0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0) 05:46:20 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:20 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:20 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) 05:46:20 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) [ 1446.564756] FAULT_INJECTION: forcing a failure. [ 1446.564756] name failslab, interval 1, probability 0, space 0, times 0 [ 1446.565785] CPU: 1 PID: 7632 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1446.566357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1446.567049] Call Trace: [ 1446.567282] dump_stack+0x107/0x167 [ 1446.567599] should_fail.cold+0x5/0xa [ 1446.567927] ? create_object.isra.0+0x3a/0xa20 [ 1446.568316] should_failslab+0x5/0x20 [ 1446.568642] kmem_cache_alloc+0x5b/0x310 [ 1446.569011] create_object.isra.0+0x3a/0xa20 [ 1446.569387] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1446.569820] __kmalloc+0x16e/0x390 [ 1446.570124] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1446.570568] io_timeout_prep+0x693/0x8b0 [ 1446.570918] io_submit_sqes+0x54d8/0x8610 [ 1446.571293] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.571721] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.572136] ? lock_downgrade+0x6d0/0x6d0 [ 1446.572488] ? find_held_lock+0x2c/0x110 [ 1446.572848] ? io_submit_sqes+0x8610/0x8610 [ 1446.573228] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1446.573641] ? wait_for_completion_io+0x270/0x270 [ 1446.574054] ? rcu_read_lock_any_held+0x75/0xa0 [ 1446.574449] ? vfs_write+0x354/0xb10 [ 1446.574766] ? fput_many+0x2f/0x1a0 [ 1446.575078] ? ksys_write+0x1a9/0x260 [ 1446.575405] ? __ia32_sys_read+0xb0/0xb0 [ 1446.575757] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1446.576204] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1446.576647] do_syscall_64+0x33/0x40 [ 1446.576986] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1446.577423] RIP: 0033:0x7fe1dcd4cb19 [ 1446.577742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1446.579298] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1446.579953] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1446.580560] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1446.581217] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1446.581885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1446.582560] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1446.605457] FAULT_INJECTION: forcing a failure. [ 1446.605457] name failslab, interval 1, probability 0, space 0, times 0 [ 1446.608352] CPU: 0 PID: 7633 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1446.610092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1446.612097] Call Trace: [ 1446.612707] dump_stack+0x107/0x167 [ 1446.613611] should_fail.cold+0x5/0xa [ 1446.614574] ? io_timeout_prep+0x693/0x8b0 [ 1446.615651] should_failslab+0x5/0x20 [ 1446.616643] __kmalloc+0x72/0x390 [ 1446.617513] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1446.618751] io_timeout_prep+0x693/0x8b0 [ 1446.619770] io_submit_sqes+0x54d8/0x8610 [ 1446.620852] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.622074] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.623275] ? lock_downgrade+0x6d0/0x6d0 [ 1446.624281] ? find_held_lock+0x2c/0x110 [ 1446.625283] ? io_submit_sqes+0x8610/0x8610 [ 1446.626364] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1446.627559] ? wait_for_completion_io+0x270/0x270 [ 1446.628722] ? rcu_read_lock_any_held+0x75/0xa0 [ 1446.629906] ? vfs_write+0x354/0xb10 [ 1446.630778] ? fput_many+0x2f/0x1a0 [ 1446.631702] ? ksys_write+0x1a9/0x260 [ 1446.632631] ? __ia32_sys_read+0xb0/0xb0 [ 1446.633628] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1446.634962] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1446.636201] do_syscall_64+0x33/0x40 [ 1446.637121] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1446.638350] RIP: 0033:0x7fd7b8236b19 [ 1446.639259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1446.643736] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1446.645631] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1446.652732] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1446.654592] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1446.656335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1446.658108] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1446.668745] FAULT_INJECTION: forcing a failure. [ 1446.668745] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1446.670944] CPU: 1 PID: 7621 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1446.671627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1446.672452] Call Trace: [ 1446.672742] dump_stack+0x107/0x167 [ 1446.673122] should_fail.cold+0x5/0xa [ 1446.673541] _copy_from_user+0x2e/0x1b0 [ 1446.673958] get_timespec64+0x75/0x190 [ 1446.674355] ? put_timespec64+0x130/0x130 [ 1446.674807] ? kasan_unpoison_shadow+0x33/0x50 [ 1446.675294] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1446.675838] io_timeout_prep+0x3c5/0x8b0 [ 1446.676256] io_submit_sqes+0x54d8/0x8610 05:46:20 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1446.677214] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.685061] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.685548] ? lock_downgrade+0x6d0/0x6d0 [ 1446.685940] ? find_held_lock+0x2c/0x110 [ 1446.686329] ? io_submit_sqes+0x8610/0x8610 [ 1446.686748] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1446.687207] ? wait_for_completion_io+0x270/0x270 [ 1446.687675] ? rcu_read_lock_any_held+0x75/0xa0 [ 1446.688130] ? vfs_write+0x354/0xb10 [ 1446.688486] ? fput_many+0x2f/0x1a0 [ 1446.688845] ? ksys_write+0x1a9/0x260 [ 1446.689212] ? __ia32_sys_read+0xb0/0xb0 [ 1446.689599] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1446.690101] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1446.691269] do_syscall_64+0x33/0x40 [ 1446.692076] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1446.693207] RIP: 0033:0x7f0159fffb19 [ 1446.694014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1446.698047] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1446.699691] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1446.701246] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1446.702792] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1446.704346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1446.705914] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:46:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:46:21 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000000, 0x0, 0x0, 0x0) 05:46:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) syz_io_uring_submit(r1, r2, 0x0, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(0x0, 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:46:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) [ 1446.952383] FAULT_INJECTION: forcing a failure. [ 1446.952383] name failslab, interval 1, probability 0, space 0, times 0 [ 1446.955155] CPU: 1 PID: 7657 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1446.956648] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1446.958475] Call Trace: [ 1446.959056] dump_stack+0x107/0x167 [ 1446.959852] should_fail.cold+0x5/0xa [ 1446.960701] ? create_object.isra.0+0x3a/0xa20 [ 1446.961718] should_failslab+0x5/0x20 [ 1446.962571] kmem_cache_alloc+0x5b/0x310 [ 1446.963452] ? create_object.isra.0+0x3ad/0xa20 [ 1446.964474] create_object.isra.0+0x3a/0xa20 [ 1446.965457] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1446.966568] __kmalloc_node+0x1ae/0x420 [ 1446.967435] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1446.968545] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1446.969755] ? trace_hardirqs_on+0x5b/0x180 [ 1446.970700] kmem_cache_alloc_bulk+0x182/0x320 [ 1446.971701] io_submit_sqes+0x6fe6/0x8610 [ 1446.972610] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1446.973702] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.974784] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1446.975841] ? lock_downgrade+0x6d0/0x6d0 [ 1446.976744] ? find_held_lock+0x2c/0x110 [ 1446.977651] ? io_submit_sqes+0x8610/0x8610 [ 1446.978606] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1446.979664] ? wait_for_completion_io+0x270/0x270 [ 1446.980729] ? rcu_read_lock_any_held+0x75/0xa0 [ 1446.981761] ? vfs_write+0x354/0xb10 [ 1446.982588] ? fput_many+0x2f/0x1a0 [ 1446.983382] ? ksys_write+0x1a9/0x260 [ 1446.984214] ? __ia32_sys_read+0xb0/0xb0 [ 1446.985128] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1446.986275] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1446.987404] do_syscall_64+0x33/0x40 [ 1446.988214] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1446.989354] RIP: 0033:0x7fe1dcd4cb19 [ 1446.990164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1446.994204] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1446.995857] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1446.997931] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1446.999484] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1447.000955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1447.001574] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:46:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:46:35 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) syz_io_uring_submit(r1, r2, 0x0, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:35 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) [ 1461.398142] FAULT_INJECTION: forcing a failure. [ 1461.398142] name failslab, interval 1, probability 0, space 0, times 0 [ 1461.399205] CPU: 0 PID: 7673 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1461.399776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1461.400465] Call Trace: [ 1461.400697] dump_stack+0x107/0x167 [ 1461.401028] should_fail.cold+0x5/0xa [ 1461.401356] ? io_timeout_prep+0x693/0x8b0 [ 1461.401722] should_failslab+0x5/0x20 [ 1461.402046] __kmalloc+0x72/0x390 [ 1461.402347] io_timeout_prep+0x693/0x8b0 [ 1461.402699] io_submit_sqes+0x54d8/0x8610 [ 1461.403072] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1461.403494] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1461.403908] ? lock_downgrade+0x6d0/0x6d0 [ 1461.404260] ? find_held_lock+0x2c/0x110 [ 1461.404615] ? io_submit_sqes+0x8610/0x8610 [ 1461.405003] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1461.405420] ? wait_for_completion_io+0x270/0x270 [ 1461.405831] ? rcu_read_lock_any_held+0x75/0xa0 [ 1461.406227] ? vfs_write+0x354/0xb10 [ 1461.406545] ? fput_many+0x2f/0x1a0 [ 1461.406859] ? ksys_write+0x1a9/0x260 [ 1461.407185] ? __ia32_sys_read+0xb0/0xb0 [ 1461.407534] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1461.407978] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1461.408417] do_syscall_64+0x33/0x40 [ 1461.408740] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1461.409186] RIP: 0033:0x7fe1dcd4cb19 [ 1461.409504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1461.411044] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1461.411690] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1461.412290] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1461.412891] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1461.413506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1461.414106] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:46:35 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8000000, 0x0, 0x0, 0x0) 05:46:35 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(0x0, 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:46:35 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) 05:46:35 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) 05:46:35 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1461.447459] FAULT_INJECTION: forcing a failure. [ 1461.447459] name failslab, interval 1, probability 0, space 0, times 0 [ 1461.448444] CPU: 0 PID: 7677 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1461.465049] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1461.465736] Call Trace: [ 1461.465965] dump_stack+0x107/0x167 [ 1461.466275] should_fail.cold+0x5/0xa [ 1461.466599] ? create_object.isra.0+0x3a/0xa20 [ 1461.466986] should_failslab+0x5/0x20 [ 1461.467309] kmem_cache_alloc+0x5b/0x310 [ 1461.467657] create_object.isra.0+0x3a/0xa20 [ 1461.468032] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1461.468464] __kmalloc+0x16e/0x390 [ 1461.468767] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1461.469223] io_timeout_prep+0x693/0x8b0 [ 1461.469573] io_submit_sqes+0x54d8/0x8610 [ 1461.469944] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1461.470365] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1461.470775] ? lock_downgrade+0x6d0/0x6d0 [ 1461.471129] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1461.471587] ? io_submit_sqes+0x8610/0x8610 [ 1461.471958] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1461.472369] ? wait_for_completion_io+0x270/0x270 [ 1461.472778] ? rcu_read_lock_any_held+0x75/0xa0 [ 1461.473190] ? vfs_write+0x354/0xb10 [ 1461.473507] ? fput_many+0x2f/0x1a0 [ 1461.473817] ? ksys_write+0x1a9/0x260 [ 1461.474142] ? __ia32_sys_read+0xb0/0xb0 [ 1461.474488] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1461.474936] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1461.475371] do_syscall_64+0x33/0x40 [ 1461.475688] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1461.476120] RIP: 0033:0x7fd7b8236b19 [ 1461.476445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1461.478012] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1461.478652] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1461.479250] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1461.479847] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1461.480444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1461.489099] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:46:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:46:35 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1461.521585] FAULT_INJECTION: forcing a failure. [ 1461.521585] name failslab, interval 1, probability 0, space 0, times 0 [ 1461.522684] CPU: 1 PID: 7680 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1461.523303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1461.524049] Call Trace: [ 1461.524304] dump_stack+0x107/0x167 [ 1461.524644] should_fail.cold+0x5/0xa [ 1461.525019] ? io_timeout_prep+0x693/0x8b0 [ 1461.525414] should_failslab+0x5/0x20 [ 1461.525771] __kmalloc+0x72/0x390 [ 1461.526095] ? __hrtimer_init+0x12c/0x270 [ 1461.526487] io_timeout_prep+0x693/0x8b0 [ 1461.526872] io_submit_sqes+0x54d8/0x8610 [ 1461.527285] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1461.527751] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1461.528200] ? lock_downgrade+0x6d0/0x6d0 [ 1461.528586] ? find_held_lock+0x2c/0x110 [ 1461.528980] ? io_submit_sqes+0x8610/0x8610 [ 1461.529396] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1461.529857] ? wait_for_completion_io+0x270/0x270 [ 1461.530312] ? rcu_read_lock_any_held+0x75/0xa0 [ 1461.530747] ? vfs_write+0x354/0xb10 [ 1461.531098] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 1461.531525] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 1461.532031] ? ksys_write+0x1a9/0x260 [ 1461.532389] ? __ia32_sys_read+0xb0/0xb0 [ 1461.532773] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1461.533279] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1461.533756] do_syscall_64+0x33/0x40 [ 1461.534111] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1461.534583] RIP: 0033:0x7f0159fffb19 [ 1461.534929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1461.536584] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1461.537301] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1461.537954] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1461.538601] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1461.539247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1461.539890] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:46:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:46:35 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) syz_io_uring_submit(r1, r2, 0x0, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1475.976178] FAULT_INJECTION: forcing a failure. 