  should_failslab+0x5/0x20
[ 1745.707782]  kmem_cache_alloc+0x5b/0x310
[ 1745.708278]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1745.709003]  create_object.isra.0+0x3a/0xa30
[ 1745.709542]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1745.710162]  kmem_cache_alloc+0x159/0x310
[ 1745.710673]  ptlock_alloc+0x1d/0x70
[ 1745.711121]  pte_alloc_one+0x68/0x1a0
[ 1745.711579]  ? replace_page_cache_page+0x1200/0x1200
[ 1745.712195]  handle_mm_fault+0x2ab2/0x3500
[ 1745.712699]  ? __lock_acquire+0x1657/0x5b00
[ 1745.713215]  ? find_held_lock+0x2c/0x110
[ 1745.713703]  ? pgtable_bad+0x90/0x90
[ 1745.714150]  ? __pmd_alloc+0x630/0x630
[ 1745.714640]  ? vmacache_find+0x55/0x2a0
[ 1745.715114]  do_user_addr_fault+0x56e/0xc60
[ 1745.715659]  exc_page_fault+0xa2/0x1a0
[ 1745.716124]  asm_exc_page_fault+0x1e/0x30
[ 1745.716643] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1745.717360] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1745.719608] RSP: 0018:ffff88804901f7b8 EFLAGS: 00050287
[ 1745.720268] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1745.721118] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff88804901f888
[ 1745.721971] RBP: ffff88804901f888 R08: 0000000000000001 R09: ffff88804901f907
[ 1745.722837] R10: ffffed1009203f20 R11: 0000000000000001 R12: 0000000020000100
[ 1745.723704] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1745.724591]  _copy_from_user+0x172/0x1b0
[ 1745.725076]  move_addr_to_kernel.part.0+0x31/0x110
[ 1745.725680]  move_addr_to_kernel+0x4f/0x70
[ 1745.726190]  io_connect+0x47a/0x610
[ 1745.726631]  ? io_prep_rw+0x1050/0x1050
[ 1745.727129]  ? __lock_acquire+0xbb1/0x5b00
[ 1745.727643]  io_issue_sqe+0x1611/0x77d0
[ 1745.728136]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1745.728766]  ? lock_chain_count+0x20/0x20
[ 1745.729289]  ? __is_insn_slot_addr+0x14c/0x290
[ 1745.729839]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1745.730477]  ? io_connect+0x610/0x610
[ 1745.730932]  ? lock_acquire+0x197/0x470
[ 1745.731417]  ? find_held_lock+0x2c/0x110
[ 1745.731893]  ? __fget_files+0x2cf/0x520
[ 1745.732377]  ? lock_downgrade+0x6d0/0x6d0
[ 1745.732876]  __io_queue_sqe+0x90/0x9d0
[ 1745.733351]  ? io_issue_sqe+0x77d0/0x77d0
[ 1745.733847]  ? __fget_files+0x2f8/0x520
[ 1745.734345]  io_submit_sqes+0x44ab/0x8610
[ 1745.734889]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1745.735491]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1745.736079]  ? find_held_lock+0x2c/0x110
[ 1745.736577]  ? io_submit_sqes+0x8610/0x8610
[ 1745.737106]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1745.737683]  ? wait_for_completion_io+0x270/0x270
[ 1745.738279]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1745.738834]  ? vfs_write+0x354/0xb10
[ 1745.739290]  ? fput_many+0x2f/0x1a0
[ 1745.739718]  ? ksys_write+0x1a9/0x260
[ 1745.740170]  ? __ia32_sys_read+0xb0/0xb0
[ 1745.740657]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1745.741274]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1745.741891]  do_syscall_64+0x33/0x40
[ 1745.742343]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1745.742949] RIP: 0033:0x7ffb15b8eb19
[ 1745.743388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1745.745619] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1745.746523] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1745.747376] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1745.748230] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1745.749083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1745.749943] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:41:41 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0xffffffff00000000, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:41:41 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x600, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:41 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:41 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000000000000000, 0x0, 0x0)

10:41:41 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2, 0x0, 0x0)

10:41:41 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1745.995917] FAULT_INJECTION: forcing a failure.
[ 1745.995917] name failslab, interval 1, probability 0, space 0, times 0
[ 1745.997478] CPU: 1 PID: 10129 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1745.998271] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1745.999225] Call Trace:
[ 1745.999531]  dump_stack+0x107/0x167
[ 1745.999951]  should_fail.cold+0x5/0xa
[ 1746.000409]  ? create_object.isra.0+0x3a/0xa30
[ 1746.000928]  should_failslab+0x5/0x20
[ 1746.001378]  kmem_cache_alloc+0x5b/0x310
[ 1746.001847]  ? mark_held_locks+0x9e/0xe0
[ 1746.002317]  create_object.isra.0+0x3a/0xa30
[ 1746.002854]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1746.003463]  kmem_cache_alloc_bulk+0x168/0x320
[ 1746.003988]  io_submit_sqes+0x6fe7/0x8610
[ 1746.004480]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1746.005072]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1746.005657]  ? find_held_lock+0x2c/0x110
[ 1746.006126]  ? io_submit_sqes+0x8610/0x8610
[ 1746.006627]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1746.007182]  ? wait_for_completion_io+0x270/0x270
[ 1746.007730]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1746.008282]  ? vfs_write+0x354/0xb10
[ 1746.008710]  ? fput_many+0x2f/0x1a0
[ 1746.009132]  ? ksys_write+0x1a9/0x260
[ 1746.009571]  ? __ia32_sys_read+0xb0/0xb0
[ 1746.010037]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1746.010681]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1746.011291]  do_syscall_64+0x33/0x40
[ 1746.011732]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1746.012313] RIP: 0033:0x7f88fdc0eb19
[ 1746.012739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1746.014857] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1746.015725] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1746.016557] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1746.017405] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1746.018258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1746.019095] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:41:41 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:41:41 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0xffffffff00000000, 0x0, 0x0)

10:41:42 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:41:42 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1746.160772] FAULT_INJECTION: forcing a failure.
[ 1746.160772] name failslab, interval 1, probability 0, space 0, times 0
[ 1746.163352] CPU: 0 PID: 10139 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1746.164789] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1746.166525] Call Trace:
[ 1746.167143]  dump_stack+0x107/0x167
[ 1746.167912]  should_fail.cold+0x5/0xa
[ 1746.168710]  ? create_object.isra.0+0x3a/0xa30
[ 1746.169661]  should_failslab+0x5/0x20
[ 1746.170454]  kmem_cache_alloc+0x5b/0x310
[ 1746.171330]  create_object.isra.0+0x3a/0xa30
[ 1746.172251]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1746.173319]  kmem_cache_alloc_bulk+0x168/0x320
[ 1746.174279]  io_submit_sqes+0x6fe7/0x8610
[ 1746.175193]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1746.176233]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1746.177239]  ? find_held_lock+0x2c/0x110
[ 1746.178088]  ? io_submit_sqes+0x8610/0x8610
[ 1746.179006]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1746.180015]  ? wait_for_completion_io+0x270/0x270
[ 1746.181021]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1746.181986]  ? vfs_write+0x354/0xb10
[ 1746.182813]  ? fput_many+0x2f/0x1a0
[ 1746.183581]  ? ksys_write+0x1a9/0x260
[ 1746.184375]  ? __ia32_sys_read+0xb0/0xb0
[ 1746.185222]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1746.186328]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1746.187418]  do_syscall_64+0x33/0x40
[ 1746.188205]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1746.189280] RIP: 0033:0x7f66d25a7b19
[ 1746.190060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1746.193930] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1746.195548] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1746.197027] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1746.198507] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1746.200098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1746.201594] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:41:56 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)

10:41:56 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:41:56 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:41:56 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x6, 0x0, 0x0)

10:41:56 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x6a}, &(0x7f00009c3000/0x9000)=nil, &(0x7f00008df000/0x3000)=nil, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x800000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:41:56 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:56 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2)

10:41:56 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1760.437907] FAULT_INJECTION: forcing a failure.
[ 1760.437907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1760.440566] CPU: 0 PID: 10164 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1760.442056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1760.443859] Call Trace:
[ 1760.444431]  dump_stack+0x107/0x167
[ 1760.445222]  should_fail.cold+0x5/0xa
[ 1760.446049]  _copy_from_user+0x2e/0x1b0
[ 1760.446923]  move_addr_to_kernel.part.0+0x31/0x110
[ 1760.447983]  move_addr_to_kernel+0x4f/0x70
[ 1760.448892]  io_connect+0x47a/0x610
[ 1760.449676]  ? io_prep_rw+0x1050/0x1050
[ 1760.450553]  ? __lock_acquire+0xbb1/0x5b00
[ 1760.451480]  io_issue_sqe+0x1611/0x77d0
[ 1760.452347]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1760.453477]  ? lock_chain_count+0x20/0x20
[ 1760.454368]  ? __is_insn_slot_addr+0x14c/0x290
[ 1760.455364]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1760.456494]  ? io_connect+0x610/0x610
[ 1760.457320]  ? lock_acquire+0x197/0x470
[ 1760.458179]  ? find_held_lock+0x2c/0x110
[ 1760.459069]  ? __fget_files+0x2cf/0x520
[ 1760.459926]  ? lock_downgrade+0x6d0/0x6d0
[ 1760.460826]  __io_queue_sqe+0x90/0x9d0
[ 1760.461670]  ? io_issue_sqe+0x77d0/0x77d0
[ 1760.462558]  ? __fget_files+0x2f8/0x520
[ 1760.463484]  io_submit_sqes+0x44ab/0x8610
[ 1760.464405]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1760.465474]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1760.466510]  ? find_held_lock+0x2c/0x110
[ 1760.467399]  ? io_submit_sqes+0x8610/0x8610
[ 1760.468331]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1760.469374]  ? wait_for_completion_io+0x270/0x270
[ 1760.470413]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1760.471422]  ? vfs_write+0x354/0xb10
[ 1760.472222]  ? fput_many+0x2f/0x1a0
[ 1760.473002]  ? ksys_write+0x1a9/0x260
[ 1760.473821]  ? __ia32_sys_read+0xb0/0xb0
[ 1760.474697]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1760.475838]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1760.476949]  do_syscall_64+0x33/0x40
[ 1760.477749]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1760.478857] RIP: 0033:0x7ffb15b8eb19
[ 1760.479654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1760.483618] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1760.485249] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1760.486791] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1760.488325] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1760.489858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1760.491395] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1760.496872] FAULT_INJECTION: forcing a failure.
[ 1760.496872] name failslab, interval 1, probability 0, space 0, times 0
[ 1760.499463] CPU: 1 PID: 10157 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1760.500495] FAULT_INJECTION: forcing a failure.
[ 1760.500495] name failslab, interval 1, probability 0, space 0, times 0
[ 1760.500955] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1760.500961] Call Trace:
[ 1760.500991]  dump_stack+0x107/0x167
[ 1760.506442]  should_fail.cold+0x5/0xa
[ 1760.507279]  ? create_object.isra.0+0x3a/0xa30
[ 1760.508268]  should_failslab+0x5/0x20
[ 1760.509087]  kmem_cache_alloc+0x5b/0x310
[ 1760.509966]  ? mark_held_locks+0x9e/0xe0
[ 1760.510857]  create_object.isra.0+0x3a/0xa30
[ 1760.511804]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1760.512901]  kmem_cache_alloc_bulk+0x168/0x320
[ 1760.513889]  io_submit_sqes+0x6fe7/0x8610
[ 1760.514817]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1760.515889]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1760.516929]  ? find_held_lock+0x2c/0x110
[ 1760.517809]  ? io_submit_sqes+0x8610/0x8610
[ 1760.518754]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1760.519796]  ? wait_for_completion_io+0x270/0x270
[ 1760.520837]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1760.521837]  ? vfs_write+0x354/0xb10
[ 1760.522639]  ? fput_many+0x2f/0x1a0
[ 1760.523434]  ? ksys_write+0x1a9/0x260
[ 1760.524256]  ? __ia32_sys_read+0xb0/0xb0
[ 1760.525137]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1760.526266]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1760.527391]  do_syscall_64+0x33/0x40
[ 1760.528199]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1760.529308] RIP: 0033:0x7f66d25a7b19
[ 1760.530110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1760.534099] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1760.535773] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1760.537317] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1760.538866] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1760.540405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1760.541948] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1760.543530] CPU: 0 PID: 10160 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1760.545035] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1760.546830] Call Trace:
[ 1760.547399]  dump_stack+0x107/0x167
[ 1760.548185]  should_fail.cold+0x5/0xa
[ 1760.549006]  ? create_object.isra.0+0x3a/0xa30
[ 1760.549987]  should_failslab+0x5/0x20
[ 1760.550818]  kmem_cache_alloc+0x5b/0x310
[ 1760.551689]  ? mark_held_locks+0x9e/0xe0
[ 1760.552566]  create_object.isra.0+0x3a/0xa30
[ 1760.553509]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1760.554607]  kmem_cache_alloc_bulk+0x168/0x320
[ 1760.555606]  io_submit_sqes+0x6fe7/0x8610
[ 1760.556527]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1760.557599]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1760.558637]  ? find_held_lock+0x2c/0x110
[ 1760.559531]  ? io_submit_sqes+0x8610/0x8610
[ 1760.560465]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1760.561509]  ? wait_for_completion_io+0x270/0x270
[ 1760.562549]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1760.563556]  ? vfs_write+0x354/0xb10
[ 1760.564359]  ? fput_many+0x2f/0x1a0
[ 1760.565148]  ? ksys_write+0x1a9/0x260
[ 1760.565969]  ? __ia32_sys_read+0xb0/0xb0
[ 1760.566854]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1760.567959]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1760.569042]  do_syscall_64+0x33/0x40
[ 1760.569834]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1760.570929] RIP: 0033:0x7f88fdc0eb19
[ 1760.571697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1760.575523] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1760.577122] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1760.578615] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1760.580115] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1760.581613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1760.583118] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:41:56 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r5, 0x0, 0x0)
r6 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x100000001)
getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@private0, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f00000001c0)=0xe8)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r5, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000500)={0x94, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000084}, 0x44040)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r8, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:41:56 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:41:56 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6)

10:41:56 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x600, 0x0, 0x0)

10:41:56 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:12 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0)

10:42:12 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:12 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x2000000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:12 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)

10:42:12 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:12 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600)

10:42:12 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:12 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x173}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001a80), 0x80242, 0x0)
io_uring_enter(r5, 0x44d9, 0x8abc, 0x2, &(0x7f0000001ac0)={[0x8]}, 0x8)
r6 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x11002, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r7 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
r8 = mq_open(&(0x7f0000000140)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x80, 0x21, &(0x7f00000001c0)={0x7, 0x9a6c, 0x100, 0x2})
pwritev2(r8, &(0x7f0000001940)=[{&(0x7f0000000340)="e6a4825ed9f0700c0788775463dd222ca2ec3dcaaaaeae59e138c0fcd8d8e8373564160ff5bb3b25f14257784c8e034f6a06dc0538aa6bb5e6af9cd0e8eea441bb7eb5e937d3826aea5be08cd46b6f5778671c1569c67afec49925d66c148ac676bea54b37872509798628b156957ab09a588dfdd59bf3db5d068dcb99e0feb26ccf3e5cd1fa1fb1c6fc44720550e87fae98a15afeafd322463025cb9399ef", 0x9f}, {&(0x7f0000000500)="613ab25fbea106082e44a40f1d602d905e58bec44793a19b6b804c9a4c6e11d2f6d9131ae24247788eee88933d38b0ee9d066f9e7b2cb5e9c6905974280644eb3d3d83f721394f94d30c2176fa0b41c8e56773e2529186e4d2e6bfee365b6c71edc3968d5c8165fbac71b58b3460c47f919a14e71d2eb95de786fa2bb0060ea7a02de3b51ebe3a1931430474c8eb36bd1664bd7d18e8d7095cb6d5ddd1c4cfbb7173eb4c99c247d70671424f2993b236899f84e67a84fce684cf83da58eb18341e10e507debf30c7acef0b38759348d34ae380e80c384e0ea728d97177b138b357", 0xe1}, {&(0x7f0000000600)="9a9dbd960ae45cf85bc1115fd9a61c5bc4b25a8215b7295b82318d18c02b294f33a789cac4d4bcac0db25ddd5c02cff7183def42e81f0debcdb46a04322ef9f48e74c2a8545bd60070396e579b2f9254aeebd2e0a38ed28dabd1b95cc6f8d901b7c8409f19fc22de555a5b12401507900fac9b3f2f8eee787797b5fe2ec87b74e5624947192a750e47211a8dbe45706669533ca2f7e2282aa983b07b47ebaf173558db5681b6a4d0cb22100d67436e9bfc52ac0a052a29851102ba45acc77a15e50476d01ffb07c47b656fb8d7b4f3c6a577b7d2233ec3bfee0f383594638ff5f2810c733ae7ada607fbd856fec8be9361c0f7f0c485c8f46faaf75ee2409fbc0efe7ba586f4b6ddc0e2b714b98fd66ec8814c5966f2d300391740c748117a9fc5ae0d3a0ee92398b3fa99a92e29f1a34ef741afa131e8467384710228938af40092c318f33eb5889c680cf70207c9ecd0ec7a4f73ed3bd5b3dd09adb46c29b10674e81752a9deba0d5a695ab7c4a8ac23fef8656bad951104c23cbc4df374c53215b4c984d39d0cd9a5271356ed8dc30786fdb5c765c4c27d59f31066d15f53a8b0cccb908075666259714e82b6892a44eb42a1e7db2acdd70f0e4d4beb3b90d44be7801626a1239052cba0ac1faacda76be848b6deea3d1fe7d75d7c6d4150470a736444d8caf71fb28ec9d0a94bad23abdff3fa34125eac15a27884e27ddc519bd92934c9f991dfa6670ec29fbdb8a4e507d85c5cd188a18f9e2988a5dc6f310f5852caa841fc94ec4eca66cdf7f423c194910a92c47b83cc2eb7b91331d0627fbfed9fac695dd9bb58bce6a97c962d4fa06b41ccb02d39d41c6323051a63898d828534d0e59797c53ce354d1c7ee6360f6fecf7b0560ec9a732a86e014dc54adc9bc39275aa3c362a099be1ceb8d0321579de991bf6bc043a95a424fe11b37c92e52109e6634fcecb18f3ff9260e3f7b907059630d21371cb637465bb740f2848a5c9e09b9802832224f63537c4a3c6f8a160f059f18ba4550f96828948f2ff0b302722ced315e397595a3edd3aaa484ad6b466c03737bcf2ed6b47fc18106fe0260aa9f05de81bd230abcf27d792ffea5de535e4e0a939aeb14d63db5a3bc1ab526d463204ced114875de7c6b81e7e9e27c918d67300ccc22e32ef6c3e9763034cf78b738cb765b232d7f78a792905a70837268a1d908d1193afc86668b95a9f4275ff7a9700ff1e8d5f3fa74e3e4d6e6e97807d01fafd78c85f4ce708c9c719b05e8f214b85b8644a154788363d3955d6aee226ecd283565c82c4811eb1fc63a4adc9f195bd4cc3bac610b3cb107b219a2404b741911059965fb69ab2c832792e319381e1b7ba1766dfcef08db3feaeaf609341abd4364ef7042d819ae60f1390feaac1178bee259a7e6f6eb9c162da57a6736ee6a8a524adc6703407c5b704f3eebbcd366cdec1db08d3ea9056c48a0ea3bd56cdcee8f0b6ff6f78251c4167ebb05f482de5d5e3a9834800a5c0fa5636c05bea14034c56ec4e21fccb38c5b4d26555c8587e39b96f28c79a3e69556232f048b15e5e119d4a70ffd55f82e6a83a54d6cf9808070e0dbdaba3e0b719d825183307f4a00ad1a717bd06aa6f33d29b092b904640cfda2f253ecc3944e3102a597ac6d9884893dfeb48648e6e29283fc17577f478880f14b72a9df3f3abf317b178ccc5330f0305fb17c6fc63f8a374d7225e20bde4ee9ee37c2570f8d7a25625f1e990ab6eecbfd4e10cb5d8908a7241e64d7de20e3fdad8d2d651ccfb78e22a1a918d1bc683c9bf7c8112366457fb519ce6bea563be189d58d117ff7ece0a9a1f9de0a828323640c457f9c8af7a53ef3f555940f10de6ec27242bec04f2d8dc0a40d3c23ae58a3c1c80f3a4dc2a7d598f2efff79aa5a12b1b6ca70373ac6949358d0005611714b714efba9e498b6cece096a96a20524909a8c7784f6d348d7039b778d1a6c84b619905efa2626c456b4a37d6d5c4823f8ede652528fd5babb3ef9ea11302ee0d0e816d63ac483017b5cd078e4f4a7b7bd765b19d9415316f664b8318718a1bbedd2d83475e92fe69072c1fddc4418c6245a2660549c2573af55434591e36bd3ddbda84ff480287f0e5473d7f491fa8f1f75d2739ff3e67295468c31ff1385ab2af69e1984e20a026ac2bb05ec9df8149ea6337a19d57fe8c0008de77cf0f0a1ddf380ba95a78acffae1bf145aabf9f11f541520be8774eeae720db398f8fe802147dc21a2b0f95f173ad11dcc1f7c553f99ac652667f23d0e0b875c7a52c386c115f23226e18778b15166be9ded74c2fe891b5367f28582f2a33ae65826ad741a881cdd3c9b758e4ecc8579d5ec5504b83624ed6d9f8993c91455e3b232cb0c0518b99adeadddfc0f17c481cdacc7206d498cfc6b90e8b2050771b559fdc84fc6bbcb544743c4f863625e38b2f7f87d96a810e4a5126b8069c1f20cfd8a5f8941f4c4cc5392c5d6056959a8518f855d26ca813d9d2682cd17bac10c5b7ecef944a5beb8563276e289edc6d3ba8004d11ed4d6de544414851af78e0e35ddce57c61b15f9b9a30ccd5ae5e398c6cbdadfd99f4a8f480fcdec2f187bcaca4877f63f301f73aac62f990c134aebd37bf6ac0e4facf8f15a3e1c00c153a2da345c184c08abcfcb6be7a856dc7672b3b5344d5b4f26722a12c23019ab2f71402111d8cf4308b7dd5f97c376e8f8cef569041c378dcadb9d8cc8024ff3dac29d8344f8c581465f3a30475e2cbb04555d5c8dddbebbe32ad11974728f67e7c5d8df1e1292bb4535e10447b6800e7108585f2159e95232504b1a8c9cfbffdaeb531e7cae9727060b0accd6c1350c3f606845ad57772846175c294c8014ff536bd97f7055463da0bb022127fe2ae832a60003358c6fa0be97f9a9486c47411f4eec5b3cf2a3f7094bc7842aa4f7dbf46a534ea3f2b1ec7b6996de17bb239e2b757b319eb89c81ee3f0f708fdb40a3ef6f5bc5d8966b11a3be669039c4df98444aff592721a2ac6831dbfb5ca9debbc73f40d248fabe7f82c5a54b53a7a8e3c4f363a4571140db09bb19b4e2bc12d8c08a1d3912312ce464c63f524d4636839b90c7f4ea266313af6c8b97ebdf3d2110a6e21ad9849272e76cc72d6d556ab3187ea821e24ef2b0ee090c599126c4f52684b24ca11d9bad0fac2767873a5abbf5c92e06d33ce106306febc0a9db688179afd7a82335e5bc1474ab93609fd68beff2923352b27031c225c43a255b97d9802117a0a0dd9fd23a0c4cead32c059c9d8ca3c953fb473bf405dbbea2accfa57ad145e5d9d29ab4dbaf5e32059466eae7f1f4b2d8e5e676b9cffc5bb41c257d467c04008fc5821dbf8c65923ea79602af4bed29be1d3c2acafaf0dc73c3b2a66cfeca032a45f5798abc75ef8076a06dcafc1d0e2a0e16d4793c68b119ae8d8c7b8bbe3d8330b18b6a51cbe7a112d48da28ad2943052614c580f8d6eeb5959806f6f0cbea0f875100ca0c6cab3eca190c4eadb3e32258c3e42b2d7aed5c432e126cc34dd6e3e9e1922181cce8aaad1f46666a5c4257161a365ec0cbf2bfd235289eb3233220bcaabe2cefbb3c2f8ce434316331ca1e9b72b1b4fa4f2f28c5bdae14c4e2010106e535b943e39acb5c37f9e590036b23299e4081b1094a1543b76a4f6ebc5223d4e7a8b4020685a9dabaa91cdefc29471faa1c0e67c34f33aa0a64a4f37a2094f0d2c8e15f948dcc91c78e81ffc7456d60222d9c1ad8d90688fc8a8b04f23b62ebdfbc1c3a33949bb05d2f4595a07f5cd3dffc552409f94785295d71d4bc101dcfb913e0f1b806d3c4cb901f7bd5df520b2a0ca7ac25ac3e2b5c4fdfd50ab2b9c63050bbe9fc733cbf29dca6ec833df43a4dd41e79b237392a768cf04bd2439f0a50e03e7fd2a567ea7f7d489718cefaf19a8d53ccdff8a9d83917e83a0b8f55255c66aa43f59056180bee350df1c59861f79176d65e693ff1adee925310ca0345b9e97e27c12485c4074598a6d316f03c05c5d68edcf5f70aae90351a5a2544ee0a991308297cffb0f303fd3fcbf0103437ee97600c943c31f245a687612f7792d0e156b7adcd4cac69098dd8289547a80cf5153501fa374a39d9a00c09d52f6a93d2f25ac81b995052d544c79a21efd69b2019d8245e619617fa33a3e33d9908219ae23844534fb633987cccf24a6e752b4613a6bcf9d92b9933605f84d23783d722c300c010259e56510ea270fc867c62dfffc9b138ae5715e9c9571f279d5bc2f9ab7d61c9a14ff7265ed13e7334fc51f4b6c9917d9e40a238393c6f5bda03a84faa0236f115f2a251c5018d00a569faed5f8122ab35ee2f02eef0f7f14ce972b19de3819d23590dec9c56463322c729e506e9151d67b3d66408e67dc700d1ce3757936787a30651150a915cb13b5f245969defad94f24e991b72061fcaccae254ce42ac3c21106633b8d8518fcaea4485eba5e6c6930a4a8dde7fd939ac3cddc64908cfcd467f341f69a3672d0ebdab1583fba4dd6f40caa2340129be06d77f4f22106dce392c3f24d93fcd3a4d43142ff2a587880d5a1ad88be6ed974b314e0ca5a824899b90ba2b3327a4e23269a1733dabd9c6a91218e155f0ede3d866388f1a236e4ce8fb865b7f69c67c0b6d48181db576a94ecaad78fb0ae15c32ee1032e66ec0653259d0c1a40f1bc156f4005febcfbe651c62428236cfc436c6e5baa6c75bf45f6a5fcad5ff622eec2b9acd912b501acab7a9d5fe386e99d54d73b75854e99e7d07e7312efb21a578b8ab5f21f4278c115fdc1e395f0620b1d697b5cead5f7f40f15b131eafa8f60a5ea45c693b2cbbec3dcf0f0886c9a254c574c3c2adacca7c9a9a4fe324b196d965b202b45515feb6d7f50f7939c3c8ac0b0956ce2dbd78949e5254c7d20ff149f23ec606bf2eb49a003b71d5ac4a6f44cd2e247ae79062c424765398b0b48c353f48366341a7a26bc3c56a5a273d0cc44cc63c93ddf5b77326fbe76db8e022ddba638642573e81cfd2f0f5b9ff62a76f842d083a506218b65f72531a45fd454fc16e3423d9a3589990db9d311138d153453e16d350bbdfe3f372b34134b7cc4aa329b5aa707884a2b67049842d0e99cc47fe94690e9d19bc1abed024df66e1cec19f686e11e6672cbdaa1f6a6b6a7d8f7c60eaf9342b18a214023de34adc06c61bd175155fd00aa53f106df21f97aa32f3c155fa5cbcb9ef353babab5edd0cc52bef69daabb2ca323070fe58c9a27897ab33e95a47cc9d91bd290a0a1a9674f40b2f62b09d1896c7b987e41be843fcae04e49394496b6ae5ba766f2abe0dca2a2f11a41010de6705de7ef4321899fe28721d1e8f6c0174e8db07e4d40d9e6a0b81f7ebc09f72d316c3e19e2b6ed2ae29a539b2b862b50ccafc1215def9cc9cf4a2985cfadfd7ea26007a5aef01338480811f7ae9dbfe2cf42a5af6c068c62b13bcf6a1547f3a7288f61c540932129b94b0eba8dfdddec56dae3cdbb8fdf38a95299006b22e75466886b827db2fb0c314acd1c25ecce25b99868e6bc369772bc4738cb0d6c8f2903514568474b30f02ddabc6783c61542f650509f65d644e73c5ddb152814a678771990b39d419e8a24a38e347bec44a3fc229619ff97a7f1b31430a55ed81d3ddfd6ddb6259103b485b8bc0fe00001c699822cca683b4de5e4b42515dceb1055798b4c97ef5f450528faef2d451cceb5af1901e5228e3bf6353da74c173956ab85cddea712e97c64a7504d8b6098e1807717918a9702b601c90686b3071e7275", 0x1000}, {&(0x7f0000000240)="de7c21959015a12d713349b42ac0e9c64131ba38d78c3d8c772bc817e69f0c994a52e0d658a67e9f99a7f5a36ada974ed8a0cf954e05608473e000e6fae985ea3f6db2ba5630ec231ca6714373ba5dae9d27dc874f09482e105ac02257bfc7513cf8d0c4aca7", 0x66}, {&(0x7f0000001600)="01182a8d693a7d797b92c7f59b6076170e8b4e606e5e54e9e136bfe0acbb4621a611e542392206930094afbb763e9a14169a52b66fd7c48dbfb63e7fe97a22df38a18aa85f1ffabcead252701642cf0d65dd00ab1a8b880beb61b5f11421ca85baa8b7ae49cc46074ddc2f1158e7f08dd8014872d8b629e772bcb6c470e97c3df1930330c7585e7f49bc51cca45a47789532224dfb0f95d2491c4181e1184fbff89ed421d1", 0xa5}, {&(0x7f0000000400)="895cfe383307bc6e72402f2487a8d90962ba591b5ead0f746eebe066744f8ae78a2bc77711c6fd5ca29f23d4d619b1318f8df978e858fbaff90c51b2a9aaa7472e097b89a15a71f2caa3f0e5d3c1035d8d3a15d0581a3fdcad", 0x59}, {&(0x7f00000016c0)="9a6476be42843275e8767b3fecf4c0521ccaffbd0d9cbc8040a91b0315ec77a53a522b1078c16f693345bcb1438d654ccaa4a58346fba1e105445ac001e4c00c4ed8be80c35729fbc72145304bc8ca8df9a48741071ac27f4bd3aa53d47a20f7fb6a2aede12f49f24eef37f29960202ec7d97fe448eb6654b5e61b6c7a1ca445946fd0297e1aae69d9a08eda150fd1e207a50e83104c71d6846169277997f9bccf28d9fe0e97012635072d2cab08f34eac1d2f24b9cf6226322335018a41f5de3e898dfb989db08f5906fa26aec597663352f79dd007906ec85f525df4831f9aec67a44833458ec37e6f0c03ce6c81428210", 0xf2}, {&(0x7f00000017c0)="c49a912bcecba53c7ecdb1ce99023417c611a10ee5926ba5c50042fe33afc99f19ddd9f3880f23348f5e9bea6ba3a08da3eac2e1c51cfb04fbe6612b249298c232189f5556616222870020aa7941cc60cd4baa2a3454b581243c7fd3a014b6518804d00bf1c7474976", 0x69}, {&(0x7f0000001840)="761e02d4ce105ee0c1eab8de22da8e554f530c24a110f5ae9511dd037fa35a51cd6d7f79f8a6dc9250fb3206ccd3141d58fc8fdfbd9a98e4fb80c77ba0b730010161f95662bc8719546ece047a4213475834c560c4881548ff8ce7d562b73c1af2247c00e8e0ba0e23b00d03d3b4ce95677100b84e622178d544ebbab2f55ebe92d1405922d335c80fd7e89017d11baa823aed6475c670dbcd2f05a1a38d52dab769138067fdce98e73d3ee56ba35559a8a365ee71e1704f1d590057852b7491891b3af56690ef", 0xc7}], 0x9, 0x2000000, 0x1, 0x2)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0x0)
perf_event_open(&(0x7f0000001a00)={0x1, 0x80, 0x3, 0x9, 0x6, 0x3f, 0x0, 0x10001, 0x40000, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, @perf_config_ext={0x3ff, 0x2}, 0x20014, 0x4, 0x8, 0x4, 0x3, 0x8, 0x9, 0x0, 0x5, 0x0, 0x1}, 0xffffffffffffffff, 0x6, r6, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x6000)=nil, 0x6000, 0x1, 0x10, r0, 0x0)

[ 1776.624799] FAULT_INJECTION: forcing a failure.
[ 1776.624799] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1776.626496] CPU: 1 PID: 10208 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1776.627462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1776.628617] Call Trace:
[ 1776.628987]  dump_stack+0x107/0x167
[ 1776.629493]  should_fail.cold+0x5/0xa
[ 1776.630026]  __alloc_pages_nodemask+0x182/0x600
[ 1776.630689]  ? lock_acquire+0x197/0x470
[ 1776.631249]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1776.632080]  ? find_held_lock+0x2c/0x110
[ 1776.632656]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1776.633379]  ? lock_downgrade+0x6d0/0x6d0
[ 1776.633957]  ? mark_held_locks+0x9e/0xe0
[ 1776.634521]  alloc_pages_current+0x187/0x280
[ 1776.635151]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1776.635887]  ? replace_page_cache_page+0x1200/0x1200
[ 1776.636591]  pte_alloc_one+0x16/0x1a0
[ 1776.637118]  ? replace_page_cache_page+0x1200/0x1200
[ 1776.637821]  handle_mm_fault+0x2ab2/0x3500
[ 1776.638411]  ? __lock_acquire+0x1657/0x5b00
[ 1776.639018]  ? __pmd_alloc+0x630/0x630
[ 1776.639564]  ? vmacache_find+0x55/0x2a0
[ 1776.640126]  do_user_addr_fault+0x56e/0xc60
[ 1776.640732]  exc_page_fault+0xa2/0x1a0
[ 1776.641272]  asm_exc_page_fault+0x1e/0x30
[ 1776.641860] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1776.642609] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1776.645173] RSP: 0018:ffff88804a0d77b8 EFLAGS: 00050246
[ 1776.645910] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1776.646897] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88804a0d7888
[ 1776.647887] RBP: ffff88804a0d7888 R08: 0000000000000001 R09: ffff88804a0d7907
[ 1776.648866] R10: ffffed100941af20 R11: 0000000000000001 R12: 0000000020000100
[ 1776.649858] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1776.650868]  _copy_from_user+0x172/0x1b0
[ 1776.651440]  move_addr_to_kernel.part.0+0x31/0x110
[ 1776.652118]  move_addr_to_kernel+0x4f/0x70
[ 1776.652702]  io_connect+0x47a/0x610
[ 1776.653213]  ? io_prep_rw+0x1050/0x1050
[ 1776.653778]  ? __lock_acquire+0xbb1/0x5b00
[ 1776.654370]  io_issue_sqe+0x1611/0x77d0
[ 1776.654924]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1776.655649]  ? lock_chain_count+0x20/0x20
[ 1776.656220]  ? __is_insn_slot_addr+0x14c/0x290
[ 1776.656853]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1776.657572]  ? io_connect+0x610/0x610
[ 1776.657814] FAULT_INJECTION: forcing a failure.
[ 1776.657814] name failslab, interval 1, probability 0, space 0, times 0
[ 1776.658097]  ? lock_acquire+0x197/0x470
[ 1776.658109]  ? find_held_lock+0x2c/0x110
[ 1776.658126]  ? __fget_files+0x2cf/0x520
[ 1776.658138]  ? lock_downgrade+0x6d0/0x6d0
[ 1776.658158]  __io_queue_sqe+0x90/0x9d0
[ 1776.663550]  ? io_issue_sqe+0x77d0/0x77d0
[ 1776.664117]  ? __fget_files+0x2f8/0x520
[ 1776.664681]  io_submit_sqes+0x44ab/0x8610
[ 1776.665270]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1776.665959]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1776.666624]  ? find_held_lock+0x2c/0x110
[ 1776.667201]  ? io_submit_sqes+0x8610/0x8610
[ 1776.667795]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1776.668458]  ? wait_for_completion_io+0x270/0x270
[ 1776.669123]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1776.669764]  ? vfs_write+0x354/0xb10
[ 1776.670280]  ? fput_many+0x2f/0x1a0
[ 1776.670781]  ? ksys_write+0x1a9/0x260
[ 1776.671318]  ? __ia32_sys_read+0xb0/0xb0
[ 1776.671884]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1776.672608]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1776.673320]  do_syscall_64+0x33/0x40
[ 1776.673828]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1776.674532] RIP: 0033:0x7ffb15b8eb19
[ 1776.675048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1776.677558] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1776.678596] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1776.679580] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1776.680556] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1776.681528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1776.682522] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1776.683545] CPU: 0 PID: 10211 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1776.685235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1776.687251] Call Trace:
[ 1776.687271] FAULT_INJECTION: forcing a failure.
[ 1776.687271] name failslab, interval 1, probability 0, space 0, times 0
[ 1776.687891]  dump_stack+0x107/0x167
[ 1776.687915]  should_fail.cold+0x5/0xa
[ 1776.691245]  ? create_object.isra.0+0x3a/0xa30
[ 1776.692350]  should_failslab+0x5/0x20
[ 1776.693282]  kmem_cache_alloc+0x5b/0x310
[ 1776.694273]  ? mark_held_locks+0x9e/0xe0
[ 1776.695285]  create_object.isra.0+0x3a/0xa30
[ 1776.696336]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1776.697576]  kmem_cache_alloc_bulk+0x168/0x320
[ 1776.698674]  io_submit_sqes+0x6fe7/0x8610
[ 1776.699720]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1776.700921]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1776.702093]  ? find_held_lock+0x2c/0x110
[ 1776.703085]  ? io_submit_sqes+0x8610/0x8610
[ 1776.704142]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1776.705302]  ? wait_for_completion_io+0x270/0x270
[ 1776.706477]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1776.707600]  ? vfs_write+0x354/0xb10
[ 1776.708506]  ? fput_many+0x2f/0x1a0
[ 1776.709394]  ? ksys_write+0x1a9/0x260
[ 1776.710321]  ? __ia32_sys_read+0xb0/0xb0
[ 1776.711307]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1776.712575]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1776.713834]  do_syscall_64+0x33/0x40
[ 1776.714738]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1776.715986] RIP: 0033:0x7f66d25a7b19
[ 1776.716893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1776.721344] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1776.723176] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1776.724893] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1776.726603] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1776.728330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1776.730044] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1776.731974] CPU: 1 PID: 10207 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1776.732954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1776.734119] Call Trace:
[ 1776.734494]  dump_stack+0x107/0x167
[ 1776.735016]  should_fail.cold+0x5/0xa
[ 1776.735561]  ? create_object.isra.0+0x3a/0xa30
[ 1776.736193]  should_failslab+0x5/0x20
[ 1776.736728]  kmem_cache_alloc+0x5b/0x310
[ 1776.737298]  ? mark_held_locks+0x9e/0xe0
[ 1776.737874]  create_object.isra.0+0x3a/0xa30
[ 1776.738491]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1776.739212]  kmem_cache_alloc_bulk+0x168/0x320
[ 1776.739856]  io_submit_sqes+0x6fe7/0x8610
[ 1776.740448]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1776.741142]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1776.741816]  ? find_held_lock+0x2c/0x110
[ 1776.742384]  ? io_submit_sqes+0x8610/0x8610
[ 1776.742996]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1776.743665]  ? wait_for_completion_io+0x270/0x270
[ 1776.744335]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1776.744987]  ? vfs_write+0x354/0xb10
[ 1776.745484]  ? fput_many+0x2f/0x1a0
[ 1776.745993]  ? ksys_write+0x1a9/0x260
[ 1776.746545]  ? __ia32_sys_read+0xb0/0xb0
[ 1776.747163]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1776.748004]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1776.748715]  do_syscall_64+0x33/0x40
[ 1776.749234]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1776.749945] RIP: 0033:0x7f88fdc0eb19
[ 1776.750458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1776.753035] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1776.754090] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1776.755099] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1776.756093] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1776.757074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1776.758069] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:42:12 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0)

10:42:12 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:12 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x6000000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:12 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:12 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1777.006755] FAULT_INJECTION: forcing a failure.
[ 1777.006755] name failslab, interval 1, probability 0, space 0, times 0
[ 1777.008269] CPU: 1 PID: 10228 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1777.009080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1777.010063] Call Trace:
[ 1777.010420]  dump_stack+0x107/0x167
[ 1777.010854]  should_fail.cold+0x5/0xa
10:42:12 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0)

[ 1777.011311]  ? create_object.isra.0+0x3a/0xa30
[ 1777.012121]  should_failslab+0x5/0x20
[ 1777.012575]  kmem_cache_alloc+0x5b/0x310
[ 1777.013057]  create_object.isra.0+0x3a/0xa30
[ 1777.013580]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1777.014183]  kmem_cache_alloc_bulk+0x168/0x320
[ 1777.014732]  io_submit_sqes+0x6fe7/0x8610
[ 1777.015254]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.015846]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.016422]  ? io_submit_sqes+0x8610/0x8610
[ 1777.016934]  ? recalibrate_cpu_khz+0x10/0x10
[ 1777.017453]  ? ktime_get+0x158/0x1f0
[ 1777.017895]  ? setup_APIC_eilvt+0x2f0/0x2f0
[ 1777.018406]  ? clockevents_program_event+0x131/0x360
[ 1777.019017]  ? tick_program_event+0xa8/0x140
[ 1777.019538]  ? hrtimer_interrupt+0x771/0x9b0
[ 1777.020068]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1777.020691]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1777.021305]  do_syscall_64+0x33/0x40
[ 1777.021743]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1777.022345] RIP: 0033:0x7f66d25a7b19
[ 1777.022781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1777.024952] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1777.025852] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1777.026695] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1777.027539] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1777.028375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1777.029214] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1777.038809] FAULT_INJECTION: forcing a failure.
[ 1777.038809] name failslab, interval 1, probability 0, space 0, times 0
[ 1777.040280] CPU: 1 PID: 10231 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1777.041085] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1777.042052] Call Trace:
[ 1777.042363]  dump_stack+0x107/0x167
[ 1777.042791]  should_fail.cold+0x5/0xa
[ 1777.043247]  ? create_object.isra.0+0x3a/0xa30
10:42:12 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000)

[ 1777.043783]  should_failslab+0x5/0x20
[ 1777.044430]  kmem_cache_alloc+0x5b/0x310
[ 1777.044905]  ? mark_held_locks+0x9e/0xe0
[ 1777.045382]  create_object.isra.0+0x3a/0xa30
[ 1777.045898]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1777.046491]  kmem_cache_alloc_bulk+0x168/0x320
[ 1777.047035]  io_submit_sqes+0x6fe7/0x8610
[ 1777.047531]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.048114]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.048674]  ? find_held_lock+0x2c/0x110
[ 1777.049152]  ? io_submit_sqes+0x8610/0x8610
[ 1777.049655]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1777.050215]  ? wait_for_completion_io+0x270/0x270
[ 1777.050772]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1777.051313]  ? vfs_write+0x354/0xb10
[ 1777.051744]  ? fput_many+0x2f/0x1a0
[ 1777.052165]  ? ksys_write+0x1a9/0x260
[ 1777.052607]  ? __ia32_sys_read+0xb0/0xb0
[ 1777.053080]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1777.053687]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1777.054287]  do_syscall_64+0x33/0x40
[ 1777.054720]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1777.055324] RIP: 0033:0x7f88fdc0eb19
[ 1777.055756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1777.057880] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1777.058760] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1777.059590] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1777.060415] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1777.061239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1777.062062] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:42:13 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)

[ 1777.096632] FAULT_INJECTION: forcing a failure.
[ 1777.096632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1777.098023] CPU: 1 PID: 10238 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1777.098808] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1777.099757] Call Trace:
[ 1777.100065]  dump_stack+0x107/0x167
[ 1777.100482]  should_fail.cold+0x5/0xa
[ 1777.100923]  _copy_from_user+0x2e/0x1b0
[ 1777.101389]  move_addr_to_kernel.part.0+0x31/0x110
[ 1777.101953]  move_addr_to_kernel+0x4f/0x70
[ 1777.102449]  io_connect+0x47a/0x610
[ 1777.102870]  ? io_prep_rw+0x1050/0x1050
[ 1777.103343]  ? __lock_acquire+0xbb1/0x5b00
[ 1777.103828]  io_issue_sqe+0x1611/0x77d0
[ 1777.104287]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1777.104883]  ? lock_chain_count+0x20/0x20
[ 1777.105355]  ? __is_insn_slot_addr+0x14c/0x290
[ 1777.105877]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1777.106473]  ? io_connect+0x610/0x610
[ 1777.106910]  ? lock_acquire+0x197/0x470
[ 1777.107367]  ? find_held_lock+0x2c/0x110
[ 1777.107836]  ? __fget_files+0x2cf/0x520
[ 1777.108291]  ? lock_downgrade+0x6d0/0x6d0
[ 1777.108767]  __io_queue_sqe+0x90/0x9d0
[ 1777.109219]  ? io_issue_sqe+0x77d0/0x77d0
[ 1777.109690]  ? __fget_files+0x2f8/0x520
[ 1777.110148]  io_submit_sqes+0x44ab/0x8610
[ 1777.110636]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.111213]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.111761]  ? find_held_lock+0x2c/0x110
[ 1777.112225]  ? io_submit_sqes+0x8610/0x8610
[ 1777.112719]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1777.113267]  ? wait_for_completion_io+0x270/0x270
[ 1777.113821]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1777.114349]  ? vfs_write+0x354/0xb10
[ 1777.114776]  ? fput_many+0x2f/0x1a0
[ 1777.115206]  ? ksys_write+0x1a9/0x260
[ 1777.115641]  ? __ia32_sys_read+0xb0/0xb0
[ 1777.116107]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1777.116705]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1777.117295]  do_syscall_64+0x33/0x40
[ 1777.117720]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1777.118301] RIP: 0033:0x7ffb15b8eb19
[ 1777.118721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1777.120829] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1777.121697] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1777.122512] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1777.123331] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1777.124139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1777.124950] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:42:13 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:13 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:13 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1777.239417] FAULT_INJECTION: forcing a failure.
[ 1777.239417] name failslab, interval 1, probability 0, space 0, times 0
[ 1777.240769] CPU: 1 PID: 10245 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1777.241555] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1777.242509] Call Trace:
10:42:13 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1777.242816]  dump_stack+0x107/0x167
[ 1777.243414]  should_fail.cold+0x5/0xa
[ 1777.243906]  ? create_object.isra.0+0x3a/0xa30
[ 1777.244426]  should_failslab+0x5/0x20
[ 1777.244864]  kmem_cache_alloc+0x5b/0x310
[ 1777.245328]  ? mark_held_locks+0x9e/0xe0
[ 1777.245797]  create_object.isra.0+0x3a/0xa30
[ 1777.246295]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1777.246882]  kmem_cache_alloc_bulk+0x168/0x320
[ 1777.247422]  io_submit_sqes+0x6fe7/0x8610
[ 1777.247915]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.248488]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.249047]  ? find_held_lock+0x2c/0x110
[ 1777.249517]  ? io_submit_sqes+0x8610/0x8610
[ 1777.250017]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1777.250572]  ? wait_for_completion_io+0x270/0x270
[ 1777.251135]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1777.251667]  ? vfs_write+0x354/0xb10
[ 1777.252095]  ? fput_many+0x2f/0x1a0
[ 1777.252518]  ? ksys_write+0x1a9/0x260
[ 1777.252960]  ? __ia32_sys_read+0xb0/0xb0
[ 1777.253428]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1777.254037]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1777.254630]  do_syscall_64+0x33/0x40
[ 1777.255068]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1777.255655] RIP: 0033:0x7f88fdc0eb19
[ 1777.256085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1777.258174] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1777.259060] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1777.259885] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1777.260718] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1777.261549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1777.262369] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:42:13 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0)

[ 1777.268777] FAULT_INJECTION: forcing a failure.
[ 1777.268777] name failslab, interval 1, probability 0, space 0, times 0
[ 1777.270123] CPU: 1 PID: 10246 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1777.270918] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1777.271880] Call Trace:
[ 1777.272186]  dump_stack+0x107/0x167
[ 1777.272609]  should_fail.cold+0x5/0xa
[ 1777.273051]  ? create_object.isra.0+0x3a/0xa30
[ 1777.273576]  should_failslab+0x5/0x20
[ 1777.274014]  kmem_cache_alloc+0x5b/0x310
[ 1777.274484]  ? mark_held_locks+0x9e/0xe0
[ 1777.274963]  create_object.isra.0+0x3a/0xa30
[ 1777.275474]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1777.276061]  kmem_cache_alloc_bulk+0x168/0x320
[ 1777.276594]  io_submit_sqes+0x6fe7/0x8610
[ 1777.277091]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.277671]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1777.278225]  ? find_held_lock+0x2c/0x110
[ 1777.278695]  ? io_submit_sqes+0x8610/0x8610
[ 1777.279200]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1777.279756]  ? wait_for_completion_io+0x270/0x270
[ 1777.280314]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1777.280851]  ? vfs_write+0x354/0xb10
[ 1777.281279]  ? fput_many+0x2f/0x1a0
[ 1777.281700]  ? ksys_write+0x1a9/0x260
[ 1777.282132]  ? __ia32_sys_read+0xb0/0xb0
[ 1777.282602]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1777.283210]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1777.283806]  do_syscall_64+0x33/0x40
[ 1777.284231]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1777.284825] RIP: 0033:0x7f66d25a7b19
[ 1777.285253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1777.287396] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1777.288277] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1777.289097] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1777.289917] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1777.290737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1777.291566] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:42:27 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:27 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)

10:42:27 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000)

10:42:27 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:27 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x40000000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:27 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000, 0x0, 0x0)

10:42:27 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:27 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f0000000200)={0x0, 0xf268, 0x20}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'vxcan1\x00'})
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0xfd, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}, 0x0, 0x0, 0x1}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r6, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1791.603752] FAULT_INJECTION: forcing a failure.
[ 1791.603752] name failslab, interval 1, probability 0, space 0, times 0
[ 1791.604498] FAULT_INJECTION: forcing a failure.
[ 1791.604498] name failslab, interval 1, probability 0, space 0, times 0
[ 1791.606334] CPU: 1 PID: 10279 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1791.610144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1791.611910] Call Trace:
[ 1791.612477]  dump_stack+0x107/0x167
[ 1791.613261]  should_fail.cold+0x5/0xa
[ 1791.614062]  ? create_object.isra.0+0x3a/0xa30
[ 1791.615039]  should_failslab+0x5/0x20
[ 1791.615863]  kmem_cache_alloc+0x5b/0x310
[ 1791.616737]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1791.617989]  create_object.isra.0+0x3a/0xa30
[ 1791.618921]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1791.620016]  kmem_cache_alloc+0x159/0x310
[ 1791.620906]  ptlock_alloc+0x1d/0x70
[ 1791.621677]  pte_alloc_one+0x68/0x1a0
[ 1791.622486]  ? replace_page_cache_page+0x1200/0x1200
[ 1791.623566]  handle_mm_fault+0x2ab2/0x3500
[ 1791.624474]  ? __lock_acquire+0x1657/0x5b00
[ 1791.625393]  ? __pmd_alloc+0x630/0x630
[ 1791.626235]  ? vmacache_find+0x55/0x2a0
[ 1791.627087]  do_user_addr_fault+0x56e/0xc60
[ 1791.628024]  exc_page_fault+0xa2/0x1a0
[ 1791.628844]  asm_exc_page_fault+0x1e/0x30
[ 1791.629732] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1791.630873] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1791.634804] RSP: 0018:ffff88800ca4f7b8 EFLAGS: 00050246
[ 1791.635944] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1791.637474] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88800ca4f888
[ 1791.638988] RBP: ffff88800ca4f888 R08: 0000000000000001 R09: ffff88800ca4f907
[ 1791.640523] R10: ffffed1001949f20 R11: 0000000000000001 R12: 0000000020000100
[ 1791.642035] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1791.643594]  _copy_from_user+0x172/0x1b0
[ 1791.644472]  move_addr_to_kernel.part.0+0x31/0x110
[ 1791.645524]  move_addr_to_kernel+0x4f/0x70
[ 1791.646420]  io_connect+0x47a/0x610
[ 1791.647212]  ? io_prep_rw+0x1050/0x1050
[ 1791.648077]  ? __lock_acquire+0xbb1/0x5b00
[ 1791.648976]  io_issue_sqe+0x1611/0x77d0
[ 1791.649830]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1791.650932]  ? lock_chain_count+0x20/0x20
[ 1791.651814]  ? __is_insn_slot_addr+0x14c/0x290
[ 1791.652783]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1791.653889]  ? io_connect+0x610/0x610
[ 1791.654710]  ? lock_acquire+0x197/0x470
[ 1791.655587]  ? find_held_lock+0x2c/0x110
[ 1791.656452]  ? __fget_files+0x2cf/0x520
[ 1791.657297]  ? lock_downgrade+0x6d0/0x6d0
[ 1791.658178]  __io_queue_sqe+0x90/0x9d0
[ 1791.659010]  ? io_issue_sqe+0x77d0/0x77d0
[ 1791.659889]  ? __fget_files+0x2f8/0x520
[ 1791.660747]  io_submit_sqes+0x44ab/0x8610
[ 1791.661649]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1791.662702]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1791.663760]  ? find_held_lock+0x2c/0x110
[ 1791.664628]  ? io_submit_sqes+0x8610/0x8610
[ 1791.665543]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1791.666564]  ? wait_for_completion_io+0x270/0x270
[ 1791.667603]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1791.668581]  ? vfs_write+0x354/0xb10
[ 1791.669368]  ? fput_many+0x2f/0x1a0
[ 1791.670141]  ? ksys_write+0x1a9/0x260
[ 1791.670950]  ? __ia32_sys_read+0xb0/0xb0
[ 1791.671822]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1791.672998]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1791.674135]  do_syscall_64+0x33/0x40
[ 1791.674923]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1791.676029] RIP: 0033:0x7ffb15b8eb19
[ 1791.676813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1791.680731] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1791.682341] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1791.683870] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1791.685393] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1791.686914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1791.688448] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1791.690006] CPU: 0 PID: 10271 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1791.691641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1791.693535] Call Trace:
[ 1791.694145]  dump_stack+0x107/0x167
[ 1791.694977]  should_fail.cold+0x5/0xa
[ 1791.695868]  ? create_object.isra.0+0x3a/0xa30
[ 1791.696912]  should_failslab+0x5/0x20
[ 1791.697783]  kmem_cache_alloc+0x5b/0x310
[ 1791.698717]  ? mark_held_locks+0x9e/0xe0
[ 1791.699657]  create_object.isra.0+0x3a/0xa30
[ 1791.700669]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1791.701840]  kmem_cache_alloc_bulk+0x168/0x320
[ 1791.702892]  io_submit_sqes+0x6fe7/0x8610
[ 1791.703873]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1791.705024]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1791.706142]  ? find_held_lock+0x2c/0x110
[ 1791.707082]  ? io_submit_sqes+0x8610/0x8610
[ 1791.708092]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1791.709196]  ? wait_for_completion_io+0x270/0x270
[ 1791.710311]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1791.711400]  ? vfs_write+0x354/0xb10
[ 1791.712253]  ? fput_many+0x2f/0x1a0
[ 1791.713087]  ? ksys_write+0x1a9/0x260
[ 1791.713391] FAULT_INJECTION: forcing a failure.
[ 1791.713391] name failslab, interval 1, probability 0, space 0, times 0
[ 1791.713964]  ? __ia32_sys_read+0xb0/0xb0
[ 1791.713997]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1791.718413]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1791.719603]  do_syscall_64+0x33/0x40
[ 1791.720466]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1791.721641] RIP: 0033:0x7f88fdc0eb19
[ 1791.722493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1791.726715] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1791.728463] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1791.730085] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1791.731719] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1791.733354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1791.734984] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1791.736659] CPU: 1 PID: 10281 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1791.738131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1791.739878] Call Trace:
[ 1791.740441]  dump_stack+0x107/0x167
[ 1791.741215]  should_fail.cold+0x5/0xa
[ 1791.742015]  ? create_object.isra.0+0x3a/0xa30
[ 1791.742993]  should_failslab+0x5/0x20
[ 1791.743807]  kmem_cache_alloc+0x5b/0x310
[ 1791.744683]  ? mark_held_locks+0x9e/0xe0
[ 1791.745549]  create_object.isra.0+0x3a/0xa30
[ 1791.746477]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1791.747573]  kmem_cache_alloc_bulk+0x168/0x320
[ 1791.748544]  io_submit_sqes+0x6fe7/0x8610
[ 1791.749458]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1791.750528]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1791.751564]  ? find_held_lock+0x2c/0x110
[ 1791.752421]  ? io_submit_sqes+0x8610/0x8610
[ 1791.753347]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1791.754373]  ? wait_for_completion_io+0x270/0x270
[ 1791.755403]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1791.756389]  ? vfs_write+0x354/0xb10
[ 1791.757179]  ? fput_many+0x2f/0x1a0
[ 1791.757968]  ? ksys_write+0x1a9/0x260
[ 1791.758780]  ? __ia32_sys_read+0xb0/0xb0
[ 1791.759642]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1791.760754]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1791.761841]  do_syscall_64+0x33/0x40
[ 1791.762641]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1791.763757] RIP: 0033:0x7f66d25a7b19
[ 1791.764569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1791.768495] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1791.770113] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1791.771634] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1791.773215] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1791.774722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1791.776262] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:42:27 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x6000000, 0x0, 0x0)

10:42:27 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:27 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:28 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000)

10:42:28 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0)

10:42:28 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r5=>r0}, './file0\x00'})
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0xffffffffffffffff, r5, 0x0)
memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ppoll(&(0x7f0000000240)=[{r6, 0x19520}, {r7, 0x82}, {0xffffffffffffffff, 0xa109}, {0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x104ad}], 0x5, &(0x7f00000002c0), &(0x7f0000000440)={[0xb9]}, 0x8)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0xffffc000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:42:28 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:28 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)

[ 1792.203771] FAULT_INJECTION: forcing a failure.
[ 1792.203771] name failslab, interval 1, probability 0, space 0, times 0
[ 1792.206016] CPU: 1 PID: 10310 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1792.207334] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1792.208891] Call Trace:
[ 1792.209399]  dump_stack+0x107/0x167
[ 1792.210087]  should_fail.cold+0x5/0xa
[ 1792.210821]  ? create_object.isra.0+0x3a/0xa30
[ 1792.211688]  should_failslab+0x5/0x20
[ 1792.212403]  kmem_cache_alloc+0x5b/0x310
[ 1792.213170]  ? mark_held_locks+0x9e/0xe0
[ 1792.213940]  create_object.isra.0+0x3a/0xa30
[ 1792.214766]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1792.215744]  kmem_cache_alloc_bulk+0x168/0x320
[ 1792.216621]  io_submit_sqes+0x6fe7/0x8610
[ 1792.217444]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1792.218378]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1792.219316]  ? find_held_lock+0x2c/0x110
[ 1792.220084]  ? io_submit_sqes+0x8610/0x8610
[ 1792.220897]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1792.221821]  ? wait_for_completion_io+0x270/0x270
[ 1792.222735]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1792.223619]  ? vfs_write+0x354/0xb10
[ 1792.224312]  ? fput_many+0x2f/0x1a0
[ 1792.224982]  ? ksys_write+0x1a9/0x260
[ 1792.225686]  ? __ia32_sys_read+0xb0/0xb0
[ 1792.226460]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1792.227450]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1792.228408]  do_syscall_64+0x33/0x40
[ 1792.229098]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1792.230054] RIP: 0033:0x7f66d25a7b19
[ 1792.230739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1792.234199] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1792.235619] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1792.236958] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1792.238295] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1792.239620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1792.240958] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1792.253560] FAULT_INJECTION: forcing a failure.
10:42:28 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000, 0x0, 0x0)

[ 1792.253560] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1792.256498] CPU: 0 PID: 10313 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1792.257954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1792.259726] Call Trace:
[ 1792.260298]  dump_stack+0x107/0x167
[ 1792.261066]  should_fail.cold+0x5/0xa
[ 1792.261873]  __alloc_pages_nodemask+0x182/0x600
[ 1792.262856]  ? lock_acquire+0x197/0x470
[ 1792.263709]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1792.264978]  ? find_held_lock+0x2c/0x110
[ 1792.265842]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1792.266949]  ? lock_downgrade+0x6d0/0x6d0
[ 1792.267838]  ? mark_held_locks+0x9e/0xe0
[ 1792.268694]  alloc_pages_current+0x187/0x280
[ 1792.269635]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1792.270746]  ? replace_page_cache_page+0x1200/0x1200
[ 1792.271826]  pte_alloc_one+0x16/0x1a0
[ 1792.272634]  ? replace_page_cache_page+0x1200/0x1200
[ 1792.273714]  handle_mm_fault+0x2ab2/0x3500
[ 1792.274623]  ? __lock_acquire+0x1657/0x5b00
[ 1792.275548]  ? __pmd_alloc+0x630/0x630
[ 1792.276378]  ? vmacache_find+0x55/0x2a0
[ 1792.277223]  do_user_addr_fault+0x56e/0xc60
[ 1792.278152]  exc_page_fault+0xa2/0x1a0
[ 1792.278983]  asm_exc_page_fault+0x1e/0x30
[ 1792.279877] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1792.281014] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1792.284998] RSP: 0018:ffff8880466277b8 EFLAGS: 00050246
[ 1792.286125] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1792.287628] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff888046627888
[ 1792.289142] RBP: ffff888046627888 R08: 0000000000000001 R09: ffff888046627907
[ 1792.290631] R10: ffffed1008cc4f20 R11: 0000000000000001 R12: 0000000020000100
[ 1792.292141] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1792.293679]  _copy_from_user+0x172/0x1b0
[ 1792.294543]  move_addr_to_kernel.part.0+0x31/0x110
[ 1792.295600]  move_addr_to_kernel+0x4f/0x70
[ 1792.296497]  io_connect+0x47a/0x610
[ 1792.297262]  ? io_prep_rw+0x1050/0x1050
[ 1792.298117]  ? __lock_acquire+0xbb1/0x5b00
[ 1792.299004]  io_issue_sqe+0x1611/0x77d0
[ 1792.299863]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1792.300967]  ? lock_chain_count+0x20/0x20
[ 1792.301854]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1792.302959]  ? io_connect+0x610/0x610
[ 1792.303771]  ? lock_acquire+0x197/0x470
[ 1792.304605]  ? find_held_lock+0x2c/0x110
[ 1792.305459]  ? __fget_files+0x2cf/0x520
[ 1792.306291]  ? lock_downgrade+0x6d0/0x6d0
[ 1792.307175]  __io_queue_sqe+0x90/0x9d0
[ 1792.308002]  ? io_issue_sqe+0x77d0/0x77d0
[ 1792.308866]  ? __fget_files+0x2f8/0x520
[ 1792.309714]  io_submit_sqes+0x44ab/0x8610
[ 1792.310614]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1792.311715]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1792.312729]  ? find_held_lock+0x2c/0x110
[ 1792.313585]  ? io_submit_sqes+0x8610/0x8610
[ 1792.314496]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1792.315518]  ? wait_for_completion_io+0x270/0x270
[ 1792.316541]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1792.317525]  ? vfs_write+0x354/0xb10
[ 1792.318304]  ? fput_many+0x2f/0x1a0
[ 1792.319071]  ? ksys_write+0x1a9/0x260
[ 1792.319888]  ? __ia32_sys_read+0xb0/0xb0
[ 1792.320753]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1792.321850]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1792.322930]  do_syscall_64+0x33/0x40
[ 1792.323727]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1792.324800] RIP: 0033:0x7ffb15b8eb19
10:42:28 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1792.325583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1792.329610] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1792.331233] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1792.332736] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1792.334234] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1792.335755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1792.337256] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:42:41 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)

10:42:41 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x6, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:41 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:41 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000)

10:42:41 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
r7 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r10, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r11}}, 0x4)
r12 = mmap$IORING_OFF_SQES(&(0x7f00003d4000/0x3000)=nil, 0x3000, 0x3, 0x30, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r8, r12, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x101)
lseek(r6, 0x0, 0x0)
r13 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r6, r13, 0x0, 0x100000001)
bind$bt_sco(r6, &(0x7f0000000140), 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:42:41 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0)

10:42:41 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:41 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1805.401763] FAULT_INJECTION: forcing a failure.
[ 1805.401763] name failslab, interval 1, probability 0, space 0, times 0
[ 1805.404340] CPU: 1 PID: 10342 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1805.405812] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1805.407575] Call Trace:
[ 1805.408146]  dump_stack+0x107/0x167
[ 1805.408909]  should_fail.cold+0x5/0xa
[ 1805.409719]  ? create_object.isra.0+0x3a/0xa30
[ 1805.410702]  should_failslab+0x5/0x20
[ 1805.411522]  kmem_cache_alloc+0x5b/0x310
[ 1805.412384]  ? mark_held_locks+0x9e/0xe0
[ 1805.413252]  create_object.isra.0+0x3a/0xa30
[ 1805.414180]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1805.415266]  kmem_cache_alloc_bulk+0x168/0x320
[ 1805.416362]  io_submit_sqes+0x6fe7/0x8610
[ 1805.417415]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.418485]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.419528]  ? find_held_lock+0x2c/0x110
[ 1805.420396]  ? io_submit_sqes+0x8610/0x8610
[ 1805.421315]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1805.422334]  ? wait_for_completion_io+0x270/0x270
[ 1805.423377]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1805.424367]  ? vfs_write+0x354/0xb10
[ 1805.425161]  ? fput_many+0x2f/0x1a0
[ 1805.425941]  ? ksys_write+0x1a9/0x260
[ 1805.426747]  ? __ia32_sys_read+0xb0/0xb0
[ 1805.427625]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1805.428739]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1805.429832]  do_syscall_64+0x33/0x40
[ 1805.430622]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1805.431721] RIP: 0033:0x7f66d25a7b19
[ 1805.432523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1805.436464] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1805.438099] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1805.439624] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1805.441135] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1805.442661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1805.444176] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1805.455618] FAULT_INJECTION: forcing a failure.
[ 1805.455618] name failslab, interval 1, probability 0, space 0, times 0
[ 1805.458183] CPU: 1 PID: 10345 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1805.459647] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1805.461400] Call Trace:
[ 1805.461958]  dump_stack+0x107/0x167
[ 1805.462739]  should_fail.cold+0x5/0xa
[ 1805.463592]  ? ptlock_alloc+0x1d/0x70
[ 1805.464400]  should_failslab+0x5/0x20
[ 1805.465210]  kmem_cache_alloc+0x5b/0x310
[ 1805.466071]  ptlock_alloc+0x1d/0x70
[ 1805.466841]  pte_alloc_one+0x68/0x1a0
[ 1805.467657]  ? replace_page_cache_page+0x1200/0x1200
[ 1805.468739]  handle_mm_fault+0x2ab2/0x3500
[ 1805.469650]  ? __lock_acquire+0x1657/0x5b00
[ 1805.470559]  ? find_held_lock+0x2c/0x110
[ 1805.471429]  ? pgtable_bad+0x90/0x90
[ 1805.472223]  ? __pmd_alloc+0x630/0x630
[ 1805.473043]  ? vmacache_find+0x55/0x2a0
[ 1805.473931]  do_user_addr_fault+0x56e/0xc60
[ 1805.474857]  exc_page_fault+0xa2/0x1a0
[ 1805.475714]  asm_exc_page_fault+0x1e/0x30
[ 1805.476604] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1805.477886] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1805.481847] RSP: 0018:ffff88804510f7b8 EFLAGS: 00050287
[ 1805.482974] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1805.484501] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff88804510f888
[ 1805.486036] RBP: ffff88804510f888 R08: 0000000000000001 R09: ffff88804510f907
[ 1805.487557] R10: ffffed1008a21f20 R11: 0000000000000001 R12: 0000000020000100
[ 1805.489060] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1805.490607]  _copy_from_user+0x172/0x1b0
[ 1805.491479]  move_addr_to_kernel.part.0+0x31/0x110
[ 1805.492519]  move_addr_to_kernel+0x4f/0x70
[ 1805.493442]  io_connect+0x47a/0x610
[ 1805.494219]  ? io_prep_rw+0x1050/0x1050
[ 1805.495088]  ? __lock_acquire+0xbb1/0x5b00
[ 1805.495997]  io_issue_sqe+0x1611/0x77d0
[ 1805.496853]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1805.497977]  ? lock_chain_count+0x20/0x20
[ 1805.498876]  ? __is_insn_slot_addr+0x14c/0x290
[ 1805.499855]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1805.500950]  ? io_connect+0x610/0x610
[ 1805.501758]  ? lock_acquire+0x197/0x470
[ 1805.502589]  ? find_held_lock+0x2c/0x110
[ 1805.503455]  ? __fget_files+0x2cf/0x520
[ 1805.504292]  ? lock_downgrade+0x6d0/0x6d0
[ 1805.505169]  __io_queue_sqe+0x90/0x9d0
[ 1805.505990]  ? io_issue_sqe+0x77d0/0x77d0
[ 1805.506855]  ? __fget_files+0x2f8/0x520
[ 1805.507715]  io_submit_sqes+0x44ab/0x8610
[ 1805.508621]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.509689]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.510698]  ? find_held_lock+0x2c/0x110
[ 1805.511600]  ? io_submit_sqes+0x8610/0x8610
[ 1805.512511]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1805.513530]  ? wait_for_completion_io+0x270/0x270
[ 1805.514576]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1805.515565]  ? vfs_write+0x354/0xb10
[ 1805.516342]  ? fput_many+0x2f/0x1a0
[ 1805.517116]  ? ksys_write+0x1a9/0x260
[ 1805.517919]  ? __ia32_sys_read+0xb0/0xb0
[ 1805.518767]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1805.519910]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1805.521009]  do_syscall_64+0x33/0x40
[ 1805.521816]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1805.522901] RIP: 0033:0x7ffb15b8eb19
[ 1805.523686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1805.527567] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1805.529178] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1805.530697] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1805.532232] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1805.533714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1805.535277] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1805.546808] FAULT_INJECTION: forcing a failure.
[ 1805.546808] name failslab, interval 1, probability 0, space 0, times 0
[ 1805.549388] CPU: 0 PID: 10346 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1805.550875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1805.552665] Call Trace:
[ 1805.553235]  dump_stack+0x107/0x167
[ 1805.554014]  should_fail.cold+0x5/0xa
[ 1805.554830]  ? create_object.isra.0+0x3a/0xa30
[ 1805.555806]  should_failslab+0x5/0x20
[ 1805.556637]  kmem_cache_alloc+0x5b/0x310
[ 1805.557507]  create_object.isra.0+0x3a/0xa30
[ 1805.558449]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1805.559590]  kmem_cache_alloc_trace+0x151/0x320
[ 1805.560587]  ? percpu_ref_tryget_many+0x166/0x2d0
[ 1805.561622]  __io_uring_add_tctx_node+0x15c/0x520
[ 1805.562649]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[ 1805.563788]  __do_sys_io_uring_enter+0x146f/0x1890
[ 1805.564838]  ? find_held_lock+0x2c/0x110
[ 1805.565705]  ? io_submit_sqes+0x8610/0x8610
[ 1805.566648]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1805.567696]  ? wait_for_completion_io+0x270/0x270
[ 1805.568724]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1805.569717]  ? vfs_write+0x354/0xb10
[ 1805.570525]  ? fput_many+0x2f/0x1a0
[ 1805.571318]  ? ksys_write+0x1a9/0x260
[ 1805.572144]  ? __ia32_sys_read+0xb0/0xb0
[ 1805.573022]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1805.574142]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1805.575271]  do_syscall_64+0x33/0x40
[ 1805.576116]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1805.577264] RIP: 0033:0x7f88fdc0eb19
[ 1805.578088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1805.582193] RSP: 002b:00007f88fb163188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1805.583899] RAX: ffffffffffffffda RBX: 00007f88fdd22020 RCX: 00007f88fdc0eb19
[ 1805.585465] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1805.587020] RBP: 00007f88fb1631d0 R08: 0000000000000000 R09: 0000000000000000
[ 1805.588583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1805.590165] R13: 00007fff277a500f R14: 00007f88fb163300 R15: 0000000000022000
10:42:41 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x80000000000000, 0x0, 0x0)

10:42:41 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000)

10:42:41 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x600, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:41 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:41 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1805.864549] FAULT_INJECTION: forcing a failure.
[ 1805.864549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1805.867304] CPU: 1 PID: 10360 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1805.868813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1805.870571] Call Trace:
[ 1805.871134]  dump_stack+0x107/0x167
[ 1805.871905]  should_fail.cold+0x5/0xa
[ 1805.872711]  _copy_from_user+0x2e/0x1b0
[ 1805.873551]  move_addr_to_kernel.part.0+0x31/0x110
[ 1805.874630]  move_addr_to_kernel+0x4f/0x70
[ 1805.875548]  io_connect+0x47a/0x610
[ 1805.876323]  ? io_prep_rw+0x1050/0x1050
[ 1805.877172]  ? lock_acquire+0x197/0x470
[ 1805.878035]  ? __lock_acquire+0xbb1/0x5b00
[ 1805.878928]  io_issue_sqe+0x1611/0x77d0
[ 1805.879792]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1805.880896]  ? lock_chain_count+0x20/0x20
[ 1805.881785]  ? __is_insn_slot_addr+0x14c/0x290
[ 1805.882777]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1805.883905]  ? io_connect+0x610/0x610
[ 1805.884713]  ? lock_acquire+0x197/0x470
[ 1805.885552]  ? find_held_lock+0x2c/0x110
[ 1805.886428]  ? __fget_files+0x2cf/0x520
[ 1805.887267]  ? lock_downgrade+0x6d0/0x6d0
[ 1805.888148]  __io_queue_sqe+0x90/0x9d0
[ 1805.888974]  ? io_issue_sqe+0x77d0/0x77d0
[ 1805.889859]  ? __fget_files+0x2f8/0x520
[ 1805.890729]  io_submit_sqes+0x44ab/0x8610
[ 1805.891633]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.892684]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.893691]  ? find_held_lock+0x2c/0x110
[ 1805.894560]  ? io_submit_sqes+0x8610/0x8610
[ 1805.895488]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1805.896506]  ? wait_for_completion_io+0x270/0x270
[ 1805.897525]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1805.898501]  ? vfs_write+0x354/0xb10
[ 1805.899308]  ? fput_many+0x2f/0x1a0
[ 1805.900092]  ? ksys_write+0x1a9/0x260
[ 1805.900884]  ? __ia32_sys_read+0xb0/0xb0
[ 1805.901765]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1805.902856]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1805.903960]  do_syscall_64+0x33/0x40
[ 1805.904756]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1805.905828] RIP: 0033:0x7f66d25a7b19
[ 1805.906597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1805.910459] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1805.912059] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1805.913553] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1805.915042] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1805.916563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1805.918060] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1805.970807] FAULT_INJECTION: forcing a failure.
[ 1805.970807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1805.973600] CPU: 1 PID: 10365 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1805.975048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1805.976789] Call Trace:
[ 1805.977345]  dump_stack+0x107/0x167
[ 1805.978108]  should_fail.cold+0x5/0xa
[ 1805.978907]  _copy_from_user+0x2e/0x1b0
[ 1805.979775]  move_addr_to_kernel.part.0+0x31/0x110
[ 1805.980808]  move_addr_to_kernel+0x4f/0x70
[ 1805.981697]  io_connect+0x47a/0x610
[ 1805.982457]  ? io_prep_rw+0x1050/0x1050
[ 1805.983305]  ? __lock_acquire+0xbb1/0x5b00
[ 1805.984214]  io_issue_sqe+0x1611/0x77d0
[ 1805.985060]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1805.986162]  ? lock_chain_count+0x20/0x20
[ 1805.987034]  ? __is_insn_slot_addr+0x14c/0x290
[ 1805.988004]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1805.989101]  ? io_connect+0x610/0x610
[ 1805.989894]  ? lock_acquire+0x197/0x470
[ 1805.990731]  ? find_held_lock+0x2c/0x110
[ 1805.991589]  ? __fget_files+0x2cf/0x520
[ 1805.992427]  ? lock_downgrade+0x6d0/0x6d0
[ 1805.993297]  __io_queue_sqe+0x90/0x9d0
[ 1805.994121]  ? io_issue_sqe+0x77d0/0x77d0
[ 1805.994978]  ? __fget_files+0x2f8/0x520
[ 1805.995840]  io_submit_sqes+0x44ab/0x8610
[ 1805.996757]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.997821]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1805.998855]  ? find_held_lock+0x2c/0x110
[ 1805.999746]  ? io_submit_sqes+0x8610/0x8610
[ 1806.000678]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1806.001712]  ? wait_for_completion_io+0x270/0x270
[ 1806.002748]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1806.003755]  ? vfs_write+0x354/0xb10
[ 1806.004551]  ? fput_many+0x2f/0x1a0
[ 1806.005333]  ? ksys_write+0x1a9/0x260
[ 1806.006148]  ? __ia32_sys_read+0xb0/0xb0
[ 1806.007018]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1806.008158]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1806.009261]  do_syscall_64+0x33/0x40
[ 1806.010056]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1806.011150] RIP: 0033:0x7f88fdc0eb19
[ 1806.011954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1806.015891] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1806.017525] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1806.019056] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1806.020586] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1806.022116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1806.023643] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:42:54 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:54 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:54 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1818.736065] FAULT_INJECTION: forcing a failure.
10:42:54 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x2000, 0x14e)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r4, 0xc018937e, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r5=>r3, @out_args}, './file0\x00'})
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000676000/0xe000)=nil, 0xe000, 0x100000e, 0x13, r5, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
r8 = openat$incfs(0xffffffffffffffff, &(0x7f0000000140)='.pending_reads\x00', 0x20000, 0x80)
syz_io_uring_setup(0x51b3, &(0x7f0000000240)={0x0, 0x1c06, 0x1, 0x2, 0x2f5, 0x0, r8}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000743000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000340))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:42:54 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:54 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x200000000000000, 0x0, 0x0)

10:42:54 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6000000)

10:42:54 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)

[ 1818.736065] name failslab, interval 1, probability 0, space 0, times 0
[ 1818.738901] CPU: 1 PID: 10386 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1818.740367] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1818.742111] Call Trace:
[ 1818.742668]  dump_stack+0x107/0x167
[ 1818.743434]  should_fail.cold+0x5/0xa
[ 1818.744249]  ? create_object.isra.0+0x3a/0xa30
[ 1818.745201]  should_failslab+0x5/0x20
[ 1818.745990]  kmem_cache_alloc+0x5b/0x310
[ 1818.746837]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1818.748098]  create_object.isra.0+0x3a/0xa30
[ 1818.749007]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1818.750071]  kmem_cache_alloc+0x159/0x310
[ 1818.750944]  ptlock_alloc+0x1d/0x70
[ 1818.751713]  pte_alloc_one+0x68/0x1a0
[ 1818.752502]  ? replace_page_cache_page+0x1200/0x1200
[ 1818.753553]  handle_mm_fault+0x2ab2/0x3500
[ 1818.754436]  ? __lock_acquire+0x1657/0x5b00
[ 1818.755331]  ? find_held_lock+0x2c/0x110
[ 1818.756183]  ? pgtable_bad+0x90/0x90
[ 1818.756957]  ? __pmd_alloc+0x630/0x630
[ 1818.757774]  ? vmacache_find+0x55/0x2a0
[ 1818.758609]  do_user_addr_fault+0x56e/0xc60
[ 1818.759525]  exc_page_fault+0xa2/0x1a0
[ 1818.760336]  asm_exc_page_fault+0x1e/0x30
[ 1818.761194] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1818.762420] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1818.766297] RSP: 0018:ffff888047df77b8 EFLAGS: 00050287
[ 1818.767423] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1818.769001] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff888047df7888
[ 1818.770550] RBP: ffff888047df7888 R08: 0000000000000001 R09: ffff888047df7907
[ 1818.772098] R10: ffffed1008fbef20 R11: 0000000000000001 R12: 0000000020000100
[ 1818.773645] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1818.775225]  _copy_from_user+0x172/0x1b0
[ 1818.776115]  move_addr_to_kernel.part.0+0x31/0x110
[ 1818.776310] FAULT_INJECTION: forcing a failure.
[ 1818.776310] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1818.777162]  move_addr_to_kernel+0x4f/0x70
[ 1818.777185]  io_connect+0x47a/0x610
[ 1818.777207]  ? io_prep_rw+0x1050/0x1050
[ 1818.777246]  ? __lock_acquire+0xbb1/0x5b00
[ 1818.777274]  io_issue_sqe+0x1611/0x77d0
[ 1818.783984]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1818.785116]  ? lock_chain_count+0x20/0x20
[ 1818.786001]  ? __is_insn_slot_addr+0x14c/0x290
[ 1818.786989]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1818.788129]  ? io_connect+0x610/0x610
[ 1818.788948]  ? lock_acquire+0x197/0x470
[ 1818.789799]  ? find_held_lock+0x2c/0x110
[ 1818.790675]  ? __fget_files+0x2cf/0x520
[ 1818.791540]  ? lock_downgrade+0x6d0/0x6d0
[ 1818.792436]  __io_queue_sqe+0x90/0x9d0
[ 1818.793287]  ? io_issue_sqe+0x77d0/0x77d0
[ 1818.794167]  ? __fget_files+0x2f8/0x520
[ 1818.795035]  io_submit_sqes+0x44ab/0x8610
[ 1818.795985]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1818.797055]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1818.798097]  ? find_held_lock+0x2c/0x110
[ 1818.798977]  ? io_submit_sqes+0x8610/0x8610
[ 1818.799921]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1818.800961]  ? wait_for_completion_io+0x270/0x270
[ 1818.802009]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1818.803009]  ? vfs_write+0x354/0xb10
[ 1818.803822]  ? fput_many+0x2f/0x1a0
[ 1818.804611]  ? ksys_write+0x1a9/0x260
[ 1818.805433]  ? __ia32_sys_read+0xb0/0xb0
[ 1818.806314]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1818.807442]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1818.808562]  do_syscall_64+0x33/0x40
[ 1818.809368]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1818.810472] RIP: 0033:0x7ffb15b8eb19
[ 1818.811272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1818.815215] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1818.816871] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1818.818401] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1818.819938] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1818.821481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1818.823007] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1818.824590] CPU: 0 PID: 10388 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1818.826109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1818.827919] Call Trace:
[ 1818.828499]  dump_stack+0x107/0x167
[ 1818.829289]  should_fail.cold+0x5/0xa
[ 1818.830121]  _copy_from_user+0x2e/0x1b0
[ 1818.830983]  move_addr_to_kernel.part.0+0x31/0x110
[ 1818.832050]  move_addr_to_kernel+0x4f/0x70
[ 1818.832971]  io_connect+0x47a/0x610
[ 1818.833766]  ? io_prep_rw+0x1050/0x1050
[ 1818.834642]  ? __lock_acquire+0xbb1/0x5b00
[ 1818.835578]  io_issue_sqe+0x1611/0x77d0
[ 1818.836446]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1818.837596]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1818.838777]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1818.839942]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1818.841009] FAULT_INJECTION: forcing a failure.
[ 1818.841009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1818.841130]  ? io_connect+0x610/0x610
[ 1818.841163]  ? lock_acquire+0x197/0x470
[ 1818.845251]  ? find_held_lock+0x2c/0x110
[ 1818.846128]  ? __fget_files+0x2cf/0x520
[ 1818.846983]  ? lock_downgrade+0x6d0/0x6d0
[ 1818.847893]  __io_queue_sqe+0x90/0x9d0
[ 1818.848741]  ? io_issue_sqe+0x77d0/0x77d0
[ 1818.849641]  ? __fget_files+0x2f8/0x520
[ 1818.850518]  io_submit_sqes+0x44ab/0x8610
[ 1818.851445]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1818.852534]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1818.853578]  ? find_held_lock+0x2c/0x110
[ 1818.854464]  ? io_submit_sqes+0x8610/0x8610
[ 1818.855404]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1818.856466]  ? wait_for_completion_io+0x270/0x270
[ 1818.857511]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1818.858518]  ? vfs_write+0x354/0xb10
[ 1818.859330]  ? fput_many+0x2f/0x1a0
[ 1818.860123]  ? ksys_write+0x1a9/0x260
[ 1818.860940]  ? __ia32_sys_read+0xb0/0xb0
[ 1818.861819]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1818.862952]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1818.864075]  do_syscall_64+0x33/0x40
[ 1818.864880]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1818.865980] RIP: 0033:0x7f88fdc0eb19
[ 1818.866780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1818.870759] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1818.872417] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1818.873953] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1818.875505] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1818.877043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1818.878589] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1818.880185] CPU: 1 PID: 10383 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1818.881706] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1818.883500] Call Trace:
[ 1818.884066]  dump_stack+0x107/0x167
[ 1818.884846]  should_fail.cold+0x5/0xa
[ 1818.885663]  _copy_from_user+0x2e/0x1b0
[ 1818.886534]  move_addr_to_kernel.part.0+0x31/0x110
[ 1818.887607]  move_addr_to_kernel+0x4f/0x70
[ 1818.888514]  io_connect+0x47a/0x610
[ 1818.889289]  ? io_prep_rw+0x1050/0x1050
[ 1818.890158]  ? __lock_acquire+0xbb1/0x5b00
[ 1818.891080]  io_issue_sqe+0x1611/0x77d0
[ 1818.891954]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1818.893086]  ? lock_chain_count+0x20/0x20
[ 1818.893981]  ? __is_insn_slot_addr+0x14c/0x290
[ 1818.894961]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1818.896098]  ? io_connect+0x610/0x610
[ 1818.896919]  ? lock_acquire+0x197/0x470
[ 1818.897777]  ? find_held_lock+0x2c/0x110
[ 1818.898659]  ? __fget_files+0x2cf/0x520
[ 1818.899521]  ? lock_downgrade+0x6d0/0x6d0
[ 1818.900428]  __io_queue_sqe+0x90/0x9d0
[ 1818.901272]  ? io_issue_sqe+0x77d0/0x77d0
[ 1818.902177]  ? __fget_files+0x2f8/0x520
[ 1818.903058]  io_submit_sqes+0x44ab/0x8610
[ 1818.903997]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1818.905074]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1818.906120]  ? find_held_lock+0x2c/0x110
[ 1818.907001]  ? io_submit_sqes+0x8610/0x8610
[ 1818.907950]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1818.908989]  ? vfs_write+0x7f8/0xb10
[ 1818.909798]  ? wait_for_completion_io+0x270/0x270
[ 1818.910840]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1818.911853]  ? vfs_write+0x354/0xb10
[ 1818.912663]  ? copy_kernel_to_fpregs+0x9e/0xe0
[ 1818.913657]  ? trace_event_raw_event_x86_fpu+0x390/0x390
[ 1818.914827]  ? ksys_write+0x1a9/0x260
[ 1818.915657]  ? __ia32_sys_read+0xb0/0xb0
[ 1818.916550]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1818.917669]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1818.918801]  do_syscall_64+0x33/0x40
[ 1818.919626]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1818.920718] RIP: 0033:0x7f66d25a7b19
[ 1818.921526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1818.925514] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1818.927163] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1818.928710] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1818.930283] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1818.931832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1818.933380] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:42:54 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:55 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:55 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r5, 0x0, 0x0, 0x1000002)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f00000001c0)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x25c, 0x0, 0x2, 0x70bd28, 0x25dfdbff, {}, [{{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8, 0x7, 0x1}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}}]}}]}, 0x25c}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)
syz_io_uring_setup(0x42aa, &(0x7f0000000240)={0x0, 0x27c3, 0x10, 0x1, 0x293, 0x0, r5}, &(0x7f000043f000/0x4000)=nil, &(0x7f000097f000/0x4000)=nil, &(0x7f0000000140), &(0x7f00000001c0))
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:42:55 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:55 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x600000000000000, 0x0, 0x0)

10:42:55 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:42:55 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000)

[ 1819.358569] FAULT_INJECTION: forcing a failure.
[ 1819.358569] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1819.361245] CPU: 1 PID: 10416 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1819.362712] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1819.364479] Call Trace:
[ 1819.365041]  dump_stack+0x107/0x167
[ 1819.365803]  should_fail.cold+0x5/0xa
10:42:55 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31)

[ 1819.366612]  _copy_from_user+0x2e/0x1b0
[ 1819.367655]  move_addr_to_kernel.part.0+0x31/0x110
[ 1819.368690]  move_addr_to_kernel+0x4f/0x70
[ 1819.369579]  io_connect+0x47a/0x610
[ 1819.370368]  ? io_prep_rw+0x1050/0x1050
[ 1819.371225]  ? __lock_acquire+0xbb1/0x5b00
[ 1819.372129]  io_issue_sqe+0x1611/0x77d0
[ 1819.372976]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1819.374081]  ? lock_chain_count+0x20/0x20
[ 1819.374968]  ? __is_insn_slot_addr+0x14c/0x290
[ 1819.375955]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1819.377064]  ? io_connect+0x610/0x610
[ 1819.377871]  ? lock_acquire+0x197/0x470
[ 1819.378720]  ? find_held_lock+0x2c/0x110
[ 1819.379594]  ? __fget_files+0x2cf/0x520
[ 1819.380433]  ? lock_downgrade+0x6d0/0x6d0
[ 1819.381319]  __io_queue_sqe+0x90/0x9d0
[ 1819.382142]  ? io_issue_sqe+0x77d0/0x77d0
[ 1819.383027]  ? __fget_files+0x2f8/0x520
[ 1819.383892]  io_submit_sqes+0x44ab/0x8610
[ 1819.384790]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.385852]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.386885]  ? find_held_lock+0x2c/0x110
[ 1819.387774]  ? io_submit_sqes+0x8610/0x8610
[ 1819.388685]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1819.389713]  ? wait_for_completion_io+0x270/0x270
[ 1819.390734]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1819.391725]  ? vfs_write+0x354/0xb10
[ 1819.392516]  ? fput_many+0x2f/0x1a0
[ 1819.393295]  ? ksys_write+0x1a9/0x260
[ 1819.394102]  ? __ia32_sys_read+0xb0/0xb0
[ 1819.394969]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1819.396097]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1819.397202]  do_syscall_64+0x33/0x40
[ 1819.397989]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1819.399080] RIP: 0033:0x7f88fdc0eb19
[ 1819.399879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1819.403780] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1819.405404] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1819.406922] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1819.408430] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1819.409931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1819.411449] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:42:55 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1819.456536] FAULT_INJECTION: forcing a failure.
[ 1819.456536] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1819.459017] CPU: 1 PID: 10418 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1819.460449] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1819.462181] Call Trace:
[ 1819.462729]  dump_stack+0x107/0x167
[ 1819.463497]  should_fail.cold+0x5/0xa
[ 1819.464296]  _copy_from_user+0x2e/0x1b0
[ 1819.465125]  move_addr_to_kernel.part.0+0x31/0x110
[ 1819.466162]  move_addr_to_kernel+0x4f/0x70
[ 1819.467044]  io_connect+0x47a/0x610
[ 1819.467813]  ? io_prep_rw+0x1050/0x1050
[ 1819.468661]  ? __lock_acquire+0xbb1/0x5b00
[ 1819.469554]  io_issue_sqe+0x1611/0x77d0
[ 1819.470383]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1819.471464]  ? lock_chain_count+0x20/0x20
[ 1819.472326]  ? __is_insn_slot_addr+0x14c/0x290
[ 1819.473268]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1819.474355]  ? io_connect+0x610/0x610
[ 1819.475161]  ? lock_acquire+0x197/0x470
[ 1819.475992]  ? find_held_lock+0x2c/0x110
[ 1819.476841]  ? __fget_files+0x2cf/0x520
[ 1819.477653]  ? lock_downgrade+0x6d0/0x6d0
[ 1819.478507]  __io_queue_sqe+0x90/0x9d0
[ 1819.479330]  ? io_issue_sqe+0x77d0/0x77d0
[ 1819.480195]  ? __fget_files+0x2f8/0x520
[ 1819.481037]  io_submit_sqes+0x44ab/0x8610
[ 1819.481926]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.482956]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.483972]  ? find_held_lock+0x2c/0x110
[ 1819.484828]  ? io_submit_sqes+0x8610/0x8610
[ 1819.485731]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1819.486735]  ? wait_for_completion_io+0x270/0x270
[ 1819.487754]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1819.488745]  ? vfs_write+0x354/0xb10
[ 1819.489531]  ? fput_many+0x2f/0x1a0
[ 1819.490298]  ? ksys_write+0x1a9/0x260
[ 1819.491076]  ? __ia32_sys_read+0xb0/0xb0
[ 1819.491930]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1819.493022]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1819.494106]  do_syscall_64+0x33/0x40
[ 1819.494876]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1819.495921] RIP: 0033:0x7ffb15b8eb19
[ 1819.496687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1819.500478] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1819.502025] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1819.503482] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1819.504974] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1819.506447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1819.507906] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1819.517765] FAULT_INJECTION: forcing a failure.
[ 1819.517765] name failslab, interval 1, probability 0, space 0, times 0
[ 1819.520318] CPU: 0 PID: 10420 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1819.521679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1819.523274] Call Trace:
[ 1819.523795]  dump_stack+0x107/0x167
[ 1819.524512]  should_fail.cold+0x5/0xa
[ 1819.525244]  ? create_object.isra.0+0x3a/0xa30
[ 1819.526114]  should_failslab+0x5/0x20
[ 1819.526852]  kmem_cache_alloc+0x5b/0x310
[ 1819.527681]  create_object.isra.0+0x3a/0xa30
[ 1819.528534]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1819.529513]  __kmalloc_node+0x1ae/0x420
[ 1819.530297]  memcg_alloc_page_obj_cgroups+0x73/0x100
[ 1819.531278]  memcg_slab_post_alloc_hook+0x1f0/0x430
[ 1819.532262]  kmem_cache_alloc_bulk+0x182/0x320
[ 1819.533143]  io_submit_sqes+0x6fe7/0x8610
[ 1819.533974]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.534955]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.535900]  ? find_held_lock+0x2c/0x110
[ 1819.536709]  ? io_submit_sqes+0x8610/0x8610
[ 1819.537533]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1819.538458]  ? wait_for_completion_io+0x270/0x270
[ 1819.539387]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1819.540286]  ? vfs_write+0x354/0xb10
[ 1819.541007]  ? fput_many+0x2f/0x1a0
[ 1819.541699]  ? ksys_write+0x1a9/0x260
[ 1819.542436]  ? __ia32_sys_read+0xb0/0xb0
[ 1819.543221]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1819.544227]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1819.545224]  do_syscall_64+0x33/0x40
[ 1819.545933]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1819.546918] RIP: 0033:0x7f66d25a7b19
[ 1819.547660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1819.551181] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1819.552642] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1819.553996] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1819.555379] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1819.556744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1819.558097] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:42:55 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:55 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:42:55 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0)

10:42:55 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000)

10:42:55 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:42:55 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1819.851265] FAULT_INJECTION: forcing a failure.
[ 1819.851265] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1819.853341] CPU: 1 PID: 10442 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1819.854523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1819.855957] Call Trace:
[ 1819.856425]  dump_stack+0x107/0x167
[ 1819.857051]  should_fail.cold+0x5/0xa
[ 1819.857722]  _copy_from_user+0x2e/0x1b0
[ 1819.858418]  move_addr_to_kernel.part.0+0x31/0x110
[ 1819.859278]  move_addr_to_kernel+0x4f/0x70
[ 1819.860017]  io_connect+0x47a/0x610
[ 1819.860641]  ? io_prep_rw+0x1050/0x1050
[ 1819.861338]  ? __lock_acquire+0xbb1/0x5b00
[ 1819.862085]  io_issue_sqe+0x1611/0x77d0
[ 1819.862779]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1819.863694]  ? lock_chain_count+0x20/0x20
[ 1819.864417]  ? __is_insn_slot_addr+0x14c/0x290
[ 1819.865209]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1819.866106]  ? io_connect+0x610/0x610
[ 1819.866771]  ? lock_acquire+0x197/0x470
[ 1819.867449]  ? find_held_lock+0x2c/0x110
[ 1819.868154]  ? __fget_files+0x2cf/0x520
[ 1819.868833]  ? lock_downgrade+0x6d0/0x6d0
[ 1819.869559]  __io_queue_sqe+0x90/0x9d0
[ 1819.870237]  ? io_issue_sqe+0x77d0/0x77d0
[ 1819.870943]  ? __fget_files+0x2f8/0x520
[ 1819.871639]  io_submit_sqes+0x44ab/0x8610
[ 1819.872369]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.873213]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1819.874041]  ? find_held_lock+0x2c/0x110
[ 1819.874752]  ? io_submit_sqes+0x8610/0x8610
[ 1819.875504]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1819.876326]  ? wait_for_completion_io+0x270/0x270
[ 1819.877148]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1819.877942]  ? vfs_write+0x354/0xb10
[ 1819.878588]  ? fput_many+0x2f/0x1a0
[ 1819.879210]  ? ksys_write+0x1a9/0x260
[ 1819.879953]  ? __ia32_sys_read+0xb0/0xb0
[ 1819.880671]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1819.881674]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1819.882545]  do_syscall_64+0x33/0x40
[ 1819.883173]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1819.884063] RIP: 0033:0x7f88fdc0eb19
[ 1819.884698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1819.887828] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1819.889108] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1819.890308] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1819.891526] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1819.892737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1819.893941] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:43:08 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:08 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32)

10:43:08 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r4, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:43:08 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000)

10:43:08 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x6000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:08 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:08 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000000000000000, 0x0, 0x0)

10:43:08 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x200000000000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1832.142652] FAULT_INJECTION: forcing a failure.
[ 1832.142652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1832.144031] CPU: 0 PID: 10453 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1832.144817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1832.145750] Call Trace:
[ 1832.146056]  dump_stack+0x107/0x167
[ 1832.146466]  should_fail.cold+0x5/0xa
[ 1832.146897]  _copy_from_user+0x2e/0x1b0
[ 1832.147353]  move_addr_to_kernel.part.0+0x31/0x110
[ 1832.147917]  move_addr_to_kernel+0x4f/0x70
[ 1832.148397]  io_connect+0x47a/0x610
[ 1832.148809]  ? io_prep_rw+0x1050/0x1050
[ 1832.149270]  ? __lock_acquire+0xbb1/0x5b00
[ 1832.149752]  io_issue_sqe+0x1611/0x77d0
[ 1832.150204]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1832.150802]  ? lock_chain_count+0x20/0x20
[ 1832.151281]  ? __is_insn_slot_addr+0x14c/0x290
[ 1832.151815]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1832.152415]  ? io_connect+0x610/0x610
[ 1832.152849]  ? lock_acquire+0x197/0x470
[ 1832.153304]  ? find_held_lock+0x2c/0x110
[ 1832.153771]  ? __fget_files+0x2cf/0x520
[ 1832.154225]  ? lock_downgrade+0x6d0/0x6d0
[ 1832.154697]  __io_queue_sqe+0x90/0x9d0
[ 1832.155147]  ? io_issue_sqe+0x77d0/0x77d0
[ 1832.155614]  ? __fget_files+0x2f8/0x520
[ 1832.156076]  io_submit_sqes+0x44ab/0x8610
[ 1832.156558]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1832.157123]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1832.157665]  ? find_held_lock+0x2c/0x110
[ 1832.158123]  ? io_submit_sqes+0x8610/0x8610
[ 1832.158610]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1832.159156]  ? wait_for_completion_io+0x270/0x270
[ 1832.159710]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1832.160245]  ? vfs_write+0x354/0xb10
[ 1832.160666]  ? fput_many+0x2f/0x1a0
[ 1832.161083]  ? ksys_write+0x1a9/0x260
[ 1832.161514]  ? __ia32_sys_read+0xb0/0xb0
[ 1832.161976]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1832.162566]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1832.163150]  do_syscall_64+0x33/0x40
[ 1832.163567]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1832.164160] RIP: 0033:0x7f66d25a7b19
[ 1832.164577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1832.166651] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1832.167525] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1832.168345] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1832.169148] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1832.169954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1832.170761] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1832.193780] FAULT_INJECTION: forcing a failure.
[ 1832.193780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1832.195223] CPU: 0 PID: 10454 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1832.196024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1832.196969] Call Trace:
[ 1832.197285]  dump_stack+0x107/0x167
[ 1832.197709]  should_fail.cold+0x5/0xa
[ 1832.198153]  _copy_from_user+0x2e/0x1b0
[ 1832.198604]  move_addr_to_kernel.part.0+0x31/0x110
[ 1832.199162]  move_addr_to_kernel+0x4f/0x70
[ 1832.199642]  io_connect+0x47a/0x610
[ 1832.200078]  ? io_prep_rw+0x1050/0x1050
[ 1832.200551]  ? __lock_acquire+0xbb1/0x5b00
[ 1832.201050]  io_issue_sqe+0x1611/0x77d0
[ 1832.201518]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1832.202134]  ? lock_chain_count+0x20/0x20
[ 1832.202614]  ? __is_insn_slot_addr+0x14c/0x290
[ 1832.203151]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1832.203768]  ? io_connect+0x610/0x610
[ 1832.204216]  ? lock_acquire+0x197/0x470
[ 1832.204675]  ? find_held_lock+0x2c/0x110
[ 1832.205150]  ? __fget_files+0x2cf/0x520
[ 1832.205618]  ? lock_downgrade+0x6d0/0x6d0
[ 1832.206106]  __io_queue_sqe+0x90/0x9d0
[ 1832.206564]  ? io_issue_sqe+0x77d0/0x77d0
[ 1832.207044]  ? __fget_files+0x2f8/0x520
[ 1832.207524]  io_submit_sqes+0x44ab/0x8610
[ 1832.208037]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1832.208624]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1832.209186]  ? find_held_lock+0x2c/0x110
[ 1832.209659]  ? io_submit_sqes+0x8610/0x8610
[ 1832.210161]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1832.210718]  ? wait_for_completion_io+0x270/0x270
[ 1832.211279]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1832.211834]  ? vfs_write+0x354/0xb10
[ 1832.212284]  ? fput_many+0x2f/0x1a0
[ 1832.212707]  ? ksys_write+0x1a9/0x260
[ 1832.213150]  ? __ia32_sys_read+0xb0/0xb0
[ 1832.213621]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1832.214260]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1832.214858]  do_syscall_64+0x33/0x40
[ 1832.215300]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1832.215914] RIP: 0033:0x7f88fdc0eb19
[ 1832.216345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1832.218532] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1832.219431] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1832.219606] FAULT_INJECTION: forcing a failure.
[ 1832.219606] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1832.220291] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1832.220298] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1832.220306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1832.220314] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1832.228968] CPU: 1 PID: 10463 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1832.230436] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1832.232198] Call Trace:
[ 1832.232765]  dump_stack+0x107/0x167
[ 1832.233557]  should_fail.cold+0x5/0xa
[ 1832.234376]  __alloc_pages_nodemask+0x182/0x600
[ 1832.235370]  ? lock_acquire+0x197/0x470
[ 1832.236237]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1832.237505]  ? find_held_lock+0x2c/0x110
[ 1832.238379]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1832.239490]  ? lock_downgrade+0x6d0/0x6d0
[ 1832.240373]  ? mark_held_locks+0x9e/0xe0
[ 1832.241233]  alloc_pages_current+0x187/0x280
[ 1832.242163]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1832.243271]  ? replace_page_cache_page+0x1200/0x1200
[ 1832.244359]  pte_alloc_one+0x16/0x1a0
[ 1832.245163]  ? replace_page_cache_page+0x1200/0x1200
[ 1832.246240]  handle_mm_fault+0x2ab2/0x3500
[ 1832.247143]  ? __lock_acquire+0x1657/0x5b00
[ 1832.248072]  ? __pmd_alloc+0x630/0x630
[ 1832.248907]  ? vmacache_find+0x55/0x2a0
[ 1832.249762]  do_user_addr_fault+0x56e/0xc60
[ 1832.250678]  exc_page_fault+0xa2/0x1a0
[ 1832.251500]  asm_exc_page_fault+0x1e/0x30
[ 1832.252388] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1832.253519] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1832.257385] RSP: 0018:ffff888049c5f7b8 EFLAGS: 00050246
[ 1832.258667] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1832.260201] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff888049c5f888
[ 1832.261698] RBP: ffff888049c5f888 R08: 0000000000000001 R09: ffff888049c5f907
[ 1832.263222] R10: ffffed100938bf20 R11: 0000000000000001 R12: 0000000020000100
[ 1832.264738] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1832.266257]  _copy_from_user+0x172/0x1b0
[ 1832.267115]  move_addr_to_kernel.part.0+0x31/0x110
[ 1832.268152]  move_addr_to_kernel+0x4f/0x70
[ 1832.269037]  io_connect+0x47a/0x610
[ 1832.269805]  ? io_prep_rw+0x1050/0x1050
[ 1832.270664]  ? __lock_acquire+0xbb1/0x5b00
[ 1832.271555]  io_issue_sqe+0x1611/0x77d0
[ 1832.272419]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1832.273517]  ? lock_chain_count+0x20/0x20
[ 1832.274399]  ? __is_insn_slot_addr+0x14c/0x290
[ 1832.275359]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1832.276470]  ? io_connect+0x610/0x610
[ 1832.277276]  ? lock_acquire+0x197/0x470
[ 1832.278109]  ? find_held_lock+0x2c/0x110
[ 1832.278969]  ? __fget_files+0x2cf/0x520
[ 1832.279837]  ? lock_downgrade+0x6d0/0x6d0
[ 1832.280715]  __io_queue_sqe+0x90/0x9d0
[ 1832.281538]  ? io_issue_sqe+0x77d0/0x77d0
[ 1832.282407]  ? __fget_files+0x2f8/0x520
[ 1832.283265]  io_submit_sqes+0x44ab/0x8610
[ 1832.284182]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1832.285223]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1832.286249]  ? find_held_lock+0x2c/0x110
[ 1832.287101]  ? io_submit_sqes+0x8610/0x8610
[ 1832.288021]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1832.289038]  ? wait_for_completion_io+0x270/0x270
[ 1832.290053]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1832.291029]  ? vfs_write+0x354/0xb10
[ 1832.291826]  ? fput_many+0x2f/0x1a0
[ 1832.292595]  ? ksys_write+0x1a9/0x260
[ 1832.293401]  ? __ia32_sys_read+0xb0/0xb0
[ 1832.294269]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1832.295380]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1832.296481]  do_syscall_64+0x33/0x40
[ 1832.297270]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1832.298364] RIP: 0033:0x7ffb15b8eb19
[ 1832.299145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1832.303011] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1832.304633] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1832.306146] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1832.307660] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1832.309175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1832.310681] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:43:21 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:21 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000)

10:43:21 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33)

10:43:21 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0xffffffff00000000, 0x0, 0x0)

10:43:21 executing program 0:
r0 = syz_io_uring_setup(0x5e39, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4000)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, @in_args={0x1}}, './file0\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ppoll(&(0x7f0000000240)=[{r4, 0x19520}, {r6, 0x82}, {0xffffffffffffffff, 0xa109}, {0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x104ad}], 0x5, &(0x7f00000002c0), &(0x7f0000000440)={[0xb9]}, 0x8)
r7 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r10, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r11}}, 0x4)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, r6, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r12 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r12, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:43:21 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:21 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:21 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600000000000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1845.532925] FAULT_INJECTION: forcing a failure.
[ 1845.532925] name failslab, interval 1, probability 0, space 0, times 0
[ 1845.535898] CPU: 1 PID: 10483 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1845.537521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1845.539559] Call Trace:
[ 1845.540177]  dump_stack+0x107/0x167
[ 1845.540999]  should_fail.cold+0x5/0xa
[ 1845.541858]  ? ptlock_alloc+0x1d/0x70
[ 1845.542717]  should_failslab+0x5/0x20
[ 1845.543580]  kmem_cache_alloc+0x5b/0x310
[ 1845.544513]  ptlock_alloc+0x1d/0x70
[ 1845.545331]  pte_alloc_one+0x68/0x1a0
[ 1845.546194]  ? replace_page_cache_page+0x1200/0x1200
[ 1845.547322]  handle_mm_fault+0x2ab2/0x3500
[ 1845.548292]  ? __lock_acquire+0x1657/0x5b00
[ 1845.549266]  ? __pmd_alloc+0x630/0x630
[ 1845.550154]  ? vmacache_find+0x55/0x2a0
10:43:21 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1845.551074]  do_user_addr_fault+0x56e/0xc60
[ 1845.552275]  exc_page_fault+0xa2/0x1a0
[ 1845.553160]  asm_exc_page_fault+0x1e/0x30
[ 1845.554073] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1845.555259] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1845.559357] RSP: 0018:ffff8880459577b8 EFLAGS: 00050246
[ 1845.560523] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1845.562101] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff888045957888
[ 1845.563687] RBP: ffff888045957888 R08: 0000000000000001 R09: ffff888045957907
[ 1845.565289] R10: ffffed1008b2af20 R11: 0000000000000001 R12: 0000000020000100
[ 1845.566859] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1845.568511]  _copy_from_user+0x172/0x1b0
[ 1845.569429]  move_addr_to_kernel.part.0+0x31/0x110
[ 1845.570530]  move_addr_to_kernel+0x4f/0x70
[ 1845.571488]  io_connect+0x47a/0x610
[ 1845.572297]  ? io_prep_rw+0x1050/0x1050
[ 1845.573191]  ? __lock_acquire+0xbb1/0x5b00
[ 1845.574135]  io_issue_sqe+0x1611/0x77d0
[ 1845.575022]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1845.576186]  ? lock_chain_count+0x20/0x20
[ 1845.577079]  ? __is_insn_slot_addr+0x14c/0x290
[ 1845.578087]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1845.579235]  ? io_connect+0x610/0x610
[ 1845.579794] FAULT_INJECTION: forcing a failure.
[ 1845.579794] name failslab, interval 1, probability 0, space 0, times 0
[ 1845.580075]  ? lock_acquire+0x197/0x470
[ 1845.580097]  ? find_held_lock+0x2c/0x110
[ 1845.583160]  ? __fget_files+0x2cf/0x520
[ 1845.584031]  ? lock_downgrade+0x6d0/0x6d0
[ 1845.584948]  __io_queue_sqe+0x90/0x9d0
[ 1845.585791]  ? io_issue_sqe+0x77d0/0x77d0
[ 1845.586688]  ? __fget_files+0x2f8/0x520
[ 1845.587571]  io_submit_sqes+0x44ab/0x8610
[ 1845.588522]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1845.589612]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1845.590678]  ? find_held_lock+0x2c/0x110
[ 1845.591564]  ? io_submit_sqes+0x8610/0x8610
[ 1845.592485]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1845.593488]  ? wait_for_completion_io+0x270/0x270
[ 1845.594491]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1845.595458]  ? vfs_write+0x354/0xb10
[ 1845.596246]  ? fput_many+0x2f/0x1a0
[ 1845.597005]  ? ksys_write+0x1a9/0x260
[ 1845.597797]  ? __ia32_sys_read+0xb0/0xb0
[ 1845.598645]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1845.599740]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1845.600835]  do_syscall_64+0x33/0x40
[ 1845.601613]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1845.602677] RIP: 0033:0x7ffb15b8eb19
[ 1845.603470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1845.607269] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1845.608834] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1845.610299] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1845.611755] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1845.613223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1845.614688] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1845.616222] CPU: 0 PID: 10496 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1845.617078] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1845.618068] Call Trace:
[ 1845.618403]  dump_stack+0x107/0x167
[ 1845.618842]  should_fail.cold+0x5/0xa
[ 1845.619297]  ? create_object.isra.0+0x3a/0xa30
[ 1845.619863]  should_failslab+0x5/0x20
[ 1845.620327]  kmem_cache_alloc+0x5b/0x310
[ 1845.620811]  ? mark_held_locks+0x9e/0xe0
[ 1845.621305]  create_object.isra.0+0x3a/0xa30
[ 1845.621827]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1845.622445]  kmem_cache_alloc+0x159/0x310
[ 1845.622963]  xas_alloc+0x336/0x440
[ 1845.623408]  xas_create+0x34a/0x10d0
[ 1845.623879]  ? kernel_text_address+0xf2/0x120
[ 1845.624410]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1845.625037]  xas_store+0x8c/0x1c40
[ 1845.625475]  __xa_store+0x164/0x2d0
[ 1845.625914]  ? xa_delete_node+0x280/0x280
[ 1845.626418]  ? trace_hardirqs_on+0x5b/0x180
[ 1845.626936]  xa_store+0x31/0x50
[ 1845.627335]  __io_uring_add_tctx_node+0x1cf/0x520
[ 1845.627920]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[ 1845.628554]  __do_sys_io_uring_enter+0x146f/0x1890
[ 1845.629153]  ? find_held_lock+0x2c/0x110
[ 1845.629635]  ? io_submit_sqes+0x8610/0x8610
[ 1845.630157]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1845.630731]  ? wait_for_completion_io+0x270/0x270
[ 1845.631309]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1845.631871]  ? vfs_write+0x354/0xb10
[ 1845.632311]  ? fput_many+0x2f/0x1a0
[ 1845.632748]  ? ksys_write+0x1a9/0x260
[ 1845.633204]  ? __ia32_sys_read+0xb0/0xb0
[ 1845.633691]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1845.634321]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1845.634937]  do_syscall_64+0x33/0x40
[ 1845.635385]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1845.636000] RIP: 0033:0x7f88fdc0eb19
[ 1845.636444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1845.638636] RSP: 002b:00007f88fb163188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1845.639539] RAX: ffffffffffffffda RBX: 00007f88fdd22020 RCX: 00007f88fdc0eb19
[ 1845.640395] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1845.641240] RBP: 00007f88fb1631d0 R08: 0000000000000000 R09: 0000000000000000
[ 1845.642084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1845.642925] R13: 00007fff277a500f R14: 00007f88fb163300 R15: 0000000000022000
[ 1845.648492] FAULT_INJECTION: forcing a failure.
[ 1845.648492] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1845.650094] CPU: 0 PID: 10486 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1845.650919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1845.651896] Call Trace:
[ 1845.652211]  dump_stack+0x107/0x167
[ 1845.652647]  should_fail.cold+0x5/0xa
[ 1845.653106]  _copy_from_user+0x2e/0x1b0
[ 1845.653587]  move_addr_to_kernel.part.0+0x31/0x110
[ 1845.654173]  move_addr_to_kernel+0x4f/0x70
[ 1845.654677]  io_connect+0x47a/0x610
[ 1845.655111]  ? io_prep_rw+0x1050/0x1050
[ 1845.655596]  ? __lock_acquire+0xbb1/0x5b00
[ 1845.656112]  io_issue_sqe+0x1611/0x77d0
[ 1845.656589]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1845.657211]  ? lock_chain_count+0x20/0x20
[ 1845.657704]  ? __is_insn_slot_addr+0x14c/0x290
[ 1845.658249]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1845.658871]  ? io_connect+0x610/0x610
[ 1845.659326]  ? lock_acquire+0x197/0x470
[ 1845.659800]  ? find_held_lock+0x2c/0x110
[ 1845.660303]  ? __fget_files+0x2cf/0x520
[ 1845.660771]  ? lock_downgrade+0x6d0/0x6d0
[ 1845.661261]  __io_queue_sqe+0x90/0x9d0
[ 1845.661724]  ? io_issue_sqe+0x77d0/0x77d0
[ 1845.662213]  ? __fget_files+0x2f8/0x520
[ 1845.662689]  io_submit_sqes+0x44ab/0x8610
[ 1845.663207]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1845.663796]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1845.664374]  ? find_held_lock+0x2c/0x110
[ 1845.664857]  ? io_submit_sqes+0x8610/0x8610
[ 1845.665371]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1845.665942]  ? wait_for_completion_io+0x270/0x270
[ 1845.666515]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1845.667062]  ? vfs_write+0x354/0xb10
[ 1845.667500]  ? fput_many+0x2f/0x1a0
[ 1845.667938]  ? ksys_write+0x1a9/0x260
[ 1845.668389]  ? __ia32_sys_read+0xb0/0xb0
[ 1845.668868]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1845.669497]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1845.670105]  do_syscall_64+0x33/0x40
[ 1845.670547]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1845.671156] RIP: 0033:0x7f66d25a7b19
[ 1845.671595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1845.673779] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1845.674680] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1845.675519] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1845.676384] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1845.677225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1845.678056] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:43:21 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:21 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:43:21 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:21 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2)

10:43:21 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x70ce, &(0x7f00000007c0)={0x0, 0xa47d, 0x6, 0x0, 0x3ce, 0x0, r0}, &(0x7f0000b06000/0x3000)=nil, &(0x7f00007a2000/0x2000)=nil, &(0x7f0000000280), &(0x7f0000000840))
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r6, 0x0, 0x0, 0x1000002)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f00000001c0)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="5c020000", @ANYRES16=0x0, @ANYBLOB="020028bd7000ffdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="0001028040000100240001006d6864650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f000500240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b0000000800040000040000080006008c493b5cbbee89a66c33179c7d3757261f0e3aa9bcd75d95a92226d557b81590c68a1d5a4b8b554080e4cd1a2e69e32856756ea4d478c6d2e32013ca7c47ad0c641d1d6da59b9c60f02b9c1e829efb412a2eda68d3bc80a6b426c4f9bdb0c371e576989d8b3d219be1d4950e7bfeb0b14707b26621c49b579ce464aab498be9653cb87fedfb773245ba89d5c687c31c02625dea339fafdc35ce84d06cb5db7c45e194c2f542ca21c95930b06bd725a02f3f6f90e8424f74701748fb6f77c1418096e99d979d98fa3af8b42948d194d8e7cac7ffd8969e19f897c4eff414917bb7d525a9e848cb76e60aad36c81329bb01278815abaa4ce", @ANYRES32=r7, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040001000080080007000100000008000100", @ANYRES32=0x0, @ANYBLOB="f40002803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="3800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r7, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r7, @ANYBLOB="08000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="3c00028038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400faffffff"], 0x25c}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)
r8 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3, 0xda}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
r11 = socket$inet6_udplite(0xa, 0x2, 0x88)
r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r11, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r12}}, 0x4)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000240)=@IORING_OP_OPENAT2={0x1c, 0x4, 0x0, r6, &(0x7f0000000140)={0x1, 0x120, 0x1}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r12}}, 0x8)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:43:21 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x200000000000000)

10:43:21 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34)

[ 1845.910514] FAULT_INJECTION: forcing a failure.
[ 1845.910514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1845.912123] CPU: 0 PID: 10511 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1845.912911] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1845.913860] Call Trace:
[ 1845.914167]  dump_stack+0x107/0x167
[ 1845.914583]  should_fail.cold+0x5/0xa
[ 1845.915017]  _copy_from_user+0x2e/0x1b0
[ 1845.915481]  move_addr_to_kernel.part.0+0x31/0x110
[ 1845.916058]  move_addr_to_kernel+0x4f/0x70
[ 1845.916543]  io_connect+0x47a/0x610
[ 1845.916964]  ? io_prep_rw+0x1050/0x1050
[ 1845.917433]  ? __lock_acquire+0xbb1/0x5b00
[ 1845.917920]  io_issue_sqe+0x1611/0x77d0
[ 1845.918378]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1845.918968]  ? lock_chain_count+0x20/0x20
[ 1845.919442]  ? lock_chain_count+0x20/0x20
[ 1845.919921]  ? __is_insn_slot_addr+0x14c/0x290
[ 1845.920448]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1845.921038]  ? io_connect+0x610/0x610
[ 1845.921479]  ? lock_acquire+0x197/0x470
[ 1845.921933]  ? find_held_lock+0x2c/0x110
[ 1845.922406]  ? __fget_files+0x2cf/0x520
[ 1845.922861]  ? lock_downgrade+0x6d0/0x6d0
[ 1845.923342]  __io_queue_sqe+0x90/0x9d0
[ 1845.923785]  ? io_issue_sqe+0x77d0/0x77d0
[ 1845.924309]  ? __fget_files+0x2f8/0x520
[ 1845.924771]  io_submit_sqes+0x44ab/0x8610
[ 1845.925258]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1845.925824]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1845.926377]  ? find_held_lock+0x2c/0x110
[ 1845.926853]  ? io_submit_sqes+0x8610/0x8610
[ 1845.927350]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1845.927902]  ? wait_for_completion_io+0x270/0x270
[ 1845.928459]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1845.928992]  ? vfs_write+0x354/0xb10
[ 1845.929415]  ? fput_many+0x2f/0x1a0
[ 1845.929833]  ? ksys_write+0x1a9/0x260
[ 1845.930272]  ? __ia32_sys_read+0xb0/0xb0
[ 1845.930743]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1845.931342]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1845.931937]  do_syscall_64+0x33/0x40
[ 1845.932364]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1845.932956] RIP: 0033:0x7f66d25a7b19
[ 1845.933380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1845.935482] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1845.936353] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1845.937166] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1845.937971] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1845.938789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1845.939596] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:43:21 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:21 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000000000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1846.014023] FAULT_INJECTION: forcing a failure.
[ 1846.014023] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1846.016714] CPU: 1 PID: 10523 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1846.018153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1846.019883] Call Trace:
[ 1846.020452]  dump_stack+0x107/0x167
[ 1846.021208]  should_fail.cold+0x5/0xa
[ 1846.022008]  _copy_from_user+0x2e/0x1b0
[ 1846.022839]  move_addr_to_kernel.part.0+0x31/0x110
[ 1846.023865]  move_addr_to_kernel+0x4f/0x70
[ 1846.024590] FAULT_INJECTION: forcing a failure.
[ 1846.024590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1846.024733]  io_connect+0x47a/0x610
[ 1846.026817]  ? io_prep_rw+0x1050/0x1050
[ 1846.027648]  ? __lock_acquire+0xbb1/0x5b00
[ 1846.028524]  io_issue_sqe+0x1611/0x77d0
[ 1846.029351]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1846.030420]  ? lock_chain_count+0x20/0x20
[ 1846.031273]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1846.032351]  ? io_connect+0x610/0x610
[ 1846.033137]  ? lock_acquire+0x197/0x470
[ 1846.033949]  ? find_held_lock+0x2c/0x110
[ 1846.034803]  ? __fget_files+0x2cf/0x520
[ 1846.035622]  ? lock_downgrade+0x6d0/0x6d0
[ 1846.036702]  __io_queue_sqe+0x90/0x9d0
[ 1846.037734]  ? io_issue_sqe+0x77d0/0x77d0
[ 1846.038819]  ? __fget_files+0x2f8/0x520
[ 1846.039884]  io_submit_sqes+0x44ab/0x8610
[ 1846.041039]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1846.042323]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1846.043569]  ? find_held_lock+0x2c/0x110
[ 1846.044650]  ? io_submit_sqes+0x8610/0x8610
[ 1846.045753]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1846.046763]  ? wait_for_completion_io+0x270/0x270
[ 1846.047816]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1846.048899]  ? vfs_write+0x354/0xb10
[ 1846.049781]  ? fput_many+0x2f/0x1a0
[ 1846.050524]  ? ksys_write+0x1a9/0x260
[ 1846.051301]  ? __ia32_sys_read+0xb0/0xb0
[ 1846.052142]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1846.053221]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1846.054278]  do_syscall_64+0x33/0x40
[ 1846.055036]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1846.056089] RIP: 0033:0x7f88fdc0eb19
[ 1846.056853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1846.060600] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1846.062154] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1846.063605] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1846.065064] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1846.066517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1846.067982] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1846.069453] CPU: 0 PID: 10527 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1846.070286] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1846.071239] Call Trace:
[ 1846.071550]  dump_stack+0x107/0x167
[ 1846.071976]  should_fail.cold+0x5/0xa
[ 1846.072417]  _copy_from_user+0x2e/0x1b0
[ 1846.072874]  move_addr_to_kernel.part.0+0x31/0x110
[ 1846.073434]  move_addr_to_kernel+0x4f/0x70
[ 1846.073918]  io_connect+0x47a/0x610
[ 1846.074345]  ? io_prep_rw+0x1050/0x1050
[ 1846.074810]  ? __lock_acquire+0xbb1/0x5b00
[ 1846.075306]  io_issue_sqe+0x1611/0x77d0
[ 1846.075772]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1846.076394]  ? lock_chain_count+0x20/0x20
[ 1846.076864]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1846.077459]  ? io_connect+0x610/0x610
[ 1846.077903]  ? lock_acquire+0x197/0x470
[ 1846.078365]  ? find_held_lock+0x2c/0x110
[ 1846.078831]  ? __fget_files+0x2cf/0x520
[ 1846.079293]  ? lock_downgrade+0x6d0/0x6d0
[ 1846.079764]  __io_queue_sqe+0x90/0x9d0
[ 1846.080216]  ? io_issue_sqe+0x77d0/0x77d0
[ 1846.080681]  ? __fget_files+0x2f8/0x520
[ 1846.081144]  io_submit_sqes+0x44ab/0x8610
[ 1846.081630]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1846.082216]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1846.082768]  ? find_held_lock+0x2c/0x110
[ 1846.083241]  ? io_submit_sqes+0x8610/0x8610
[ 1846.083735]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1846.084301]  ? wait_for_completion_io+0x270/0x270
[ 1846.084863]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1846.085406]  ? vfs_write+0x354/0xb10
[ 1846.085830]  ? fput_many+0x2f/0x1a0
[ 1846.086246]  ? ksys_write+0x1a9/0x260
[ 1846.086690]  ? __ia32_sys_read+0xb0/0xb0
[ 1846.087156]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1846.087765]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1846.088367]  do_syscall_64+0x33/0x40
[ 1846.088791]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1846.089374] RIP: 0033:0x7ffb15b8eb19
[ 1846.089795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1846.091884] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1846.092751] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1846.093564] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1846.094377] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1846.095196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1846.096031] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1861.117840] FAULT_INJECTION: forcing a failure.
[ 1861.117840] name failslab, interval 1, probability 0, space 0, times 0
[ 1861.119389] CPU: 0 PID: 10547 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1861.120282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1861.121353] Call Trace:
[ 1861.121692]  dump_stack+0x107/0x167
[ 1861.122160]  should_fail.cold+0x5/0xa
[ 1861.122644]  should_failslab+0x5/0x20
[ 1861.123129]  kmem_cache_alloc_bulk+0x4b/0x320
[ 1861.123924]  io_submit_sqes+0x6fe7/0x8610
[ 1861.124474]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.125112]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.125818]  ? find_held_lock+0x2c/0x110
[ 1861.126339]  ? io_submit_sqes+0x8610/0x8610
[ 1861.126899]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1861.127525]  ? wait_for_completion_io+0x270/0x270
[ 1861.128147]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1861.128730]  ? vfs_write+0x354/0xb10
[ 1861.129203]  ? fput_many+0x2f/0x1a0
[ 1861.129660]  ? ksys_write+0x1a9/0x260
[ 1861.130144]  ? __ia32_sys_read+0xb0/0xb0
[ 1861.130659]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1861.131322]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1861.131973]  do_syscall_64+0x33/0x40
[ 1861.132487]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1861.133135] RIP: 0033:0x7f88fdc0eb19
[ 1861.133608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1861.135956] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1861.136933] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1861.137834] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1861.138738] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1861.139661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1861.140566] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1861.141663] FAULT_INJECTION: forcing a failure.
10:43:37 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35)

10:43:37 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600000000000000)

10:43:37 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x80000000000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:37 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_complete(0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
r8 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
r11 = socket$inet6_udplite(0xa, 0x2, 0x88)
r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r11, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r12}}, 0x4)
syz_io_uring_submit(0x0, r7, &(0x7f0000000240)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r12}}, 0xbbc)
r13 = socket$inet6_udplite(0xa, 0x2, 0x88)
r14 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r13, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r14}}, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r14}}, 0x2)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r15 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r15, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:43:37 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:37 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffff00000000)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:43:37 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6)

10:43:37 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1861.141663] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1861.145186] CPU: 1 PID: 10543 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1861.146997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1861.149146] Call Trace:
[ 1861.149827]  dump_stack+0x107/0x167
[ 1861.150759]  should_fail.cold+0x5/0xa
[ 1861.151749]  __alloc_pages_nodemask+0x182/0x600
[ 1861.152956]  ? lock_acquire+0x197/0x470
[ 1861.153975]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1861.155294] FAULT_INJECTION: forcing a failure.
[ 1861.155294] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1861.155513]  ? find_held_lock+0x2c/0x110
[ 1861.155548]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1861.159302]  ? lock_downgrade+0x6d0/0x6d0
[ 1861.160367]  ? mark_held_locks+0x9e/0xe0
[ 1861.161227]  alloc_pages_current+0x187/0x280
[ 1861.162152]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1861.163265]  ? replace_page_cache_page+0x1200/0x1200
[ 1861.164340]  pte_alloc_one+0x16/0x1a0
[ 1861.165136]  ? replace_page_cache_page+0x1200/0x1200
[ 1861.166200]  handle_mm_fault+0x2ab2/0x3500
[ 1861.167089]  ? __lock_acquire+0x1657/0x5b00
[ 1861.167982]  ? find_held_lock+0x2c/0x110
[ 1861.168842]  ? pgtable_bad+0x90/0x90
[ 1861.169626]  ? __pmd_alloc+0x630/0x630
[ 1861.170459]  ? vmacache_find+0x55/0x2a0
[ 1861.171307]  do_user_addr_fault+0x56e/0xc60
[ 1861.172229]  exc_page_fault+0xa2/0x1a0
[ 1861.173049]  asm_exc_page_fault+0x1e/0x30
[ 1861.173945] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1861.175188] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1861.179068] RSP: 0018:ffff888047ff77b8 EFLAGS: 00050287
[ 1861.180190] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1861.181688] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff888047ff7888
[ 1861.183171] RBP: ffff888047ff7888 R08: 0000000000000001 R09: ffff888047ff7907
[ 1861.184676] R10: ffffed1008ffef20 R11: 0000000000000001 R12: 0000000020000100
[ 1861.186182] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1861.187715]  _copy_from_user+0x172/0x1b0
[ 1861.188585]  move_addr_to_kernel.part.0+0x31/0x110
[ 1861.189621]  move_addr_to_kernel+0x4f/0x70
[ 1861.190518]  io_connect+0x47a/0x610
[ 1861.191285]  ? io_prep_rw+0x1050/0x1050
[ 1861.192141]  ? __lock_acquire+0xbb1/0x5b00
[ 1861.193032]  io_issue_sqe+0x1611/0x77d0
[ 1861.193884]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1861.194976]  ? lock_chain_count+0x20/0x20
[ 1861.195848]  ? __is_insn_slot_addr+0x14c/0x290
[ 1861.196829]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1861.197922]  ? io_connect+0x610/0x610
[ 1861.198721]  ? lock_acquire+0x197/0x470
[ 1861.199545]  ? find_held_lock+0x2c/0x110
[ 1861.200406]  ? __fget_files+0x2cf/0x520
[ 1861.201236]  ? lock_downgrade+0x6d0/0x6d0
[ 1861.202093]  __io_queue_sqe+0x90/0x9d0
[ 1861.202910]  ? io_issue_sqe+0x77d0/0x77d0
[ 1861.203791]  ? __fget_files+0x2f8/0x520
[ 1861.204650]  io_submit_sqes+0x44ab/0x8610
[ 1861.205562]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.206598]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.207600]  ? find_held_lock+0x2c/0x110
[ 1861.208466]  ? io_submit_sqes+0x8610/0x8610
[ 1861.209376]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1861.210386]  ? wait_for_completion_io+0x270/0x270
[ 1861.211400]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1861.212372]  ? vfs_write+0x354/0xb10
[ 1861.213158]  ? fput_many+0x2f/0x1a0
[ 1861.213910]  ? ksys_write+0x1a9/0x260
[ 1861.214709]  ? __ia32_sys_read+0xb0/0xb0
[ 1861.215563]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1861.216660]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1861.217738]  do_syscall_64+0x33/0x40
[ 1861.218512]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1861.219581] RIP: 0033:0x7ffb15b8eb19
[ 1861.220363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1861.224201] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1861.225783] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1861.227267] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1861.228768] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1861.230282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1861.231799] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1861.233333] CPU: 0 PID: 10542 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1861.234201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1861.235228] Call Trace:
[ 1861.235561]  dump_stack+0x107/0x167
[ 1861.236003]  should_fail.cold+0x5/0xa
[ 1861.236480]  _copy_from_user+0x2e/0x1b0
[ 1861.236965]  move_addr_to_kernel.part.0+0x31/0x110
[ 1861.237563]  move_addr_to_kernel+0x4f/0x70
[ 1861.238078]  io_connect+0x47a/0x610
[ 1861.238526]  ? io_prep_rw+0x1050/0x1050
[ 1861.239016]  ? __lock_acquire+0xbb1/0x5b00
[ 1861.239534]  io_issue_sqe+0x1611/0x77d0
[ 1861.240031]  ? lock_chain_count+0x20/0x20
[ 1861.240535]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1861.241166]  ? lock_chain_count+0x20/0x20
[ 1861.241669]  ? __is_insn_slot_addr+0x14c/0x290
[ 1861.242224]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1861.242863]  ? io_connect+0x610/0x610
[ 1861.243330]  ? lock_acquire+0x197/0x470
[ 1861.243821]  ? find_held_lock+0x2c/0x110
[ 1861.244319]  ? __fget_files+0x2cf/0x520
[ 1861.244795]  ? lock_downgrade+0x6d0/0x6d0
[ 1861.245293]  __io_queue_sqe+0x90/0x9d0
[ 1861.245764]  ? io_issue_sqe+0x77d0/0x77d0
[ 1861.246257]  ? __fget_files+0x2f8/0x520
[ 1861.246746]  io_submit_sqes+0x44ab/0x8610
[ 1861.247258]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.247852]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.248436]  ? find_held_lock+0x2c/0x110
[ 1861.248922]  ? io_submit_sqes+0x8610/0x8610
[ 1861.249440]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1861.250018]  ? wait_for_completion_io+0x270/0x270
[ 1861.250598]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1861.251164]  ? vfs_write+0x354/0xb10
[ 1861.251621]  ? fput_many+0x2f/0x1a0
[ 1861.252066]  ? ksys_write+0x1a9/0x260
[ 1861.252521]  ? __ia32_sys_read+0xb0/0xb0
[ 1861.253008]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1861.253633]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1861.254249]  do_syscall_64+0x33/0x40
[ 1861.254692]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1861.255305] RIP: 0033:0x7f66d25a7b19
[ 1861.255751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1861.257953] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1861.258864] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1861.259718] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1861.260574] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1861.261424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1861.262274] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:43:37 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000)

10:43:37 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1861.407934] FAULT_INJECTION: forcing a failure.
[ 1861.407934] name failslab, interval 1, probability 0, space 0, times 0
[ 1861.409483] CPU: 0 PID: 10561 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1861.410278] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1861.411262] Call Trace:
[ 1861.411568]  dump_stack+0x107/0x167
[ 1861.412001]  should_fail.cold+0x5/0xa
[ 1861.412460]  ? create_object.isra.0+0x3a/0xa30
[ 1861.413003]  should_failslab+0x5/0x20
[ 1861.413441]  kmem_cache_alloc+0x5b/0x310
[ 1861.413913]  create_object.isra.0+0x3a/0xa30
[ 1861.414419]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1861.415003]  kmem_cache_alloc_bulk+0x168/0x320
[ 1861.415543]  io_submit_sqes+0x6fe7/0x8610
[ 1861.416039]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.416622]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.417181]  ? find_held_lock+0x2c/0x110
[ 1861.417651]  ? io_submit_sqes+0x8610/0x8610
[ 1861.418150]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1861.418704]  ? wait_for_completion_io+0x270/0x270
[ 1861.419257]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1861.419794]  ? vfs_write+0x354/0xb10
[ 1861.420229]  ? fput_many+0x2f/0x1a0
[ 1861.420648]  ? ksys_write+0x1a9/0x260
[ 1861.421099]  ? __ia32_sys_read+0xb0/0xb0
[ 1861.421574]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1861.422181]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1861.422782]  do_syscall_64+0x33/0x40
[ 1861.423212]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1861.423797] RIP: 0033:0x7f88fdc0eb19
[ 1861.424259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1861.426391] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1861.427269] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1861.428094] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1861.428908] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1861.429737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1861.430570] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:43:37 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600)

10:43:37 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x200000000000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:37 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36)

[ 1861.595640] FAULT_INJECTION: forcing a failure.
[ 1861.595640] name failslab, interval 1, probability 0, space 0, times 0
[ 1861.597090] CPU: 0 PID: 10569 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1861.597879] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1861.598832] Call Trace:
[ 1861.599141]  dump_stack+0x107/0x167
[ 1861.599563]  should_fail.cold+0x5/0xa
[ 1861.600006]  ? ptlock_alloc+0x1d/0x70
[ 1861.600463]  should_failslab+0x5/0x20
[ 1861.600899]  kmem_cache_alloc+0x5b/0x310
[ 1861.601391]  ptlock_alloc+0x1d/0x70
[ 1861.601807]  pte_alloc_one+0x68/0x1a0
[ 1861.602248]  ? replace_page_cache_page+0x1200/0x1200
[ 1861.602838]  handle_mm_fault+0x2ab2/0x3500
[ 1861.603330]  ? __lock_acquire+0x1657/0x5b00
[ 1861.603827]  ? __pmd_alloc+0x630/0x630
[ 1861.604290]  ? vmacache_find+0x55/0x2a0
[ 1861.604749]  do_user_addr_fault+0x56e/0xc60
[ 1861.605249]  exc_page_fault+0xa2/0x1a0
[ 1861.605701]  asm_exc_page_fault+0x1e/0x30
[ 1861.606195] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1861.606820] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1861.608938] RSP: 0018:ffff88804901f7b8 EFLAGS: 00050246
[ 1861.609553] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1861.610369] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88804901f888
[ 1861.611188] RBP: ffff88804901f888 R08: 0000000000000001 R09: ffff88804901f907
[ 1861.612029] R10: ffffed1009203f20 R11: 0000000000000001 R12: 0000000020000100
[ 1861.612852] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1861.613692]  _copy_from_user+0x172/0x1b0
[ 1861.614173]  move_addr_to_kernel.part.0+0x31/0x110
[ 1861.614752]  move_addr_to_kernel+0x4f/0x70
[ 1861.615239]  io_connect+0x47a/0x610
[ 1861.615658]  ? io_prep_rw+0x1050/0x1050
[ 1861.616143]  ? __lock_acquire+0xbb1/0x5b00
[ 1861.616636]  io_issue_sqe+0x1611/0x77d0
[ 1861.617101]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1861.617699]  ? lock_chain_count+0x20/0x20
[ 1861.618180]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1861.618786]  ? io_connect+0x610/0x610
[ 1861.619228]  ? lock_acquire+0x197/0x470
[ 1861.619680]  ? find_held_lock+0x2c/0x110
[ 1861.620156]  ? __fget_files+0x2cf/0x520
[ 1861.620634]  ? lock_downgrade+0x6d0/0x6d0
[ 1861.621122]  __io_queue_sqe+0x90/0x9d0
[ 1861.621595]  ? io_issue_sqe+0x77d0/0x77d0
[ 1861.622083]  ? __fget_files+0x2f8/0x520
[ 1861.622559]  io_submit_sqes+0x44ab/0x8610
[ 1861.623044]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.623611]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1861.624200]  ? find_held_lock+0x2c/0x110
[ 1861.624667]  ? io_submit_sqes+0x8610/0x8610
[ 1861.625179]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1861.625748]  ? wait_for_completion_io+0x270/0x270
[ 1861.626332]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1861.626866]  ? vfs_write+0x354/0xb10
[ 1861.627339]  ? fput_many+0x2f/0x1a0
[ 1861.627774]  ? ksys_write+0x1a9/0x260
[ 1861.628258]  ? __ia32_sys_read+0xb0/0xb0
[ 1861.628728]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1861.629349]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1861.629945]  do_syscall_64+0x33/0x40
[ 1861.630378]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1861.630974] RIP: 0033:0x7ffb15b8eb19
[ 1861.631414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1861.633626] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1861.634540] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1861.635355] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1861.636385] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1861.637222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1861.638040] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:43:50 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:50 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37)

10:43:50 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x600000000000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:50 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r5, 0x0, 0x0)
r6 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x100000001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000002, 0x1f012, r6, 0x1000)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @multicast1}, &(0x7f00000001c0)=0x10, 0x800)

10:43:50 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:43:50 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000)

10:43:50 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000000000000)

10:43:50 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0x0, 0x20, 0x40000000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000140)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x0, @fd_index, 0x100000001, 0x4b, 0x6, 0x3, 0x1, {0x2, r5}}, 0x200)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x2020, 0x0, {0x0, r6}}, 0x4)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000162000/0x4000)=nil, 0x4000, 0x2000000, 0xcbb1dab7b5ac6210, r0, 0x10000000)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r8, 0x0, 0x0)
r9 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r8, r9, 0x0, 0x100000001)
syz_io_uring_submit(0x0, r7, &(0x7f0000000240)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x2, 0x0, r9, &(0x7f0000000200)={0xd0002007}, r0, 0x3, 0x0, 0x1}, 0x4)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000340), 0xb}, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r10, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1874.819984] FAULT_INJECTION: forcing a failure.
[ 1874.819984] name failslab, interval 1, probability 0, space 0, times 0
[ 1874.822465] CPU: 1 PID: 10584 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1874.823944] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1874.825794] Call Trace:
[ 1874.826376]  dump_stack+0x107/0x167
[ 1874.827158]  should_fail.cold+0x5/0xa
[ 1874.827971]  ? create_object.isra.0+0x3a/0xa30
[ 1874.828952]  should_failslab+0x5/0x20
[ 1874.829764]  kmem_cache_alloc+0x5b/0x310
[ 1874.830643]  ? mark_held_locks+0x9e/0xe0
[ 1874.831507]  create_object.isra.0+0x3a/0xa30
[ 1874.832457]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1874.833550]  kmem_cache_alloc_bulk+0x168/0x320
[ 1874.834526]  io_submit_sqes+0x6fe7/0x8610
[ 1874.835434]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1874.836503]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1874.837549]  ? find_held_lock+0x2c/0x110
[ 1874.838422]  ? io_submit_sqes+0x8610/0x8610
[ 1874.839354]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1874.840409]  ? wait_for_completion_io+0x270/0x270
[ 1874.841474]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1874.842465]  ? vfs_write+0x354/0xb10
[ 1874.843273]  ? fput_many+0x2f/0x1a0
[ 1874.844062]  ? ksys_write+0x1a9/0x260
[ 1874.844898]  ? __ia32_sys_read+0xb0/0xb0
[ 1874.845786]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1874.846923]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1874.848041]  do_syscall_64+0x33/0x40
[ 1874.848855]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1874.849957] RIP: 0033:0x7f88fdc0eb19
[ 1874.850762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1874.854726] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1874.856378] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1874.857913] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1874.859443] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1874.860989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1874.862522] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1874.879521] FAULT_INJECTION: forcing a failure.
[ 1874.879521] name failslab, interval 1, probability 0, space 0, times 0
[ 1874.880963] CPU: 0 PID: 10595 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1874.881838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1874.882875] Call Trace:
[ 1874.883212]  dump_stack+0x107/0x167
[ 1874.883680]  should_fail.cold+0x5/0xa
[ 1874.884161]  ? create_object.isra.0+0x3a/0xa30
[ 1874.884749]  should_failslab+0x5/0x20
[ 1874.885233]  kmem_cache_alloc+0x5b/0x310
[ 1874.885751]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1874.886518]  create_object.isra.0+0x3a/0xa30
[ 1874.887085]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1874.887730]  kmem_cache_alloc+0x159/0x310
[ 1874.888274]  ptlock_alloc+0x1d/0x70
[ 1874.888735]  pte_alloc_one+0x68/0x1a0
[ 1874.889226]  ? replace_page_cache_page+0x1200/0x1200
[ 1874.889871]  handle_mm_fault+0x2ab2/0x3500
[ 1874.890414]  ? __lock_acquire+0x1657/0x5b00
[ 1874.890956]  ? find_held_lock+0x2c/0x110
[ 1874.891466]  ? pgtable_bad+0x90/0x90
[ 1874.891951]  ? __pmd_alloc+0x630/0x630
[ 1874.892458]  ? vmacache_find+0x55/0x2a0
[ 1874.892974]  do_user_addr_fault+0x56e/0xc60
[ 1874.893531]  exc_page_fault+0xa2/0x1a0
[ 1874.894032]  asm_exc_page_fault+0x1e/0x30
[ 1874.894557] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1874.895305] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1874.897604] RSP: 0018:ffff88804855f7b8 EFLAGS: 00050287
[ 1874.898268] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1874.899159] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff88804855f888
[ 1874.900068] RBP: ffff88804855f888 R08: 0000000000000001 R09: ffff88804855f907
[ 1874.900984] R10: ffffed10090abf20 R11: 0000000000000001 R12: 0000000020000100
[ 1874.901886] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1874.902806]  _copy_from_user+0x172/0x1b0
[ 1874.903335]  move_addr_to_kernel.part.0+0x31/0x110
[ 1874.903953]  move_addr_to_kernel+0x4f/0x70
[ 1874.904497]  io_connect+0x47a/0x610
[ 1874.904961]  ? io_prep_rw+0x1050/0x1050
[ 1874.905476]  ? __lock_acquire+0xbb1/0x5b00
[ 1874.906010]  io_issue_sqe+0x1611/0x77d0
[ 1874.906518]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1874.907178]  ? lock_chain_count+0x20/0x20
[ 1874.907696]  ? __is_insn_slot_addr+0x14c/0x290
[ 1874.908290]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1874.908958]  ? io_connect+0x610/0x610
[ 1874.909434]  ? lock_acquire+0x197/0x470
[ 1874.909933]  ? find_held_lock+0x2c/0x110
[ 1874.910455]  ? __fget_files+0x2cf/0x520
[ 1874.910954]  ? lock_downgrade+0x6d0/0x6d0
[ 1874.911477]  __io_queue_sqe+0x90/0x9d0
[ 1874.911975]  ? io_issue_sqe+0x77d0/0x77d0
[ 1874.912504]  ? __fget_files+0x2f8/0x520
[ 1874.913015]  io_submit_sqes+0x44ab/0x8610
[ 1874.913557]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1874.914185]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1874.914794]  ? find_held_lock+0x2c/0x110
[ 1874.915306]  ? io_submit_sqes+0x8610/0x8610
[ 1874.915850]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1874.916460]  ? wait_for_completion_io+0x270/0x270
[ 1874.917057]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1874.917636]  ? vfs_write+0x354/0xb10
[ 1874.918104]  ? fput_many+0x2f/0x1a0
[ 1874.918565]  ? ksys_write+0x1a9/0x260
[ 1874.919039]  ? __ia32_sys_read+0xb0/0xb0
[ 1874.919553]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1874.920219]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1874.920864]  do_syscall_64+0x33/0x40
[ 1874.921330]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1874.921965] RIP: 0033:0x7ffb15b8eb19
[ 1874.922427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1874.924725] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1874.925670] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1874.926570] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1874.927459] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1874.928354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1874.929240] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1874.930024] FAULT_INJECTION: forcing a failure.
[ 1874.930024] name failslab, interval 1, probability 0, space 0, times 0
[ 1874.932586] CPU: 1 PID: 10601 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1874.934036] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1874.936000] Call Trace:
[ 1874.936649]  dump_stack+0x107/0x167
[ 1874.937530]  should_fail.cold+0x5/0xa
[ 1874.938446]  ? xas_alloc+0x336/0x440
[ 1874.939353]  should_failslab+0x5/0x20
[ 1874.940283]  kmem_cache_alloc+0x5b/0x310
[ 1874.941262]  xas_alloc+0x336/0x440
[ 1874.942114]  xas_create+0x34a/0x10d0
[ 1874.943021]  ? kernel_text_address+0xf2/0x120
[ 1874.944105]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1874.945387]  xas_store+0x8c/0x1c40
[ 1874.946256]  __xa_store+0x164/0x2d0
[ 1874.947307]  ? xa_delete_node+0x280/0x280
[ 1874.948330]  ? trace_hardirqs_on+0x5b/0x180
[ 1874.949395]  xa_store+0x31/0x50
[ 1874.950194]  __io_uring_add_tctx_node+0x1cf/0x520
[ 1874.951351]  ? io_uring_alloc_task_context+0x6a0/0x6a0
[ 1874.952621]  __do_sys_io_uring_enter+0x146f/0x1890
[ 1874.953809]  ? find_held_lock+0x2c/0x110
[ 1874.954791]  ? io_submit_sqes+0x8610/0x8610
[ 1874.955817]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1874.956967]  ? wait_for_completion_io+0x270/0x270
[ 1874.958116]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1874.959218]  ? vfs_write+0x354/0xb10
[ 1874.960104]  ? fput_many+0x2f/0x1a0
[ 1874.960980]  ? ksys_write+0x1a9/0x260
[ 1874.961880]  ? __ia32_sys_read+0xb0/0xb0
[ 1874.962841]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1874.964081]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1874.965317]  do_syscall_64+0x33/0x40
[ 1874.966207]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1874.967410] RIP: 0033:0x7f66d25a7b19
[ 1874.968299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1874.972683] RSP: 002b:00007f66cfafc188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1874.974460] RAX: ffffffffffffffda RBX: 00007f66d26bb020 RCX: 00007f66d25a7b19
[ 1874.976121] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1874.977797] RBP: 00007f66cfafc1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1874.979464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1874.981133] R13: 00007ffed610c24f R14: 00007f66cfafc300 R15: 0000000000022000
10:43:50 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000)

10:43:51 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffff00000000)

10:43:51 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:51 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1875.213679] FAULT_INJECTION: forcing a failure.
[ 1875.213679] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1875.215178] CPU: 0 PID: 10612 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1875.215968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1875.216922] Call Trace:
[ 1875.217229]  dump_stack+0x107/0x167
[ 1875.217647]  should_fail.cold+0x5/0xa
[ 1875.218088]  _copy_from_user+0x2e/0x1b0
[ 1875.218548]  move_addr_to_kernel.part.0+0x31/0x110
[ 1875.219108]  move_addr_to_kernel+0x4f/0x70
[ 1875.219594]  io_connect+0x47a/0x610
[ 1875.220012]  ? io_prep_rw+0x1050/0x1050
[ 1875.220483]  ? __lock_acquire+0xbb1/0x5b00
[ 1875.220967]  io_issue_sqe+0x1611/0x77d0
[ 1875.221423]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1875.222020]  ? lock_chain_count+0x20/0x20
[ 1875.222495]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1875.223090]  ? io_connect+0x610/0x610
[ 1875.223527]  ? lock_acquire+0x197/0x470
[ 1875.223979]  ? find_held_lock+0x2c/0x110
10:43:51 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x2021, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffc}, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r6, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r5, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r7=>r3, {r5}}, './file1\x00'})
mmap$IORING_OFF_CQ_RING(&(0x7f00009f0000/0x1000)=nil, 0x1000, 0xd, 0x12, r7, 0x8000000)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r8, 0x0, 0x0, 0x1000002)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f00000001c0)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f00000007c0)={0x260, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {}, [{{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x5, 0x4, 0x80000001}}, {0x8, 0x7, 0x1}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}]}}, {{0x8, 0x1, r9}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}}]}}]}, 0x260}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)
finit_module(r8, &(0x7f0000000140)='enabled\x00', 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f00006f4000/0x1000)=nil, 0x1000, 0x4000008, 0x810, r8, 0x0)

[ 1875.224453]  ? __fget_files+0x2cf/0x520
[ 1875.225102]  ? lock_downgrade+0x6d0/0x6d0
[ 1875.225577]  __io_queue_sqe+0x90/0x9d0
[ 1875.226023]  ? io_issue_sqe+0x77d0/0x77d0
[ 1875.226494]  ? __fget_files+0x2f8/0x520
[ 1875.226953]  io_submit_sqes+0x44ab/0x8610
[ 1875.227440]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1875.228006]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1875.228566]  ? find_held_lock+0x2c/0x110
[ 1875.229033]  ? io_submit_sqes+0x8610/0x8610
[ 1875.229526]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1875.230078]  ? wait_for_completion_io+0x270/0x270
[ 1875.230626]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1875.231155]  ? vfs_write+0x354/0xb10
[ 1875.231583]  ? fput_many+0x2f/0x1a0
[ 1875.231997]  ? ksys_write+0x1a9/0x260
[ 1875.232437]  ? __ia32_sys_read+0xb0/0xb0
[ 1875.232901]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1875.233498]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1875.234087]  do_syscall_64+0x33/0x40
[ 1875.234512]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1875.235094] RIP: 0033:0x7f66d25a7b19
[ 1875.235515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1875.237606] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1875.238477] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1875.239285] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1875.240093] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1875.240912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1875.241717] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:43:51 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1875.296035] FAULT_INJECTION: forcing a failure.
[ 1875.296035] name failslab, interval 1, probability 0, space 0, times 0
[ 1875.298867] CPU: 1 PID: 10616 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1875.300458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1875.302370] Call Trace:
[ 1875.302979]  dump_stack+0x107/0x167
[ 1875.303820]  should_fail.cold+0x5/0xa
[ 1875.304710]  should_failslab+0x5/0x20
[ 1875.305582]  kmem_cache_alloc_bulk+0x4b/0x320
[ 1875.306614]  io_submit_sqes+0x6fe7/0x8610
[ 1875.307589]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1875.308737]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1875.309843]  ? find_held_lock+0x2c/0x110
[ 1875.310773]  ? io_submit_sqes+0x8610/0x8610
[ 1875.311762]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1875.312855]  ? wait_for_completion_io+0x270/0x270
[ 1875.313957]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1875.315003]  ? vfs_write+0x354/0xb10
[ 1875.315855]  ? fput_many+0x2f/0x1a0
[ 1875.316681]  ? ksys_write+0x1a9/0x260
[ 1875.317563]  ? __ia32_sys_read+0xb0/0xb0
[ 1875.318478]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1875.319672]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1875.320843]  do_syscall_64+0x33/0x40
[ 1875.321689]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1875.322835] RIP: 0033:0x7f88fdc0eb19
[ 1875.323686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1875.327812] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1875.329521] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1875.331122] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1875.332723] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1875.334323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1875.335914] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:43:51 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38)

[ 1875.376921] FAULT_INJECTION: forcing a failure.
10:43:51 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x6b3ce13a4d0be26, 0x50, r0, 0x0)

[ 1875.376921] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1875.378529] CPU: 0 PID: 10625 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1875.379324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1875.380281] Call Trace:
[ 1875.380597]  dump_stack+0x107/0x167
[ 1875.381013]  should_fail.cold+0x5/0xa
[ 1875.381452]  __alloc_pages_nodemask+0x182/0x600
[ 1875.381998]  ? lock_acquire+0x197/0x470
[ 1875.382453]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1875.383142]  ? find_held_lock+0x2c/0x110
[ 1875.383615]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1875.384219]  ? lock_downgrade+0x6d0/0x6d0
[ 1875.384717]  ? mark_held_locks+0x9e/0xe0
[ 1875.385184]  alloc_pages_current+0x187/0x280
[ 1875.385684]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1875.386279]  ? replace_page_cache_page+0x1200/0x1200
[ 1875.386856]  pte_alloc_one+0x16/0x1a0
[ 1875.387293]  ? replace_page_cache_page+0x1200/0x1200
[ 1875.387871]  handle_mm_fault+0x2ab2/0x3500
[ 1875.388365]  ? __lock_acquire+0x1657/0x5b00
[ 1875.388856]  ? find_held_lock+0x2c/0x110
[ 1875.389319]  ? pgtable_bad+0x90/0x90
[ 1875.389740]  ? __pmd_alloc+0x630/0x630
[ 1875.390190]  ? vmacache_find+0x55/0x2a0
[ 1875.390650]  do_user_addr_fault+0x56e/0xc60
[ 1875.391151]  exc_page_fault+0xa2/0x1a0
[ 1875.391599]  asm_exc_page_fault+0x1e/0x30
[ 1875.392073] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1875.392756] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1875.394848] RSP: 0018:ffff888047da77b8 EFLAGS: 00050287
[ 1875.395453] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1875.396275] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff888047da7888
[ 1875.397086] RBP: ffff888047da7888 R08: 0000000000000001 R09: ffff888047da7907
[ 1875.397898] R10: ffffed1008fb4f20 R11: 0000000000000001 R12: 0000000020000100
[ 1875.398707] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1875.399540]  _copy_from_user+0x172/0x1b0
[ 1875.400008]  move_addr_to_kernel.part.0+0x31/0x110
[ 1875.400578]  move_addr_to_kernel+0x4f/0x70
[ 1875.401063]  io_connect+0x47a/0x610
[ 1875.401482]  ? io_prep_rw+0x1050/0x1050
[ 1875.401943]  ? __lock_acquire+0xbb1/0x5b00
[ 1875.402427]  io_issue_sqe+0x1611/0x77d0
[ 1875.402886]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1875.403482]  ? lock_chain_count+0x20/0x20
[ 1875.403959]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1875.404560]  ? io_connect+0x610/0x610
[ 1875.404996]  ? lock_acquire+0x197/0x470
[ 1875.405448]  ? find_held_lock+0x2c/0x110
[ 1875.405916]  ? __fget_files+0x2cf/0x520
[ 1875.406371]  ? lock_downgrade+0x6d0/0x6d0
[ 1875.406846]  __io_queue_sqe+0x90/0x9d0
[ 1875.407291]  ? io_issue_sqe+0x77d0/0x77d0
[ 1875.407762]  ? __fget_files+0x2f8/0x520
[ 1875.408240]  io_submit_sqes+0x44ab/0x8610
[ 1875.408728]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1875.409302]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1875.409853]  ? find_held_lock+0x2c/0x110
[ 1875.410321]  ? io_submit_sqes+0x8610/0x8610
[ 1875.410816]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1875.411367]  ? wait_for_completion_io+0x270/0x270
[ 1875.411919]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1875.412462]  ? vfs_write+0x354/0xb10
[ 1875.412887]  ? fput_many+0x2f/0x1a0
[ 1875.413305]  ? ksys_write+0x1a9/0x260
[ 1875.413740]  ? __ia32_sys_read+0xb0/0xb0
[ 1875.414204]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1875.414799]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1875.415391]  do_syscall_64+0x33/0x40
[ 1875.415815]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1875.416407] RIP: 0033:0x7ffb15b8eb19
[ 1875.416829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1875.418921] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1875.419789] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1875.420612] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1875.421421] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1875.422229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1875.423042] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
10:43:51 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000)

10:43:51 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000000000000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:43:51 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ppoll(&(0x7f0000000240)=[{r4, 0x19520}, {r5, 0x82}, {0xffffffffffffffff, 0xa109}, {0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x104ad}], 0x5, &(0x7f00000002c0), &(0x7f0000000440)={[0xb9]}, 0x8)
r6 = syz_open_dev$vcsu(&(0x7f0000000280), 0x4, 0x101000)
connect$unix(r6, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
getsockname(r5, &(0x7f0000000340)=@tipc=@id, &(0x7f0000000140)=0x80)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r8 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r9, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, r8, 0x0, 0x1ee)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:44:04 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:04 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000)

10:44:04 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39)

10:44:04 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:04 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0xffffffff00000000, 0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1888.184186] FAULT_INJECTION: forcing a failure.
[ 1888.184186] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1888.185614] CPU: 1 PID: 10648 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1888.186399] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1888.187339] Call Trace:
[ 1888.187645]  dump_stack+0x107/0x167
[ 1888.188064]  should_fail.cold+0x5/0xa
[ 1888.188520]  __alloc_pages_nodemask+0x182/0x600
[ 1888.189053]  ? lock_acquire+0x197/0x470
[ 1888.189513]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1888.190195]  ? find_held_lock+0x2c/0x110
[ 1888.190669]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1888.191266]  ? lock_downgrade+0x6d0/0x6d0
[ 1888.191775]  ? mark_held_locks+0x9e/0xe0
[ 1888.192240]  alloc_pages_current+0x187/0x280
[ 1888.192749]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1888.193348]  ? replace_page_cache_page+0x1200/0x1200
[ 1888.193930]  pte_alloc_one+0x16/0x1a0
[ 1888.194366]  ? replace_page_cache_page+0x1200/0x1200
[ 1888.194949]  handle_mm_fault+0x2ab2/0x3500
[ 1888.195441]  ? __lock_acquire+0x1657/0x5b00
[ 1888.195933]  ? __pmd_alloc+0x630/0x630
[ 1888.196399]  ? vmacache_find+0x55/0x2a0
[ 1888.196855]  do_user_addr_fault+0x56e/0xc60
[ 1888.197304] FAULT_INJECTION: forcing a failure.
[ 1888.197304] name failslab, interval 1, probability 0, space 0, times 0
[ 1888.197357]  exc_page_fault+0xa2/0x1a0
[ 1888.200251]  asm_exc_page_fault+0x1e/0x30
[ 1888.200736] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1888.201351] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1888.203434] RSP: 0018:ffff88803ba977b8 EFLAGS: 00050246
[ 1888.204041] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1888.204867] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88803ba97888
[ 1888.205680] RBP: ffff88803ba97888 R08: 0000000000000001 R09: ffff88803ba97907
[ 1888.206492] R10: ffffed1007752f20 R11: 0000000000000001 R12: 0000000020000100
[ 1888.207306] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1888.208132]  _copy_from_user+0x172/0x1b0
[ 1888.208604]  move_addr_to_kernel.part.0+0x31/0x110
[ 1888.209161]  move_addr_to_kernel+0x4f/0x70
[ 1888.209642]  io_connect+0x47a/0x610
[ 1888.210057]  ? io_prep_rw+0x1050/0x1050
[ 1888.210522]  ? __lock_acquire+0xbb1/0x5b00
[ 1888.211004]  io_issue_sqe+0x1611/0x77d0
[ 1888.211466]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1888.212063]  ? lock_chain_count+0x20/0x20
[ 1888.212597]  ? __is_insn_slot_addr+0x14c/0x290
[ 1888.213119]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1888.213715]  ? io_connect+0x610/0x610
[ 1888.214151]  ? lock_acquire+0x197/0x470
[ 1888.214602]  ? find_held_lock+0x2c/0x110
[ 1888.215070]  ? __fget_files+0x2cf/0x520
[ 1888.215526]  ? lock_downgrade+0x6d0/0x6d0
[ 1888.216001]  __io_queue_sqe+0x90/0x9d0
[ 1888.216461]  ? io_issue_sqe+0x77d0/0x77d0
[ 1888.216931]  ? __fget_files+0x2f8/0x520
[ 1888.217393]  io_submit_sqes+0x44ab/0x8610
[ 1888.217882]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1888.218445]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1888.218992]  ? find_held_lock+0x2c/0x110
[ 1888.219460]  ? io_submit_sqes+0x8610/0x8610
[ 1888.219954]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1888.220511]  ? wait_for_completion_io+0x270/0x270
[ 1888.221061]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1888.221591]  ? vfs_write+0x354/0xb10
[ 1888.222014]  ? fput_many+0x2f/0x1a0
[ 1888.222430]  ? ksys_write+0x1a9/0x260
[ 1888.222867]  ? __ia32_sys_read+0xb0/0xb0
[ 1888.223335]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1888.223937]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1888.224536]  do_syscall_64+0x33/0x40
[ 1888.224959]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1888.225540] RIP: 0033:0x7ffb15b8eb19
[ 1888.225957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1888.228058] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1888.228933] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1888.229743] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1888.230557] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1888.231373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1888.232185] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1888.233036] CPU: 0 PID: 10652 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1888.234607] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1888.236501] Call Trace:
[ 1888.237097]  dump_stack+0x107/0x167
[ 1888.237918]  should_fail.cold+0x5/0xa
[ 1888.238775]  ? create_object.isra.0+0x3a/0xa30
[ 1888.239795]  should_failslab+0x5/0x20
[ 1888.240658]  kmem_cache_alloc+0x5b/0x310
[ 1888.241579]  create_object.isra.0+0x3a/0xa30
[ 1888.242559]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1888.243709]  kmem_cache_alloc_bulk+0x168/0x320
[ 1888.244746]  io_submit_sqes+0x6fe7/0x8610
[ 1888.245712]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1888.246827]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1888.247919]  ? find_held_lock+0x2c/0x110
[ 1888.248848]  ? io_submit_sqes+0x8610/0x8610
[ 1888.249827]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1888.250910]  ? wait_for_completion_io+0x270/0x270
[ 1888.252003]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1888.253054]  ? vfs_write+0x354/0xb10
[ 1888.253892]  ? fput_many+0x2f/0x1a0
[ 1888.254712]  ? ksys_write+0x1a9/0x260
[ 1888.255576]  ? __ia32_sys_read+0xb0/0xb0
[ 1888.256504]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1888.257691]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1888.258850]  do_syscall_64+0x33/0x40
[ 1888.259689]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1888.260845] RIP: 0033:0x7f66d25a7b19
10:44:04 executing program 0:
r0 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x100000001)
connect$unix(r0, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
r1 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0xee7a}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0)
syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f000082f000/0x4000)=nil, 0x4000, 0x100000d, 0x4000010, r1, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r3, &(0x7f0000000180)=@IORING_OP_FADVISE={0x18, 0x4, 0x0, @fd_index=0x6, 0x1, 0x0, 0x31, 0x0, 0x0, {0x0, r7}}, 0x5)
r8 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000630000/0x4000)=nil, 0x4000, 0x1000008, 0x10, r1, 0x10000000)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r10, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e23, @remote}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @remote}, 0x310, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x8000})
sendfile(0xffffffffffffffff, r10, &(0x7f0000000140)=0x3fd, 0x1)
syz_io_uring_submit(0x0, r9, &(0x7f00000001c0)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd=r10, 0x2e9, 0x0, 0xfff, 0x0, 0x1, {0x0, r7}}, 0x1)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r8, 0x0)
io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1888.261685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1888.266191] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1888.268016] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1888.269740] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1888.271443] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1888.273161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1888.274879] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1888.279369] FAULT_INJECTION: forcing a failure.
[ 1888.279369] name failslab, interval 1, probability 0, space 0, times 0
[ 1888.282296] CPU: 0 PID: 10653 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1888.283978] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1888.286037] Call Trace:
[ 1888.286677]  dump_stack+0x107/0x167
[ 1888.287567]  should_fail.cold+0x5/0xa
[ 1888.288527]  ? create_object.isra.0+0x3a/0xa30
[ 1888.289644]  should_failslab+0x5/0x20
[ 1888.290577]  kmem_cache_alloc+0x5b/0x310
[ 1888.291566]  ? mark_held_locks+0x9e/0xe0
[ 1888.292569]  create_object.isra.0+0x3a/0xa30
[ 1888.293629]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1888.294874]  kmem_cache_alloc_bulk+0x168/0x320
[ 1888.296006]  io_submit_sqes+0x6fe7/0x8610
[ 1888.297073]  ? __do_sys_io_uring_enter+0x6b2/0x1890
10:44:04 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1888.298297]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1888.299582]  ? find_held_lock+0x2c/0x110
10:44:04 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
unlinkat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x200)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r6=>r5, {0x4}}, './file0\x00'})
io_uring_enter(r6, 0x6d23, 0xde7b, 0x1, &(0x7f00000001c0)={[0x1d8a4a24]}, 0x8)
r7 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1888.300604]  ? io_submit_sqes+0x8610/0x8610
[ 1888.301721]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1888.302886]  ? wait_for_completion_io+0x270/0x270
[ 1888.304077]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1888.305219]  ? vfs_write+0x354/0xb10
[ 1888.306127]  ? fput_many+0x2f/0x1a0
[ 1888.307014]  ? ksys_write+0x1a9/0x260
[ 1888.307943]  ? __ia32_sys_read+0xb0/0xb0
[ 1888.308952]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1888.310220]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1888.311491]  do_syscall_64+0x33/0x40
[ 1888.312412]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1888.313646] RIP: 0033:0x7f88fdc0eb19
[ 1888.314554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1888.319005] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1888.320870] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1888.322590] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1888.324311] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1888.326066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1888.327789] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:44:04 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000380)={{{@in=@initdev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@private0}, 0x0, @in=@loopback}}, &(0x7f0000000500)=0xe8)
stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
setresuid(0xffffffffffffffff, r7, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000540)={0x0, <r8=>0x0}, &(0x7f0000000580)=0xc)
mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000340), 0x458, &(0x7f00000005c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@mode={'mode', 0x3d, 0x1}}, {@nr_inodes={'nr_inodes', 0x3d, [0x37]}}, {@mode={'mode', 0x3d, 0x5b}}, {@uid={'uid', 0x3d, r6}}, {@huge_advise}], [{@pcr={'pcr', 0x3d, 0x28}}, {@dont_measure}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@uid_eq={'uid', 0x3d, r7}}, {@obj_role={'obj_role', 0x3d, '\x00'}}, {@dont_hash}, {@permit_directio}, {@fowner_lt={'fowner<', r8}}, {@smackfsfloor={'smackfsfloor', 0x3d, '\x00'}}]})
memfd_create(&(0x7f0000000140)='\x00', 0x1)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:44:04 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000)

10:44:04 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:44:04 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
syz_io_uring_setup(0x5f01, &(0x7f0000000340)={0x0, 0x6769, 0x10, 0x0, 0x166}, &(0x7f00008cc000/0x3000)=nil, &(0x7f0000493000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000280))
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
ioctl$CDROM_SET_OPTIONS(0xffffffffffffffff, 0x5320, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:44:04 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
r6 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x8, 0x3)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r7, 0x0, 0x0, 0x1000002)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f00000001c0)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x25c, 0x0, 0x2, 0x70bd28, 0x25dfdbff, {}, [{{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8, 0x7, 0x1}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}}]}}]}, 0x25c}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)
r9 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r10=>0x0, &(0x7f0000000080)=<r11=>0x0)
r12 = socket$inet6_udplite(0xa, 0x2, 0x88)
r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r12, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r13}}, 0x4)
syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0x4, &(0x7f0000000140)=[r0, 0xffffffffffffffff, r6, r7], 0x4, 0x0, 0x1, {0x0, r13}}, 0x80000000)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:04 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:44:21 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:21 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x2, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000140), 0x699e0c01, 0x111081)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f00000001c0)={0xfff, 0x3, 0xfffffffa, 0x7f, 0x1})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r6, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x142})
sendfile(0xffffffffffffffff, r6, &(0x7f0000000140)=0x3fd, 0x1)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x8, 0x1)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:21 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
r6 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x8, 0x3)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x4, 0x1, 0x7f, 0x3, 0x0, 0x7, 0x30018, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x4, 0xfffffffffffffff7}, 0x880, 0x8, 0x1, 0x0, 0xeb, 0x0, 0x80, 0x0, 0x7, 0x0, 0xa6c3}, 0xffffffffffffffff, 0x5, r6, 0xa)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:44:21 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40)

10:44:21 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:21 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6000000)

10:44:21 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:44:21 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, r3, 0x0, &(0x7f00000016c0)={&(0x7f0000000240)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000340)=""/12, 0xc}, {&(0x7f0000000380)=""/69, 0x45}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/251, 0xfb}], 0x4, &(0x7f0000001600)=""/132, 0x84}, 0x0, 0x12100, 0x1, {0x1}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000140)=0x3fd, 0x1)
read(0xffffffffffffffff, &(0x7f0000000240), 0x0)
r6 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r9, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r10}}, 0x4)
r11 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r12=>0x0, &(0x7f0000000080)=<r13=>0x0)
r14 = socket$inet6_udplite(0xa, 0x2, 0x88)
r15 = io_uring_register$IORING_REGISTER_PERSONALITY(r11, 0x9, 0x0, 0x0)
syz_io_uring_submit(r12, r13, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r14, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r15}}, 0x4)
syz_io_uring_submit(r7, r13, &(0x7f0000000140), 0x4)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1905.883526] FAULT_INJECTION: forcing a failure.
[ 1905.883526] name failslab, interval 1, probability 0, space 0, times 0
[ 1905.886154] CPU: 0 PID: 10703 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1905.887748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1905.889659] Call Trace:
[ 1905.890265]  dump_stack+0x107/0x167
[ 1905.891102]  should_fail.cold+0x5/0xa
[ 1905.891985]  ? ptlock_alloc+0x1d/0x70
[ 1905.892867]  should_failslab+0x5/0x20
[ 1905.893743]  kmem_cache_alloc+0x5b/0x310
[ 1905.894680]  ptlock_alloc+0x1d/0x70
[ 1905.895516]  pte_alloc_one+0x68/0x1a0
[ 1905.896378]  ? replace_page_cache_page+0x1200/0x1200
[ 1905.897550]  handle_mm_fault+0x2ab2/0x3500
[ 1905.898516]  ? __lock_acquire+0x1657/0x5b00
[ 1905.899513]  ? __pmd_alloc+0x630/0x630
[ 1905.900294]  ? vmacache_find+0x55/0x2a0
[ 1905.901231]  do_user_addr_fault+0x56e/0xc60
[ 1905.902067]  exc_page_fault+0xa2/0x1a0
[ 1905.902831]  asm_exc_page_fault+0x1e/0x30
[ 1905.903619] RIP: 0010:copy_user_generic_string+0x2c/0x40
[ 1905.904657] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 43 4d 1d 02 0f 1f 00 0f 01
[ 1905.908176] RSP: 0018:ffff88800ca4f7b8 EFLAGS: 00050246
[ 1905.909199] RAX: 0000000000000001 RBX: 0000000000000080 RCX: 0000000000000010
[ 1905.910568] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88800ca4f888
[ 1905.911928] RBP: ffff88800ca4f888 R08: 0000000000000001 R09: ffff88800ca4f907
[ 1905.912967] FAULT_INJECTION: forcing a failure.
[ 1905.912967] name failslab, interval 1, probability 0, space 0, times 0
[ 1905.913298] R10: ffffed1001949f20 R11: 0000000000000001 R12: 0000000020000100
[ 1905.913313] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1905.913350]  _copy_from_user+0x172/0x1b0
[ 1905.913374]  move_addr_to_kernel.part.0+0x31/0x110
[ 1905.913395]  move_addr_to_kernel+0x4f/0x70
[ 1905.913414]  io_connect+0x47a/0x610
[ 1905.913441]  ? io_prep_rw+0x1050/0x1050
[ 1905.922316]  ? __lock_acquire+0xbb1/0x5b00
[ 1905.923115]  io_issue_sqe+0x1611/0x77d0
[ 1905.923875]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1905.924874]  ? lock_chain_count+0x20/0x20
[ 1905.925658]  ? __is_insn_slot_addr+0x14c/0x290
[ 1905.926526]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1905.927518]  ? io_connect+0x610/0x610
[ 1905.928248]  ? lock_acquire+0x197/0x470
[ 1905.929005]  ? find_held_lock+0x2c/0x110
[ 1905.929789]  ? __fget_files+0x2cf/0x520
[ 1905.930545]  ? lock_downgrade+0x6d0/0x6d0
[ 1905.931331]  __io_queue_sqe+0x90/0x9d0
[ 1905.932061]  ? io_issue_sqe+0x77d0/0x77d0
[ 1905.932853]  ? __fget_files+0x2f8/0x520
[ 1905.933627]  io_submit_sqes+0x44ab/0x8610
[ 1905.934443]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1905.935383]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1905.936301]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1905.937290]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1905.938114]  ? trace_hardirqs_on+0x5b/0x180
[ 1905.938930]  ? io_submit_sqes+0x8610/0x8610
[ 1905.939729]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 1905.940749]  ? finish_task_switch+0x126/0x5d0
[ 1905.941739]  ? finish_task_switch+0xef/0x5d0
[ 1905.942720]  ? __switch_to+0x572/0xf70
[ 1905.943595]  ? __switch_to_asm+0x3a/0x60
[ 1905.944496]  ? __switch_to_asm+0x34/0x60
[ 1905.945422]  ? __schedule+0x82c/0x1ea0
[ 1905.946290]  ? io_schedule_timeout+0x140/0x140
[ 1905.947317]  ? copy_kernel_to_fpregs+0x9e/0xe0
[ 1905.948331]  ? trace_event_raw_event_x86_fpu+0x390/0x390
[ 1905.949352]  ? ksys_write+0x1a9/0x260
[ 1905.950208]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1905.951386]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1905.952538]  do_syscall_64+0x33/0x40
[ 1905.953379]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1905.954521] RIP: 0033:0x7ffb15b8eb19
[ 1905.955347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1905.959406] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1905.961125] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1905.962698] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1905.964279] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1905.965853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1905.967429] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1905.969061] CPU: 1 PID: 10698 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1905.970723] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1905.972692] Call Trace:
[ 1905.973378]  dump_stack+0x107/0x167
[ 1905.974250]  should_fail.cold+0x5/0xa
[ 1905.975213]  ? create_object.isra.0+0x3a/0xa30
[ 1905.976217]  should_failslab+0x5/0x20
[ 1905.977173]  kmem_cache_alloc+0x5b/0x310
[ 1905.978124]  ? mark_held_locks+0x9e/0xe0
[ 1905.979180]  create_object.isra.0+0x3a/0xa30
[ 1905.980174]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1905.981405]  kmem_cache_alloc_bulk+0x168/0x320
[ 1905.982589]  io_submit_sqes+0x6fe7/0x8610
[ 1905.983515]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1905.984568]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1905.985741]  ? find_held_lock+0x2c/0x110
[ 1905.986723]  ? io_submit_sqes+0x8610/0x8610
[ 1905.987840]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1905.989052]  ? wait_for_completion_io+0x270/0x270
[ 1905.990143]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1905.991342]  ? vfs_write+0x354/0xb10
[ 1905.992141]  ? fput_many+0x2f/0x1a0
[ 1905.992951]  ? ksys_write+0x1a9/0x260
[ 1905.993818]  ? __ia32_sys_read+0xb0/0xb0
[ 1905.994882]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1905.995992]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1905.997370]  do_syscall_64+0x33/0x40
[ 1905.998160]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1905.999483] RIP: 0033:0x7f88fdc0eb19
[ 1906.000287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1906.004741] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1906.006364] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1906.007919] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1906.009652] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1906.011401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1906.013169] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1906.039673] FAULT_INJECTION: forcing a failure.
[ 1906.039673] name failslab, interval 1, probability 0, space 0, times 0
[ 1906.042019] CPU: 0 PID: 10708 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1906.043267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1906.044772] Call Trace:
[ 1906.045254]  dump_stack+0x107/0x167
[ 1906.045912]  should_fail.cold+0x5/0xa
[ 1906.046601]  ? create_object.isra.0+0x3a/0xa30
[ 1906.047418]  should_failslab+0x5/0x20
[ 1906.048114]  kmem_cache_alloc+0x5b/0x310
[ 1906.048836]  ? mark_held_locks+0x9e/0xe0
[ 1906.049574]  create_object.isra.0+0x3a/0xa30
[ 1906.050362]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1906.051283]  kmem_cache_alloc_bulk+0x168/0x320
[ 1906.052253]  io_submit_sqes+0x6fe7/0x8610
[ 1906.053086]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1906.054138]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1906.055084]  ? find_held_lock+0x2c/0x110
[ 1906.055953]  ? io_submit_sqes+0x8610/0x8610
[ 1906.056742]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1906.057615]  ? wait_for_completion_io+0x270/0x270
[ 1906.058482]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1906.059305]  ? vfs_write+0x354/0xb10
[ 1906.059974]  ? fput_many+0x2f/0x1a0
[ 1906.060659]  ? ksys_write+0x1a9/0x260
[ 1906.061332]  ? __ia32_sys_read+0xb0/0xb0
[ 1906.062069]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1906.062995]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1906.063908]  do_syscall_64+0x33/0x40
[ 1906.064560]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1906.065477] RIP: 0033:0x7f66d25a7b19
[ 1906.066126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1906.069358] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1906.070710] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1906.071966] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1906.073235] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1906.074477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1906.075722] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:44:22 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000)

10:44:22 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
pread64(r0, &(0x7f0000000240)=""/126, 0x7e, 0x200)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:22 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:44:22 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
r6 = syz_mount_image$tmpfs(&(0x7f0000000140), &(0x7f0000000280)='./file0\x00', 0x1, 0x1, &(0x7f0000000380)=[{&(0x7f0000000340)="6da8d6414d4b4e2cff188d8c8e38be2f1b69a29c41d560eaa83aa55750409a4797892126da4660330ff3bbc1e3d24b", 0x2f, 0x1ff}], 0x920010, &(0x7f0000000500)={[{@huge_advise}, {@nr_inodes={'nr_inodes', 0x3d, [0x33, 0x39, 0x31]}}, {@nr_inodes={'nr_inodes', 0x3d, [0x9, 0x25]}}, {@huge_within_size}, {@size={'size', 0x3d, [0x67, 0x70]}}, {@mode={'mode', 0x3d, 0x4}}, {@mode={'mode', 0x3d, 0x401}}, {@huge_always}, {@huge_within_size}, {@size={'size', 0x3d, [0x35, 0x65, 0x67, 0x33, 0x78]}}], [{@smackfshat={'smackfshat', 0x3d, '[e['}}, {@obj_user={'obj_user', 0x3d, '['}}, {@appraise_type}, {@euid_gt}]})
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd=r6, 0x8, 0x0, 0x2}, 0x3ff)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:44:22 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:22 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000)

10:44:22 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

[ 1906.550261] FAULT_INJECTION: forcing a failure.
[ 1906.550261] name failslab, interval 1, probability 0, space 0, times 0
[ 1906.553024] CPU: 1 PID: 10732 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1906.554519] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1906.556316] Call Trace:
[ 1906.556902]  dump_stack+0x107/0x167
[ 1906.557698]  should_fail.cold+0x5/0xa
[ 1906.558533]  ? create_object.isra.0+0x3a/0xa30
[ 1906.559525]  should_failslab+0x5/0x20
[ 1906.560347]  kmem_cache_alloc+0x5b/0x310
[ 1906.561235]  ? mark_held_locks+0x9e/0xe0
[ 1906.562117]  create_object.isra.0+0x3a/0xa30
[ 1906.563040]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1906.564141]  kmem_cache_alloc_bulk+0x168/0x320
[ 1906.565144]  io_submit_sqes+0x6fe7/0x8610
10:44:22 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1906.566067]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1906.567287]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1906.568338]  ? find_held_lock+0x2c/0x110
[ 1906.569237]  ? io_submit_sqes+0x8610/0x8610
[ 1906.570180]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1906.571225]  ? wait_for_completion_io+0x270/0x270
[ 1906.572271]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1906.573281]  ? vfs_write+0x354/0xb10
10:44:22 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = mmap$IORING_OFF_SQES(&(0x7f000079d000/0x2000)=nil, 0x2000, 0x3000006, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r4, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@generic={0x5, "0223ee680c1c5ebade7b232abb18bef12f1a362c42f24d16131c4590acfa86f2ed0d729f5ca98a392d61481f7a35d33dcf8b3990c9d16aa1f6a0aa2bbbd5902f64dbd18642fe96dd569e0295439bd252485ffeeb6f51ab00e18da009229a2aaac4d5564cd2fa4c57837082d4aa5d5986ae6e643dae3902a6f81248796aed"}}, 0x0)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
syz_io_uring_submit(r1, r4, &(0x7f0000000140)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x18c2, 0x3, &(0x7f0000000340)="562ef727b1b9dab444e3a2bc598b67484f1f250686ff0be2b6e7b52574cb177d9c0c5df74873f4e855937039ab97b8d8a42345c933bb7f5daa02f454918d3350f6d4d5947ce064ca35834660b24442c84842e5c6d799c0d63282079b0512e6d04566422f21ed612d0e6809c9838f4c80c9720162521816030b12f87c30409b620ea8bd201b93ecd2fd53e6517c753a8f4a512898b44bb8cefe1d3ef42d98c1f84238cf977534209e6a28d994f630beba72b822ac4592d72eff748ac40819d4b131c9abfb84504848cec02ca03597ddbe7413d2a0ce98b6d970a0bb", 0x9, 0x0, 0x0, {0x2}}, 0x5)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r6, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1906.574086]  ? fput_many+0x2f/0x1a0
[ 1906.574944]  ? ksys_write+0x1a9/0x260
[ 1906.575894]  ? __ia32_sys_read+0xb0/0xb0
[ 1906.576797]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1906.577934]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1906.579060]  do_syscall_64+0x33/0x40
[ 1906.579870]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1906.580986] RIP: 0033:0x7f88fdc0eb19
[ 1906.581791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1906.585790] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1906.587466] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1906.589014] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1906.590566] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1906.592110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1906.593679] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1906.628516] FAULT_INJECTION: forcing a failure.
[ 1906.628516] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1906.630021] CPU: 0 PID: 10738 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1906.630850] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1906.631825] Call Trace:
[ 1906.632147]  dump_stack+0x107/0x167
[ 1906.632586]  should_fail.cold+0x5/0xa
[ 1906.633056]  _copy_from_user+0x2e/0x1b0
[ 1906.633546]  move_addr_to_kernel.part.0+0x31/0x110
[ 1906.634162]  move_addr_to_kernel+0x4f/0x70
[ 1906.634667]  io_connect+0x47a/0x610
[ 1906.635108]  ? io_prep_rw+0x1050/0x1050
[ 1906.635630]  ? __lock_acquire+0xbb1/0x5b00
[ 1906.636145]  io_issue_sqe+0x1611/0x77d0
[ 1906.636657]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1906.637291]  ? lock_chain_count+0x20/0x20
[ 1906.637795]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1906.638458]  ? io_connect+0x610/0x610
[ 1906.638924]  ? lock_acquire+0x197/0x470
[ 1906.639406]  ? find_held_lock+0x2c/0x110
[ 1906.639885]  ? __fget_files+0x2cf/0x520
[ 1906.640395]  ? lock_downgrade+0x6d0/0x6d0
[ 1906.640930]  __io_queue_sqe+0x90/0x9d0
[ 1906.641423]  ? io_issue_sqe+0x77d0/0x77d0
[ 1906.641907]  ? __fget_files+0x2f8/0x520
[ 1906.642397]  io_submit_sqes+0x44ab/0x8610
[ 1906.642923]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1906.643541]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1906.644124]  ? find_held_lock+0x2c/0x110
[ 1906.644615]  ? io_submit_sqes+0x8610/0x8610
[ 1906.645159]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1906.645753]  ? wait_for_completion_io+0x270/0x270
[ 1906.646338]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1906.646893]  ? vfs_write+0x354/0xb10
[ 1906.647334]  ? fput_many+0x2f/0x1a0
[ 1906.647743]  ? ksys_write+0x1a9/0x260
[ 1906.648204]  ? __ia32_sys_read+0xb0/0xb0
[ 1906.648728]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1906.649358]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1906.649960]  do_syscall_64+0x33/0x40
[ 1906.650421]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1906.651018] RIP: 0033:0x7ffb15b8eb19
[ 1906.651458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1906.653725] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1906.654618] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1906.655486] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1906.656322] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1906.657158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1906.657929] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1920.649002] FAULT_INJECTION: forcing a failure.
[ 1920.649002] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1920.651617] CPU: 0 PID: 10752 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1920.653159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1920.654994] Call Trace:
[ 1920.655580]  dump_stack+0x107/0x167
[ 1920.656386]  should_fail.cold+0x5/0xa
[ 1920.657246]  __alloc_pages_nodemask+0x182/0x600
[ 1920.658270]  ? lock_acquire+0x197/0x470
[ 1920.659151]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 1920.660472]  ? find_held_lock+0x2c/0x110
[ 1920.661373]  ? count_memcg_event_mm.part.0+0x10f/0x2f0
[ 1920.662521]  ? lock_downgrade+0x6d0/0x6d0
[ 1920.663431]  ? mark_held_locks+0x9e/0xe0
[ 1920.664340]  alloc_pages_current+0x187/0x280
[ 1920.665336]  ? count_memcg_event_mm.part.0+0x2df/0x2f0
[ 1920.666490]  ? replace_page_cache_page+0x1200/0x1200
[ 1920.667628]  pte_alloc_one+0x16/0x1a0
[ 1920.668481]  ? replace_page_cache_page+0x1200/0x1200
[ 1920.669610]  handle_mm_fault+0x2ab2/0x3500
[ 1920.670562]  ? __lock_acquire+0x1657/0x5b00
[ 1920.671519]  ? find_held_lock+0x2c/0x110
[ 1920.672422]  ? pgtable_bad+0x90/0x90
[ 1920.673270]  ? __pmd_alloc+0x630/0x630
[ 1920.674153]  ? vmacache_find+0x55/0x2a0
[ 1920.674859] FAULT_INJECTION: forcing a failure.
[ 1920.674859] name failslab, interval 1, probability 0, space 0, times 0
[ 1920.675038]  do_user_addr_fault+0x56e/0xc60
[ 1920.677720]  exc_page_fault+0xa2/0x1a0
[ 1920.678593]  asm_exc_page_fault+0x1e/0x30
[ 1920.679519] RIP: 0010:copy_user_enhanced_fast_string+0x27/0x40
[ 1920.680842] Code: 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 f3 a4 31 c0 0f 01 ca e9 26 4d 1d 02 66 0f 1f 44 00 00 89 d1 83 f8 12 74 0c <f3> a4 89 c8 0f 01 ca e9 0d 4d 1d 02 31 c0 0f 01 ca e9 03 4d 1d 02
[ 1920.684934] RSP: 0018:ffff88804a2f77b8 EFLAGS: 00050287
[ 1920.686104] RAX: 000000000000000e RBX: 0000000000000080 RCX: 0000000000000080
[ 1920.687664] RDX: 0000000000000080 RSI: 0000000020000080 RDI: ffff88804a2f7888
[ 1920.689242] RBP: ffff88804a2f7888 R08: 0000000000000001 R09: ffff88804a2f7907
[ 1920.690813] R10: ffffed100945ef20 R11: 0000000000000001 R12: 0000000020000100
[ 1920.692381] R13: 0000000020000080 R14: 00007ffffffff000 R15: 0000000000000000
[ 1920.693981]  _copy_from_user+0x172/0x1b0
[ 1920.694881]  move_addr_to_kernel.part.0+0x31/0x110
[ 1920.695964]  move_addr_to_kernel+0x4f/0x70
[ 1920.696924]  io_connect+0x47a/0x610
[ 1920.697728]  ? io_prep_rw+0x1050/0x1050
[ 1920.698612]  ? __lock_acquire+0xbb1/0x5b00
[ 1920.699532]  io_issue_sqe+0x1611/0x77d0
[ 1920.700413]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1920.701607]  ? lock_chain_count+0x20/0x20
[ 1920.702512]  ? __is_insn_slot_addr+0x14c/0x290
[ 1920.703506]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1920.704655]  ? io_connect+0x610/0x610
[ 1920.705502]  ? lock_acquire+0x197/0x470
[ 1920.706367]  ? find_held_lock+0x2c/0x110
[ 1920.707258]  ? __fget_files+0x2cf/0x520
[ 1920.708132]  ? lock_downgrade+0x6d0/0x6d0
[ 1920.709060]  __io_queue_sqe+0x90/0x9d0
[ 1920.709923]  ? io_issue_sqe+0x77d0/0x77d0
[ 1920.710832]  ? __fget_files+0x2f8/0x520
[ 1920.711726]  io_submit_sqes+0x44ab/0x8610
[ 1920.712669]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.713775]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.714838]  ? find_held_lock+0x2c/0x110
[ 1920.715740]  ? io_submit_sqes+0x8610/0x8610
[ 1920.716695]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1920.717794]  ? wait_for_completion_io+0x270/0x270
[ 1920.718855]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1920.719876]  ? vfs_write+0x354/0xb10
[ 1920.720695]  ? fput_many+0x2f/0x1a0
[ 1920.721506]  ? ksys_write+0x1a9/0x260
[ 1920.722341]  ? __ia32_sys_read+0xb0/0xb0
[ 1920.723244]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1920.724389]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1920.725534]  do_syscall_64+0x33/0x40
[ 1920.726356]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1920.727477] RIP: 0033:0x7ffb15b8eb19
[ 1920.728285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1920.732301] RSP: 002b:00007ffb13104188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1920.733958] RAX: ffffffffffffffda RBX: 00007ffb15ca1f60 RCX: 00007ffb15b8eb19
[ 1920.735514] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1920.737072] RBP: 00007ffb131041d0 R08: 0000000000000000 R09: 0000000000000000
[ 1920.738629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1920.740184] R13: 00007ffc2c8253bf R14: 00007ffb13104300 R15: 0000000000022000
[ 1920.741777] CPU: 1 PID: 10757 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1920.742855] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1920.744059] Call Trace:
[ 1920.744475]  dump_stack+0x107/0x167
[ 1920.745013]  should_fail.cold+0x5/0xa
[ 1920.745573]  ? create_object.isra.0+0x3a/0xa30
[ 1920.746230]  should_failslab+0x5/0x20
[ 1920.746786]  kmem_cache_alloc+0x5b/0x310
[ 1920.747387]  ? mark_held_locks+0x9e/0xe0
[ 1920.747985]  create_object.isra.0+0x3a/0xa30
[ 1920.748617]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1920.749380]  kmem_cache_alloc_bulk+0x168/0x320
[ 1920.750044]  io_submit_sqes+0x6fe7/0x8610
[ 1920.750682]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.751398]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.752109]  ? find_held_lock+0x2c/0x110
[ 1920.752698]  ? io_submit_sqes+0x8610/0x8610
[ 1920.753335]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1920.754027]  ? wait_for_completion_io+0x270/0x270
[ 1920.754729]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1920.755399]  ? vfs_write+0x354/0xb10
[ 1920.755944]  ? fput_many+0x2f/0x1a0
[ 1920.756471]  ? ksys_write+0x1a9/0x260
[ 1920.757028]  ? __ia32_sys_read+0xb0/0xb0
[ 1920.757616]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1920.758370]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1920.759121]  do_syscall_64+0x33/0x40
[ 1920.759660]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1920.760417] RIP: 0033:0x7f88fdc0eb19
[ 1920.760968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1920.763640] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1920.764760] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1920.765851] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
10:44:36 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42)

10:44:36 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:44:36 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x1, 0x0, 0xffdd)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:44:36 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02", 0xffffffffffffffff}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x2000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:36 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:36 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r7}}, 0x4)
syz_io_uring_submit(r1, r5, &(0x7f0000000140)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index=0xa, 0x1, 0x0, 0xffffffff, 0x5, 0x1}, 0x1)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4307, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x2)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r10, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:36 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000)

10:44:36 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

[ 1920.767115] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1920.768482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1920.769551] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1920.788605] FAULT_INJECTION: forcing a failure.
[ 1920.788605] name failslab, interval 1, probability 0, space 0, times 0
[ 1920.791264] CPU: 0 PID: 10764 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1920.792734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1920.794501] Call Trace:
[ 1920.795066]  dump_stack+0x107/0x167
[ 1920.795845]  should_fail.cold+0x5/0xa
[ 1920.796657]  ? create_object.isra.0+0x3a/0xa30
[ 1920.797641]  should_failslab+0x5/0x20
[ 1920.798451]  kmem_cache_alloc+0x5b/0x310
[ 1920.799309]  ? mark_held_locks+0x9e/0xe0
[ 1920.800161]  create_object.isra.0+0x3a/0xa30
[ 1920.801091]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1920.802160]  kmem_cache_alloc_bulk+0x168/0x320
[ 1920.803132]  io_submit_sqes+0x6fe7/0x8610
[ 1920.804034]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.805100]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.806118]  ? find_held_lock+0x2c/0x110
[ 1920.806988]  ? io_submit_sqes+0x8610/0x8610
[ 1920.807902]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1920.808940]  ? wait_for_completion_io+0x270/0x270
[ 1920.809993]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1920.811139]  ? vfs_write+0x354/0xb10
[ 1920.812047]  ? fput_many+0x2f/0x1a0
[ 1920.812948]  ? ksys_write+0x1a9/0x260
[ 1920.813884]  ? __ia32_sys_read+0xb0/0xb0
[ 1920.814882]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1920.816168]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1920.817448]  do_syscall_64+0x33/0x40
[ 1920.818353]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1920.819610] RIP: 0033:0x7f66d25a7b19
[ 1920.820526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1920.825096] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1920.826947] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1920.828703] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1920.830466] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1920.832239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1920.833997] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:44:36 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000)

10:44:36 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:36 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x11800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1920.987427] FAULT_INJECTION: forcing a failure.
[ 1920.987427] name failslab, interval 1, probability 0, space 0, times 0
[ 1920.988997] CPU: 1 PID: 10775 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1920.989899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1920.991018] Call Trace:
[ 1920.991366]  dump_stack+0x107/0x167
[ 1920.991845]  should_fail.cold+0x5/0xa
[ 1920.992365]  ? create_object.isra.0+0x3a/0xa30
[ 1920.992973]  should_failslab+0x5/0x20
[ 1920.993496]  kmem_cache_alloc+0x5b/0x310
[ 1920.994038]  ? mark_held_locks+0x9e/0xe0
[ 1920.994577]  create_object.isra.0+0x3a/0xa30
[ 1920.995155]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1920.995814]  kmem_cache_alloc_bulk+0x168/0x320
[ 1920.996427]  io_submit_sqes+0x6fe7/0x8610
[ 1920.997000]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.997664]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1920.998302]  ? find_held_lock+0x2c/0x110
[ 1920.998840]  ? io_submit_sqes+0x8610/0x8610
[ 1920.999417]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1921.000050]  ? wait_for_completion_io+0x270/0x270
[ 1921.000682]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1921.001303]  ? vfs_write+0x354/0xb10
[ 1921.001788]  ? fput_many+0x2f/0x1a0
[ 1921.002270]  ? ksys_write+0x1a9/0x260
[ 1921.002767]  ? __ia32_sys_read+0xb0/0xb0
[ 1921.003292]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1921.003974]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1921.004645]  do_syscall_64+0x33/0x40
[ 1921.005148]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1921.005803] RIP: 0033:0x7f88fdc0eb19
[ 1921.006297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1921.008657] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1921.009683] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1921.010621] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1921.011567] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1921.012522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1921.013471] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:44:37 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:44:37 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x200000000000000)

10:44:48 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600000000000000)

10:44:48 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:48 executing program 3:
r0 = syz_io_uring_setup(0x41b2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xffffffff, 0x20c}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:48 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43)

10:44:48 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x30, r0, 0xffffe000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
socket$inet6_udplite(0xa, 0x2, 0x88)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x5e0}, 0x1}, 0x4)
r7 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r10, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r11}}, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)={0x20000000}, r6, 0x3, 0x0, 0x0, {0x0, r11}}, 0x9)

10:44:48 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1932.249390] FAULT_INJECTION: forcing a failure.
[ 1932.249390] name failslab, interval 1, probability 0, space 0, times 0
[ 1932.252270] CPU: 1 PID: 10797 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1932.253755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1932.255516] Call Trace:
[ 1932.256084]  dump_stack+0x107/0x167
[ 1932.256854]  should_fail.cold+0x5/0xa
[ 1932.257671]  ? create_object.isra.0+0x3a/0xa30
[ 1932.258647]  should_failslab+0x5/0x20
[ 1932.259455]  kmem_cache_alloc+0x5b/0x310
[ 1932.260319]  ? mark_held_locks+0x9e/0xe0
10:44:48 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1932.261186]  create_object.isra.0+0x3a/0xa30
[ 1932.262314]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1932.263409]  kmem_cache_alloc_bulk+0x168/0x320
[ 1932.264396]  io_submit_sqes+0x6fe7/0x8610
[ 1932.265327]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.266397]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.267430]  ? find_held_lock+0x2c/0x110
[ 1932.268295]  ? io_submit_sqes+0x8610/0x8610
[ 1932.269221]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1932.270237]  ? wait_for_completion_io+0x270/0x270
[ 1932.271259]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1932.272239]  ? vfs_write+0x354/0xb10
[ 1932.273046]  ? fput_many+0x2f/0x1a0
[ 1932.273817]  ? ksys_write+0x1a9/0x260
[ 1932.274620]  ? __ia32_sys_read+0xb0/0xb0
[ 1932.275481]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.276594]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.277696]  do_syscall_64+0x33/0x40
[ 1932.278483]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.279570] RIP: 0033:0x7f66d25a7b19
[ 1932.280353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1932.284253] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1932.285868] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1932.287369] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1932.288877] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1932.290406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1932.291918] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1932.298726] FAULT_INJECTION: forcing a failure.
[ 1932.298726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1932.300395] CPU: 0 PID: 10815 Comm: syz-executor.4 Not tainted 5.10.244 #1
[ 1932.301245] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1932.302260] Call Trace:
[ 1932.302595]  dump_stack+0x107/0x167
[ 1932.303042]  should_fail.cold+0x5/0xa
[ 1932.303513]  _copy_from_user+0x2e/0x1b0
[ 1932.303998]  kstrtouint_from_user+0xbd/0x220
[ 1932.304536]  ? kstrtou8_from_user+0x210/0x210
[ 1932.305097]  ? lock_acquire+0x197/0x470
[ 1932.305586]  ? ksys_write+0x12d/0x260
[ 1932.306059]  proc_fail_nth_write+0x78/0x220
[ 1932.306588]  ? proc_task_getattr+0x1f0/0x1f0
[ 1932.307133]  ? proc_task_getattr+0x1f0/0x1f0
[ 1932.307668]  vfs_write+0x29a/0xb10
[ 1932.308120]  ksys_write+0x12d/0x260
[ 1932.308563]  ? __ia32_sys_read+0xb0/0xb0
[ 1932.309071]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.309712]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.310344]  do_syscall_64+0x33/0x40
[ 1932.310802]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.311425] RIP: 0033:0x7ffb15b415ff
[ 1932.311880] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 1932.314117] RSP: 002b:00007ffb130e3170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1932.315045] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffb15b415ff
[ 1932.315914] RDX: 0000000000000001 RSI: 00007ffb130e31e0 RDI: 0000000000000005
[ 1932.316788] RBP: 00007ffb130e31d0 R08: 0000000000000000 R09: 0000000000000000
[ 1932.317664] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[ 1932.318529] R13: 00007ffc2c8253bf R14: 00007ffb130e3300 R15: 0000000000022000
[ 1932.335510] FAULT_INJECTION: forcing a failure.
[ 1932.335510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1932.338088] CPU: 1 PID: 10808 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1932.339555] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1932.341318] Call Trace:
[ 1932.341883]  dump_stack+0x107/0x167
[ 1932.342661]  should_fail.cold+0x5/0xa
[ 1932.343478]  _copy_from_user+0x2e/0x1b0
[ 1932.344332]  move_addr_to_kernel.part.0+0x31/0x110
[ 1932.345388]  move_addr_to_kernel+0x4f/0x70
[ 1932.346292]  io_connect+0x47a/0x610
[ 1932.347062]  ? io_prep_rw+0x1050/0x1050
[ 1932.347917]  ? lock_acquire+0x197/0x470
[ 1932.348776]  ? __lock_acquire+0xbb1/0x5b00
[ 1932.349683]  io_issue_sqe+0x1611/0x77d0
[ 1932.350535]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1932.351649]  ? lock_chain_count+0x20/0x20
[ 1932.352522]  ? __is_insn_slot_addr+0x14c/0x290
[ 1932.353499]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1932.354612]  ? io_connect+0x610/0x610
[ 1932.355427]  ? lock_acquire+0x197/0x470
[ 1932.356270]  ? find_held_lock+0x2c/0x110
[ 1932.357138]  ? __fget_files+0x2cf/0x520
[ 1932.357974]  ? lock_downgrade+0x6d0/0x6d0
[ 1932.358859]  __io_queue_sqe+0x90/0x9d0
[ 1932.359696]  ? io_issue_sqe+0x77d0/0x77d0
[ 1932.360572]  ? __fget_files+0x2f8/0x520
[ 1932.361454]  io_submit_sqes+0x44ab/0x8610
[ 1932.362374]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.363425]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.364446]  ? find_held_lock+0x2c/0x110
[ 1932.365327]  ? io_submit_sqes+0x8610/0x8610
[ 1932.366267]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1932.367287]  ? wait_for_completion_io+0x270/0x270
[ 1932.368316]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1932.369309]  ? vfs_write+0x354/0xb10
[ 1932.370101]  ? fput_many+0x2f/0x1a0
[ 1932.370873]  ? ksys_write+0x1a9/0x260
[ 1932.371678]  ? __ia32_sys_read+0xb0/0xb0
[ 1932.372538]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.373659]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.374755]  do_syscall_64+0x33/0x40
[ 1932.375548]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.376631] RIP: 0033:0x7f88fdc0eb19
[ 1932.377438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1932.381352] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1932.382973] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1932.384487] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1932.386019] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
10:44:48 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0x5b4a, 0x0, 0x2, 0x3a7}, &(0x7f00000a0000)=nil, &(0x7f0000692000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0xea320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
getsockopt$sock_buf(r3, 0x1, 0x3d, &(0x7f0000000140)=""/6, &(0x7f00000001c0)=0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1932.387553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1932.389336] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:44:48 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:48 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000)

10:44:48 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:44:48 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000240)={'ip6tnl0\x00', 0x0, 0x4, 0x7f, 0x7, 0x2, 0x48, @empty, @dev={0xfe, 0x80, '\x00', 0x29}, 0x1, 0x10, 0x8, 0x7}})
ioctl$sock_proto_private(r3, 0x89e6, &(0x7f0000000340)="93785a65fa232805dd5c284431d9da7b10d7b7cd99ae3db7e170a080d8769ab86823147ec294d75ff4deea0de1bb803c23acb1147eeb5d90db5964efc5dfd149ba3d57760858b1161ba6bbd281c42170c172cfb8404d638bfdbee8af30c5d6353df04f803773237daa428047101ff6d1627d806067818e08aea2f293c42d73db80c5df256a2d43020bf89dbb907f9827a9c8ef03b3c94190bbc07a8b6f497f76c786c7648a15ec51c59eb73834aed10cb1f3e700344b909e4b4a77575b438ee660")
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1932.561240] FAULT_INJECTION: forcing a failure.
[ 1932.561240] name failslab, interval 1, probability 0, space 0, times 0
[ 1932.562720] CPU: 0 PID: 10837 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1932.563512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1932.564460] Call Trace:
[ 1932.564769]  dump_stack+0x107/0x167
[ 1932.565196]  should_fail.cold+0x5/0xa
[ 1932.565638]  ? create_object.isra.0+0x3a/0xa30
[ 1932.566158]  should_failslab+0x5/0x20
[ 1932.566596]  kmem_cache_alloc+0x5b/0x310
[ 1932.567069]  ? mark_held_locks+0x9e/0xe0
[ 1932.567548]  create_object.isra.0+0x3a/0xa30
[ 1932.568062]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1932.568666]  kmem_cache_alloc_bulk+0x168/0x320
[ 1932.569202]  io_submit_sqes+0x6fe7/0x8610
[ 1932.569690]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.570269]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.570838]  ? find_held_lock+0x2c/0x110
[ 1932.571313]  ? io_submit_sqes+0x8610/0x8610
[ 1932.571805]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1932.572358]  ? wait_for_completion_io+0x270/0x270
[ 1932.572923]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1932.573463]  ? vfs_write+0x354/0xb10
[ 1932.573896]  ? fput_many+0x2f/0x1a0
[ 1932.574320]  ? ksys_write+0x1a9/0x260
[ 1932.574756]  ? __ia32_sys_read+0xb0/0xb0
[ 1932.575221]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.575827]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.576422]  do_syscall_64+0x33/0x40
[ 1932.576851]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.577456] RIP: 0033:0x7f66d25a7b19
[ 1932.577883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1932.579989] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1932.580866] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1932.581705] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1932.582529] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1932.583339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1932.584159] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:44:48 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:48 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
listen(0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ppoll(&(0x7f0000000240)=[{0xffffffffffffffff, 0x19520}, {r6, 0x82}, {0xffffffffffffffff, 0xa109}, {0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x104ad}], 0x5, &(0x7f00000002c0), &(0x7f0000000440)={[0xb9]}, 0x8)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ppoll(&(0x7f0000000240)=[{r7, 0x19520}, {r8, 0x82}, {0xffffffffffffffff, 0xa109}, {0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x104ad}], 0x5, &(0x7f00000002c0), &(0x7f0000000440)={[0xb9]}, 0x8)
sendmsg$nl_generic(r6, &(0x7f0000000340)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000d40)=ANY=[@ANYBLOB="500200001600000225bd7000fcdbdf2512000000a600888014008800fc01000000000000000000000000000114000600ff01000000000000000000000000000104001500e024c19467c3dbb1f15feb90645f106ab2bdfa236c93c57a6ee5940898ea828f1d77c636e2759a2dd6116e3d0cb88f2f6e5ee145b4c3de2869fbb3a5acb93479e69536ce5a6de628e583eabc32c8b895af8facef5e5df06a31a277554d8c7b19b7843eb4b24e607733808c1f5bb0c956b52af9afefc20000aaac899785a221363887dde2946a7f98c0f246edf8911b52f6c729dfc56ed390d38c7d32e7cba68aefa0631033eabd2d0b3ebb3c3087dfdab370a2da181f74bb74eb9408440e99bc6e95c9a8f83322a6e6d0c87ca093e1707f0f306c00ba5801f39d8c7b10edc9e9ad713efe1e4b4d40d524f9c7b5fb8a9f17d9193b3d1b4bbfe82f7007b1e9339ca941cc0d0e12dbb7cbc784554ac68180c6215fa43fae50c47f0de5a1c1f22a9408002b007dbfa40a0806537f285b31366ff4cc0629c088c5e6d33cc548bf0e1b0b30d2f1c3c14b3f2c58481328c0e2345f925533fe47f71a4c36edf9d8779838858944f6e9a9626462078ba250c1cc9450899b4693dd4920eb233896b2ba89ae2ab9ab2fe3e2635a13eddd8f705cab987000fc5088dc38de105ee082d0add7d46a78dd8b07afa3a35fe2091e75038684aa5ce07ce7143061f4170968095b5fc937c460cb862b8839e8894135899b439dce86f0ad60f899101f451d9de90bca3d6d37f75d1f3c20385ebe90f44cd0a9111af16ae95921301c0039e48560843573a3d5f9a87928b666a60ef98d7c9b49837e49453500d4fc2292289ae7ca5ca4761fe382568e5826cb2f7f05906a9abf9a33886949dad5393fd034c1c393f7808c2f8fc9ce8a1d623ee486ca315e0e4e27485642ae8e6b592e262c4a21734754534fd7e538a773bc7d5f94f3c56268f58fc45b54650ca9874327634e649800156e7d682cb4249992fed13b4d7bcec3626e167515424d837930fc7cafa01d90443eb3d860cc7673b8b27e46e05aecefa8b05868bf444a7ac38c18169c971f8b4d95a0c2f7af740b7972c5ee", @ANYRES32=r7, @ANYBLOB="2298d6da78a6db98a49ac1451537b46b46315fe92965431eed3f4371f7d43eb687d7f03e95a7539ec30fac151a3d387bdcb894a7d663a90ff827949907a338c046109a44a9855abb85d75dc1a8f3fec8d2e90bbdd044e00dc3e2bd916ea4844902d384020a9feb7453e8815c0dcd55ed431bdd1ee102f6638308bc64b20ddaef8c4c55f3868b0374127f4b38a81a56ea5cc76b424495ada98b82e1037633578855a7c771edbbee6f81fd8c43102396983d928a40c86a6a86696b1873c835b1381e6325903b4be30ed2c0254c16b52593eddb25634e6b07670561656994cabcf7084d0000460a2d6a4ef96b58d50c720a39af337d9b1abe3192f0d28c264b3b8de4a03b193e1960b5f378558d0ec328cc5976a67624a3"], 0x250}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1932.612729] FAULT_INJECTION: forcing a failure.
[ 1932.612729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1932.614270] CPU: 0 PID: 10843 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1932.615078] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1932.616071] Call Trace:
[ 1932.616383]  dump_stack+0x107/0x167
[ 1932.616802]  should_fail.cold+0x5/0xa
[ 1932.617253]  _copy_from_user+0x2e/0x1b0
[ 1932.617710]  move_addr_to_kernel.part.0+0x31/0x110
[ 1932.618284]  move_addr_to_kernel+0x4f/0x70
[ 1932.618773]  io_connect+0x47a/0x610
[ 1932.619200]  ? io_prep_rw+0x1050/0x1050
[ 1932.619675]  ? __lock_acquire+0xbb1/0x5b00
[ 1932.620162]  io_issue_sqe+0x1611/0x77d0
[ 1932.620627]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1932.621234]  ? lock_chain_count+0x20/0x20
[ 1932.621718]  ? __is_insn_slot_addr+0x14c/0x290
[ 1932.622257]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1932.622856]  ? io_connect+0x610/0x610
[ 1932.623297]  ? lock_acquire+0x197/0x470
[ 1932.623750]  ? find_held_lock+0x2c/0x110
[ 1932.624224]  ? __fget_files+0x2cf/0x520
[ 1932.624687]  ? lock_downgrade+0x6d0/0x6d0
[ 1932.625180]  __io_queue_sqe+0x90/0x9d0
[ 1932.625628]  ? io_issue_sqe+0x77d0/0x77d0
[ 1932.626098]  ? __fget_files+0x2f8/0x520
[ 1932.626562]  io_submit_sqes+0x44ab/0x8610
[ 1932.627050]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.627624]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.628187]  ? find_held_lock+0x2c/0x110
[ 1932.628664]  ? io_submit_sqes+0x8610/0x8610
[ 1932.629168]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1932.629723]  ? wait_for_completion_io+0x270/0x270
[ 1932.630281]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1932.630810]  ? vfs_write+0x354/0xb10
[ 1932.631237]  ? fput_many+0x2f/0x1a0
[ 1932.631658]  ? ksys_write+0x1a9/0x260
[ 1932.632105]  ? __ia32_sys_read+0xb0/0xb0
[ 1932.632576]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.633222]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.633839]  do_syscall_64+0x33/0x40
[ 1932.634283]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.634871] RIP: 0033:0x7f88fdc0eb19
[ 1932.635308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1932.637434] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1932.638329] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1932.639141] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1932.639972] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1932.640811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1932.641639] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:44:48 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r5, 0x0, 0x0)
r6 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}}, 0x4)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x142})
sendfile(0xffffffffffffffff, r7, &(0x7f0000000140)=0x3fd, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x3, 0x0, r7, 0x80, &(0x7f00000003c0)=@sco={0x1f, @none}, 0x0, 0x0, 0x1}, 0x200)
sendfile(r5, r6, 0x0, 0x100000001)
setsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000140)=0x40, 0x4)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r8, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r6, 0x89f9, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x29, 0x40, 0x81, 0x5, 0x3c, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}, 0x20, 0x8, 0x20, 0x5}})
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:44:48 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000000000000)

[ 1932.886525] FAULT_INJECTION: forcing a failure.
[ 1932.886525] name failslab, interval 1, probability 0, space 0, times 0
[ 1932.889276] CPU: 1 PID: 10857 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1932.890727] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1932.892490] Call Trace:
[ 1932.893063]  dump_stack+0x107/0x167
[ 1932.893835]  should_fail.cold+0x5/0xa
[ 1932.894647]  ? create_object.isra.0+0x3a/0xa30
[ 1932.895620]  should_failslab+0x5/0x20
[ 1932.896426]  kmem_cache_alloc+0x5b/0x310
[ 1932.897308]  ? mark_held_locks+0x9e/0xe0
[ 1932.898167]  create_object.isra.0+0x3a/0xa30
[ 1932.899100]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1932.900174]  kmem_cache_alloc_bulk+0x168/0x320
[ 1932.901163]  io_submit_sqes+0x6fe7/0x8610
[ 1932.902068]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.903109]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1932.904118]  ? find_held_lock+0x2c/0x110
[ 1932.904984]  ? io_submit_sqes+0x8610/0x8610
[ 1932.905904]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1932.906929]  ? wait_for_completion_io+0x270/0x270
[ 1932.907946]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1932.908936]  ? vfs_write+0x354/0xb10
[ 1932.909720]  ? fput_many+0x2f/0x1a0
[ 1932.910488]  ? ksys_write+0x1a9/0x260
[ 1932.911292]  ? __ia32_sys_read+0xb0/0xb0
[ 1932.912160]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1932.913267]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1932.914371]  do_syscall_64+0x33/0x40
[ 1932.915157]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1932.916247] RIP: 0033:0x7f66d25a7b19
[ 1932.917050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1932.920971] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1932.922586] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1932.924108] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1932.925637] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1932.927176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1932.928690] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:45:09 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:45:09 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

10:45:09 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffff00000000)

10:45:09 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f00000003c0)='\x00\'\'x\xe0\x1c\xaa\x00f\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n\xe3$A\x94\xf8\xaa<\xbb\xa2rkJ\x90\xf3\xcf\xb1\xcf\xea\x91\xe2\x01\xa8\xafi\xa9\xf3\xfb\x8c\vUx\xf7\xcc\xf4\xc1\x193&*\xda\x7f:\x0f\\u\r\x97V\xce\x91R\x99\xeb\x1d\x042\xcfp\xd2R\xeb\x8f\xda\x16 \x1cN\xa3\xf4\xe6\x0f\xa9\xac\xa5 \x1d\x00\x00\x00\x00\x00\x00', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:45:09 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:45:09 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:45:09 executing program 0:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x4, 0x5, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x3, 0x80, 0x0, 0x0, 0x82, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
r6 = mmap$IORING_OFF_SQES(&(0x7f0000447000/0x2000)=nil, 0x2000, 0xc, 0x4010, r0, 0x10000000)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r7, 0x0, 0x0)
r8 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0x100000001)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r6, &(0x7f0000000140)=@IORING_OP_CONNECT={0x10, 0x6, 0x0, r8, 0x80, &(0x7f0000000240)=@nfc={0x27, 0x1, 0x2, 0x5}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x1)
mmap(&(0x7f0000be7000/0x3000)=nil, 0x3000, 0x2000002, 0x80010, r5, 0xe86cb000)
io_uring_enter(r0, 0xf93, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
r10 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r10, 0x0, 0x100000001)
syz_io_uring_submit(0x0, r6, &(0x7f00000006c0)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r10, 0x0, &(0x7f0000000680)={&(0x7f0000000340)=@rxrpc=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e21, 0x2, @private2, 0x40}}, 0x80, &(0x7f00000001c0)=[{&(0x7f00000003c0)="1295c616b5a68822636762334d3ef261edbacfa65c3c2452be18082c7589c7965c94bd644fedebeb3dd3929a5fbfef9ba4e6060c72267ad813ec70a4d3ab0b71e9d364d7d0aafc5606ba7d8efdd9862be1c5085bb18fe615aa22c11430a9d39c2444722d5dc6f82a4416e32fcf0a6a4f08f52438dd60644981924878ead568279cfb2412959e660f8bd95e714ff195f46a8d3b20e2b0727fea0055abafd0f6929dc3f39dded2499efe", 0xa9}, {&(0x7f0000000500)="887a133b0667a9e89132f8972f5d1c08e3b87f05e89c10869343deedbb3bd90fbbd8b3c836864239227bff8dfd1d7fd12273f4fbb035f2f781454aed5e9318073d124781d989f3a004526025f41e4e2bb32fdf788fc372157c3034ca71f8ece4a1dcb790a242228073cb2ca3ca19b6697159c6001fed52d58b71e1e910d3f1bb44ed81a29bfede5d827aafc49d35de0215b0319eb3a3719fe42b87f5878ab5c99fffa49185ba70c4f4c2060b23aeccadf0189b6cc7b33ed86450b2ba6ad44a4f498f3fa118", 0xc5}, {&(0x7f0000000600)="3d158c5813781509c8fb34951e1942715de650cc927afd87b35f2dc94829959a1c001ce07ed810f7315e814b19a85bca5c233b165880a5f5851738ca3c58c435adf206527a6635cfd52acb07662f90fcdba9a759dcc1bd3fd0e855cc0d543c1ec1f0d105907a7ab7b377630d2ecf99bb8f74e4b7607993fdea", 0x79}], 0x3}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0)

10:45:09 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1953.408328] FAULT_INJECTION: forcing a failure.
[ 1953.408328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1953.412771] CPU: 0 PID: 10875 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1953.414256] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1953.416000] Call Trace:
[ 1953.416557]  dump_stack+0x107/0x167
[ 1953.417331]  should_fail.cold+0x5/0xa
[ 1953.418140]  _copy_from_user+0x2e/0x1b0
[ 1953.418998]  move_addr_to_kernel.part.0+0x31/0x110
[ 1953.420046]  move_addr_to_kernel+0x4f/0x70
[ 1953.420694] FAULT_INJECTION: forcing a failure.
[ 1953.420694] name failslab, interval 1, probability 0, space 0, times 0
[ 1953.420955]  io_connect+0x47a/0x610
[ 1953.424223]  ? io_prep_rw+0x1050/0x1050
[ 1953.425081]  ? __lock_acquire+0xbb1/0x5b00
[ 1953.425990]  io_issue_sqe+0x1611/0x77d0
[ 1953.426838]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1953.427941]  ? lock_chain_count+0x20/0x20
[ 1953.428814]  ? __is_insn_slot_addr+0x14c/0x290
[ 1953.429839]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1953.430943]  ? io_connect+0x610/0x610
[ 1953.431753]  ? lock_acquire+0x197/0x470
[ 1953.432598]  ? find_held_lock+0x2c/0x110
[ 1953.433470]  ? __fget_files+0x2cf/0x520
[ 1953.434309]  ? lock_downgrade+0x6d0/0x6d0
[ 1953.435188]  __io_queue_sqe+0x90/0x9d0
[ 1953.436019]  ? io_issue_sqe+0x77d0/0x77d0
[ 1953.436896]  ? __fget_files+0x2f8/0x520
[ 1953.437768]  io_submit_sqes+0x44ab/0x8610
[ 1953.438674]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1953.439726]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1953.440745]  ? find_held_lock+0x2c/0x110
[ 1953.441624]  ? io_submit_sqes+0x8610/0x8610
[ 1953.442543]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1953.443558]  ? wait_for_completion_io+0x270/0x270
[ 1953.444579]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1953.445567]  ? vfs_write+0x354/0xb10
[ 1953.446356]  ? fput_many+0x2f/0x1a0
[ 1953.447123]  ? ksys_write+0x1a9/0x260
[ 1953.447927]  ? __ia32_sys_read+0xb0/0xb0
[ 1953.448802]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1953.449919]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1953.451011]  do_syscall_64+0x33/0x40
[ 1953.451797]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1953.452877] RIP: 0033:0x7f88fdc0eb19
[ 1953.453672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1953.457474] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1953.459036] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1953.460490] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1953.461952] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1953.463436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1953.464925] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
[ 1953.466485] CPU: 1 PID: 10870 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1953.468095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1953.469989] Call Trace:
[ 1953.470598]  dump_stack+0x107/0x167
[ 1953.471420]  should_fail.cold+0x5/0xa
[ 1953.472286]  ? create_object.isra.0+0x3a/0xa30
[ 1953.473554]  should_failslab+0x5/0x20
[ 1953.474415]  kmem_cache_alloc+0x5b/0x310
[ 1953.475342]  ? mark_held_locks+0x9e/0xe0
[ 1953.476261]  create_object.isra.0+0x3a/0xa30
[ 1953.477265]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1953.478421]  kmem_cache_alloc_bulk+0x168/0x320
[ 1953.479464]  io_submit_sqes+0x6fe7/0x8610
[ 1953.480428]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1953.481575]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1953.482682]  ? find_held_lock+0x2c/0x110
[ 1953.483630]  ? io_submit_sqes+0x8610/0x8610
[ 1953.484631]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1953.485757]  ? wait_for_completion_io+0x270/0x270
[ 1953.486885]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1953.487963]  ? vfs_write+0x354/0xb10
[ 1953.488821]  ? fput_many+0x2f/0x1a0
[ 1953.489657]  ? ksys_write+0x1a9/0x260
[ 1953.490518]  ? __ia32_sys_read+0xb0/0xb0
[ 1953.491452]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1953.492672]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1953.493892]  do_syscall_64+0x33/0x40
[ 1953.494765]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1953.495956] RIP: 0033:0x7f66d25a7b19
[ 1953.496817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1953.501094] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1953.502878] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1953.504567] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1953.506277] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1953.507935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1953.509598] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
10:45:09 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
r5 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r8, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, {0x0, r9}}, 0x4)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000139000/0x1000)=nil, 0x1000, 0x100000b, 0x50, 0xffffffffffffffff, 0x10000000)
syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080))
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_io_uring_submit(r6, r10, &(0x7f0000000140)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x51}, 0x3f)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r11, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

10:45:09 executing program 4:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
io_uring_enter(r0, 0x58ab, 0x2, 0x0, 0x0, 0x0)

10:45:09 executing program 2:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:45:09 executing program 1:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30)
r6 = accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)
r7 = mmap$IORING_OFF_SQES(&(0x7f00004dd000/0x4000)=nil, 0x4000, 0x0, 0x4000010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r7, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x5, 0x0, r6, 0x80, &(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x3, 0x0, {0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}}}, 0xde8)

10:45:09 executing program 7:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r5, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000000000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x8001)

[ 1953.979048] FAULT_INJECTION: forcing a failure.
[ 1953.979048] name failslab, interval 1, probability 0, space 0, times 0
[ 1953.981367] CPU: 0 PID: 10900 Comm: syz-executor.2 Not tainted 5.10.244 #1
[ 1953.982640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1953.984149] Call Trace:
[ 1953.984643]  dump_stack+0x107/0x167
[ 1953.985343]  should_fail.cold+0x5/0xa
[ 1953.986045]  ? create_object.isra.0+0x3a/0xa30
[ 1953.986889]  should_failslab+0x5/0x20
[ 1953.987588]  kmem_cache_alloc+0x5b/0x310
[ 1953.988332]  ? mark_held_locks+0x9e/0xe0
[ 1953.989080]  create_object.isra.0+0x3a/0xa30
[ 1953.989885]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 1953.990815]  kmem_cache_alloc_bulk+0x168/0x320
[ 1953.991651]  io_submit_sqes+0x6fe7/0x8610
[ 1953.992437]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1953.993358]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1953.994237]  ? find_held_lock+0x2c/0x110
[ 1953.994989]  ? io_submit_sqes+0x8610/0x8610
[ 1953.995807]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1953.996713]  ? wait_for_completion_io+0x270/0x270
[ 1953.997626]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1953.997775] FAULT_INJECTION: forcing a failure.
[ 1953.997775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1953.998469]  ? vfs_write+0x354/0xb10
[ 1953.998487]  ? fput_many+0x2f/0x1a0
[ 1953.998518]  ? ksys_write+0x1a9/0x260
[ 1954.003131]  ? __ia32_sys_read+0xb0/0xb0
[ 1954.003869]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1954.004822]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1954.005767]  do_syscall_64+0x33/0x40
[ 1954.006443]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1954.007383] RIP: 0033:0x7f66d25a7b19
[ 1954.008054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1954.011398] RSP: 002b:00007f66cfb1d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1954.012781] RAX: ffffffffffffffda RBX: 00007f66d26baf60 RCX: 00007f66d25a7b19
[ 1954.014081] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1954.015378] RBP: 00007f66cfb1d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1954.016661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1954.017958] R13: 00007ffed610c24f R14: 00007f66cfb1d300 R15: 0000000000022000
[ 1954.019290] CPU: 1 PID: 10901 Comm: syz-executor.1 Not tainted 5.10.244 #1
[ 1954.020894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1954.022800] Call Trace:
[ 1954.023412]  dump_stack+0x107/0x167
[ 1954.024254]  should_fail.cold+0x5/0xa
[ 1954.025130]  _copy_from_user+0x2e/0x1b0
[ 1954.026047]  move_addr_to_kernel.part.0+0x31/0x110
[ 1954.027171]  move_addr_to_kernel+0x4f/0x70
[ 1954.028146]  io_connect+0x47a/0x610
[ 1954.028980]  ? io_prep_rw+0x1050/0x1050
10:45:09 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004b80)=[{{&(0x7f0000000240), 0x6e, &(0x7f0000000140)=[{&(0x7f0000000340)=""/119, 0x77}, {&(0x7f00000003c0)=""/136, 0x88}], 0x2}}, {{&(0x7f0000000500), 0x6e, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000580)=""/98, 0x62}], 0x2, &(0x7f0000000640)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd0}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f0000000cc0)=[{&(0x7f00000007c0)=""/45, 0x2d}, {&(0x7f0000000800)=""/132, 0x84}, {&(0x7f00000008c0)=""/251, 0xfb}, {&(0x7f00000009c0)=""/180, 0xb4}, {&(0x7f0000000a80)=""/28, 0x1c}, {&(0x7f0000000ac0)=""/184, 0xb8}, {&(0x7f0000000b80)=""/111, 0x6f}, {&(0x7f0000000c00)=""/42, 0x2a}, {&(0x7f0000000c40)=""/90, 0x5a}], 0x9, &(0x7f0000000d80)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, <r4=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}}, {{&(0x7f0000000e80), 0x6e, &(0x7f0000002280)=[{&(0x7f0000000f00)=""/168, 0xa8}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000001fc0)=""/109, 0x6d}, {&(0x7f0000002040)=""/82, 0x52}, {&(0x7f00000020c0)=""/219, 0xdb}, {&(0x7f00000021c0)}, {&(0x7f0000002200)=""/73, 0x49}], 0x7, &(0x7f0000002300)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000002380)=@abs, 0x6e, &(0x7f00000035c0)=[{&(0x7f0000002400)=""/4096, 0x1000}, {&(0x7f0000003400)=""/167, 0xa7}, {&(0x7f00000034c0)=""/92, 0x5c}, {&(0x7f0000003540)=""/121, 0x79}], 0x4, &(0x7f0000003600)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r5=>0x0}}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x80}}, {{&(0x7f0000003680)=@abs, 0x6e, &(0x7f0000004a80)=[{&(0x7f0000003700)=""/41, 0x29}, {&(0x7f0000003740)=""/245, 0xf5}, {&(0x7f0000003840)=""/221, 0xdd}, {&(0x7f0000003940)=""/71, 0x47}, {&(0x7f00000039c0)=""/164, 0xa4}, {&(0x7f0000003a80)=""/4096, 0x1000}], 0x6, &(0x7f0000004b00)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x78}}], 0x6, 0x10042, &(0x7f0000004d00)={0x0, 0x989680})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r6, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r4, 0xc020662a, &(0x7f0000004d40)={0x536, 0x5, 0x4, 0x7, 0x1, [{0x1, 0x9, 0xaab, '\x00', 0x1001}]})
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1954.029925]  ? __lock_acquire+0xbb1/0x5b00
[ 1954.031252]  io_issue_sqe+0x1611/0x77d0
[ 1954.032171]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1954.033374]  ? lock_chain_count+0x20/0x20
[ 1954.034315]  ? __is_insn_slot_addr+0x14c/0x290
[ 1954.035391]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 1954.036573]  ? io_connect+0x610/0x610
[ 1954.037454]  ? lock_acquire+0x197/0x470
[ 1954.038352]  ? find_held_lock+0x2c/0x110
10:45:09 executing program 5:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
r5 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r6, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000140)={0x3, 0x7, 0x10000, 0xa7, 0x20000000})
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
fcntl$getflags(0xffffffffffffffff, 0x7c085df7fa459e51)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @multicast1}, &(0x7f0000000240)=0x10, 0x800)

[ 1954.039273]  ? __fget_files+0x2cf/0x520
[ 1954.040319]  ? lock_downgrade+0x6d0/0x6d0
[ 1954.041276]  __io_queue_sqe+0x90/0x9d0
[ 1954.042165]  ? io_issue_sqe+0x77d0/0x77d0
[ 1954.043103]  ? __fget_files+0x2f8/0x520
[ 1954.044023]  io_submit_sqes+0x44ab/0x8610
[ 1954.044998]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 1954.046140]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 1954.047261]  ? find_held_lock+0x2c/0x110
[ 1954.048198]  ? io_submit_sqes+0x8610/0x8610
[ 1954.049200]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 1954.050302]  ? wait_for_completion_io+0x270/0x270
[ 1954.051416]  ? rcu_read_lock_any_held+0x75/0xa0
[ 1954.052477]  ? vfs_write+0x354/0xb10
[ 1954.053334]  ? fput_many+0x2f/0x1a0
[ 1954.054178]  ? ksys_write+0x1a9/0x260
[ 1954.055054]  ? __ia32_sys_read+0xb0/0xb0
[ 1954.055983]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1954.057173]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1954.058364]  do_syscall_64+0x33/0x40
[ 1954.059199]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1954.060345] RIP: 0033:0x7f88fdc0eb19
[ 1954.061173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1954.065321] RSP: 002b:00007f88fb184188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1954.067035] RAX: ffffffffffffffda RBX: 00007f88fdd21f60 RCX: 00007f88fdc0eb19
[ 1954.068637] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003
[ 1954.070248] RBP: 00007f88fb1841d0 R08: 0000000000000000 R09: 0000000000000000
[ 1954.071846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:45:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r0, 0x0, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x100000001)
r2 = syz_io_uring_setup(0x3862, &(0x7f00000002c0)={0x0, 0xe874, 0x0, 0x0, 0x3c3, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0)
io_uring_enter(r2, 0x5365, 0xee93, 0x3, &(0x7f0000000140)={[0x100000001]}, 0x8)
perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0xff, 0xd9, 0x5, 0x0, 0x0, 0x3ff, 0x4022, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0xfffffff9, 0x4, @perf_bp={&(0x7f00000001c0)}, 0x22040, 0x81, 0x53, 0x6, 0x7, 0x8000, 0x8, 0x0, 0x1ff, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r4, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0x0)
io_uring_enter(r2, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1954.073464] R13: 00007fff277a500f R14: 00007f88fb184300 R15: 0000000000022000
10:45:10 executing program 6:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0)
lseek(r4, 0x0, 0x0)
r5 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x100000001)
syz_io_uring_setup(0xb2d, &(0x7f0000000240)={0x0, 0x4e57, 0x8, 0x3, 0x113, 0x0, r4}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000140), &(0x7f00000001c0))
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r7, 0x0)
mmap(&(0x7f0000012000/0x1000)=nil, 0x1000, 0x0, 0x50, 0xffffffffffffffff, 0xb4be9000)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

10:45:10 executing program 3:
r0 = syz_io_uring_setup(0x3862, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c9f8e650da8d1f569053e8984b83777318760a5238f6af85581608069a64b06b92de9de827a06da13dfd0a7244f9276114abb0c4ea0c40656d1732e262fd02"}}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r4, 0x0, 0x0, 0x1000002)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f00000001c0)=0xe8)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0)
fallocate(r6, 0x0, 0x0, 0x1000002)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@loopback}, 0x0, @in6=@private1}}, &(0x7f00000001c0)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0x25c, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0xfffffffffffffc49, 0x7, 0x1}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_tx_method={{}, {}, {0x0, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x62}, {0x8, 0x4, 0xfffffffa}}}]}}]}, 0x25c}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x168, 0x0, 0x2, 0x70bd28, 0x25dfdbff, {}, [{{0x8}, {0xfc, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8, 0x7, 0x1}}}]}}, {{0x8}, {0x4}}, {{0x8, 0x1, r5}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}}]}}]}, 0x168}, 0x1, 0x0, 0x0, 0x24000000}, 0x8080)
mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000c, 0x14012, r4, 0x2dae1000)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0)
syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r9 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x6)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x1f012, r9, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 1954.520975] ------------[ cut here ]------------
[ 1954.521867] WARNING: CPU: 0 PID: 10922 at include/linux/fs.h:525 hugetlb_split+0x320/0xc50
[ 1954.522956] Modules linked in:
[ 1954.523418] CPU: 0 PID: 10922 Comm: syz-executor.3 Not tainted 5.10.244 #1
[ 1954.524351] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1954.525492] RIP: 0010:hugetlb_split+0x320/0xc50
[ 1954.526138] Code: 00 00 31 f6 48 81 c7 e0 00 00 00 e8 8a fb 7c 02 31 ff 41 89 c6 89 c6 e8 0e d4 d5 ff 45 85 f6 0f 85 5e fe ff ff e8 b0 da d5 ff <0f> 0b e9 52 fe ff ff e8 a4 da d5 ff 48 8d 43 50 48 89 c2 48 89 44
[ 1954.528603] RSP: 0018:ffff88803d5c79a0 EFLAGS: 00010216
[ 1954.529348] RAX: 00000000000001c1 RBX: ffff88800e52b000 RCX: ffffc900007fb000
[ 1954.530352] RDX: 0000000000040000 RSI: ffffffff816af780 RDI: 0000000000000005
[ 1954.531555] RBP: 0000000020000000 R08: 0000000000000000 R09: ffff88800e1695bf
[ 1954.535120] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff11007ab8f3d
[ 1954.537494] R13: ffffffff8567ae3c R14: 0000000000000000 R15: 0000000000000001
[ 1954.538517] FS:  00007fa3bf6e8700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 1954.539557] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1954.540309] CR2: 0000000020000780 CR3: 0000000041882000 CR4: 0000000000350ef0
[ 1954.541241] Call Trace:
[ 1954.541582]  ? follow_hugetlb_page+0x10c0/0x10c0
[ 1954.542212]  ? vm_area_alloc+0x110/0x110
[ 1954.542724]  __vma_adjust+0xbe8/0x2510
[ 1954.543246]  ? anon_vma_clone+0x3d0/0x590
[ 1954.543767]  __split_vma+0x2be/0x4e0
[ 1954.544262]  __do_munmap+0x365/0x1260
[ 1954.544736]  ? arch_get_unmapped_area+0x450/0x450
[ 1954.545372]  ? lock_release+0x680/0x680
[ 1954.545872]  mmap_region+0x7cc/0x1500
[ 1954.546381]  do_mmap+0x868/0x1370
[ 1954.546821]  vm_mmap_pgoff+0x198/0x1f0
[ 1954.547338]  ? randomize_page+0xb0/0xb0
[ 1954.547841]  ksys_mmap_pgoff+0x41c/0x560
[ 1954.548376]  ? find_mergeable_anon_vma+0x250/0x250
[ 1954.548986]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1954.549672]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1954.550340]  do_syscall_64+0x33/0x40
[ 1954.550802]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1954.551464] RIP: 0033:0x7fa3c2172b19
[ 1954.551926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1954.554223] RSP: 002b:00007fa3bf6e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1954.555188] RAX: ffffffffffffffda RBX: 00007fa3c2285f60 RCX: 00007fa3c2172b19
[ 1954.556093] RDX: 000000000100000c RSI: 0000000000c00000 RDI: 0000000020400000
[ 1954.556966] RBP: 00007fa3c21ccf6d R08: 0000000000000004 R09: 000000002dae1000
[ 1954.557926] R10: 0000000000014012 R11: 0000000000000246 R12: 0000000000000000
[ 1954.558869] R13: 00007ffff6a716ef R14: 00007fa3bf6e8300 R15: 0000000000022000
[ 1954.559827] irq event stamp: 14955
[ 1954.560321] hardirqs last  enabled at (14965): [<ffffffff8129b57d>] console_unlock+0x92d/0xb40
[ 1954.561466] hardirqs last disabled at (14974): [<ffffffff8129b489>] console_unlock+0x839/0xb40
[ 1954.562623] softirqs last  enabled at (14668): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[ 1954.563827] softirqs last disabled at (14591): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[ 1954.565061] ---[ end trace d8fa6c90df247211 ]---
[ 1954.565803] ------------[ cut here ]------------
[ 1954.566466] WARNING: CPU: 0 PID: 10922 at include/linux/fs.h:525 hugetlb_split+0x320/0xc50
[ 1954.567589] Modules linked in:
[ 1954.568018] CPU: 0 PID: 10922 Comm: syz-executor.3 Tainted: G        W         5.10.244 #1
[ 1954.569116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1954.570241] RIP: 0010:hugetlb_split+0x320/0xc50
[ 1954.570845] Code: 00 00 31 f6 48 81 c7 e0 00 00 00 e8 8a fb 7c 02 31 ff 41 89 c6 89 c6 e8 0e d4 d5 ff 45 85 f6 0f 85 5e fe ff ff e8 b0 da d5 ff <0f> 0b e9 52 fe ff ff e8 a4 da d5 ff 48 8d 43 50 48 89 c2 48 89 44
[ 1954.573343] RSP: 0018:ffff88803d5c79a0 EFLAGS: 00010202
[ 1954.574032] RAX: 000000000001a790 RBX: ffff88800e52b000 RCX: ffffc900007fb000
[ 1954.574971] RDX: 0000000000040000 RSI: ffffffff816af780 RDI: 0000000000000005
[ 1954.575919] RBP: 0000000020400000 R08: 0000000000000000 R09: ffff88800e1695bf
[ 1954.576860] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff11007ab8f3d
[ 1954.577817] R13: ffffffff8567ae3c R14: 0000000000000000 R15: 0000000000000001
[ 1954.578765] FS:  00007fa3bf6e8700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 1954.579826] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1954.580588] CR2: 0000000020000780 CR3: 0000000041882000 CR4: 0000000000350ef0
[ 1954.581542] Call Trace:
[ 1954.581887]  ? follow_hugetlb_page+0x10c0/0x10c0
[ 1954.582525]  ? vm_area_alloc+0x110/0x110
[ 1954.583050]  __vma_adjust+0xbf3/0x2510
[ 1954.583581]  ? anon_vma_clone+0x3d0/0x590
[ 1954.584142]  __split_vma+0x2be/0x4e0
[ 1954.584619]  __do_munmap+0x365/0x1260
[ 1954.585135]  ? arch_get_unmapped_area+0x450/0x450
[ 1954.585761]  ? lock_release+0x680/0x680
[ 1954.586299]  mmap_region+0x7cc/0x1500
[ 1954.586794]  do_mmap+0x868/0x1370
[ 1954.587266]  vm_mmap_pgoff+0x198/0x1f0
[ 1954.587769]  ? randomize_page+0xb0/0xb0
[ 1954.588314]  ksys_mmap_pgoff+0x41c/0x560
[ 1954.588836]  ? find_mergeable_anon_vma+0x250/0x250
[ 1954.589502]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 1954.590197]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 1954.590856]  do_syscall_64+0x33/0x40
[ 1954.591358]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 1954.592007] RIP: 0033:0x7fa3c2172b19
[ 1954.592506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1954.594847] RSP: 002b:00007fa3bf6e8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1954.595836] RAX: ffffffffffffffda RBX: 00007fa3c2285f60 RCX: 00007fa3c2172b19
[ 1954.596768] RDX: 000000000100000c RSI: 0000000000c00000 RDI: 0000000020400000
[ 1954.597703] RBP: 00007fa3c21ccf6d R08: 0000000000000004 R09: 000000002dae1000
[ 1954.598627] R10: 0000000000014012 R11: 0000000000000246 R12: 0000000000000000
[ 1954.599554] R13: 00007ffff6a716ef R14: 00007fa3bf6e8300 R15: 0000000000022000
[ 1954.600484] irq event stamp: 15445
[ 1954.600935] hardirqs last  enabled at (15453): [<ffffffff8129b57d>] console_unlock+0x92d/0xb40
[ 1954.602054] hardirqs last disabled at (15462): [<ffffffff8129b489>] console_unlock+0x839/0xb40
[ 1954.603178] softirqs last  enabled at (14668): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[ 1954.604339] softirqs last disabled at (14591): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
[ 1954.605497] ---[ end trace d8fa6c90df247212 ]---

VM DIAGNOSIS:
10:45:10  Registers:
info registers vcpu 0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff822e3d7c RDI=ffffffff879f71c0 RBP=ffffffff879f7180 RSP=ffff88803d5c7360
R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=0000000000000001
R12=0000000000000020 R13=fffffbfff0f3ee85 R14=fffffbfff0f3ee3a R15=dffffc0000000000
RIP=ffffffff822e3dd0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fa3bf6e8700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020000780 CR3=0000000041882000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=1ffff11003058f9a RBX=dffffc0000000000 RCX=ffffffff814d483b RDX=0000000000000001
RSI=ffffffff814d47c5 RDI=ffffc9000069f391 RBP=ffff8880182c7cd0 RSP=ffff8880182c7c08
R8 =0000000000000001 R9 =0000000000000001 R10=00000000000000ba R11=0000000000000001
R12=ffff8880182c7cd0 R13=ffffed1003058f9c R14=00000000000000ba R15=ffffc9000069f390
RIP=ffffffff814d47fa RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f4b00a96900 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4afff2ab08 CR3=000000000df0e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=5837fe9dc1c91f3200000000000ae618 XMM01=0ba803da11e75995ba43e77298192b09
XMM02=6b1e99b806172e3b00000000000aea08 XMM03=ac8bc31478ec851100000000000aef80
XMM04=1049e6669b4fc92900000000006aeb58 XMM05=d3fdd5f48436fbd700000000000aeab0
XMM06=c44133feb612c16f00000000000ae968 XMM07=a1fcdcf819d7e1e500000000000ae728
XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000
XMM10=00002020000000000000200000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000