05:46:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:46:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) 05:46:50 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 05:46:50 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) [ 1475.976178] name failslab, interval 1, probability 0, space 0, times 0 [ 1475.977323] CPU: 1 PID: 7705 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1475.977969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1475.978657] Call Trace: [ 1475.978974] dump_stack+0x107/0x167 [ 1475.979285] should_fail.cold+0x5/0xa [ 1475.979609] ? create_object.isra.0+0x3a/0xa20 [ 1475.980131] should_failslab+0x5/0x20 [ 1475.980526] kmem_cache_alloc+0x5b/0x310 [ 1475.980959] create_object.isra.0+0x3a/0xa20 [ 1475.981365] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1475.981878] __kmalloc+0x16e/0x390 [ 1475.982192] io_timeout_prep+0x693/0x8b0 [ 1475.982539] io_submit_sqes+0x54d8/0x8610 [ 1475.982995] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1475.983413] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1475.983982] ? lock_downgrade+0x6d0/0x6d0 [ 1475.984330] ? find_held_lock+0x2c/0x110 [ 1475.984674] ? io_submit_sqes+0x8610/0x8610 [ 1475.985149] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1475.985557] ? wait_for_completion_io+0x270/0x270 [ 1475.986044] ? rcu_read_lock_any_held+0x75/0xa0 [ 1475.986434] ? vfs_write+0x354/0xb10 [ 1475.986822] ? fput_many+0x2f/0x1a0 [ 1475.987142] ? ksys_write+0x1a9/0x260 [ 1475.987464] ? __ia32_sys_read+0xb0/0xb0 [ 1475.987943] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1475.988379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1475.988898] do_syscall_64+0x33/0x40 [ 1475.989244] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1475.989687] RIP: 0033:0x7f0159fffb19 [ 1475.990091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1475.990929] FAULT_INJECTION: forcing a failure. [ 1475.990929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1475.991720] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1475.991735] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1475.991742] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1475.991869] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1475.991886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1475.996208] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1475.996917] CPU: 0 PID: 7707 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1475.997529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1475.998224] Call Trace: [ 1475.998457] dump_stack+0x107/0x167 [ 1475.998769] should_fail.cold+0x5/0xa [ 1475.999101] _copy_from_user+0x2e/0x1b0 [ 1475.999445] get_timespec64+0x75/0x190 [ 1475.999777] ? put_timespec64+0x130/0x130 [ 1476.000134] ? kasan_unpoison_shadow+0x33/0x50 [ 1476.000522] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1476.000957] io_timeout_prep+0x3c5/0x8b0 [ 1476.001325] io_submit_sqes+0x54d8/0x8610 [ 1476.001699] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.002126] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.002540] ? lock_downgrade+0x6d0/0x6d0 [ 1476.002891] ? find_held_lock+0x2c/0x110 [ 1476.003242] ? io_submit_sqes+0x8610/0x8610 [ 1476.003616] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1476.004029] ? wait_for_completion_io+0x270/0x270 [ 1476.004442] ? rcu_read_lock_any_held+0x75/0xa0 [ 1476.004836] ? vfs_write+0x354/0xb10 [ 1476.005181] ? fput_many+0x2f/0x1a0 [ 1476.005495] ? ksys_write+0x1a9/0x260 [ 1476.005822] ? __ia32_sys_read+0xb0/0xb0 [ 1476.006169] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1476.006614] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1476.007052] do_syscall_64+0x33/0x40 [ 1476.007371] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1476.007802] RIP: 0033:0x7fd7b8236b19 05:46:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:46:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) [ 1476.008125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1476.009678] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1476.010321] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1476.010922] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1476.011521] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1476.012126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1476.012727] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1476.061316] FAULT_INJECTION: forcing a failure. [ 1476.061316] name failslab, interval 1, probability 0, space 0, times 0 [ 1476.062406] CPU: 1 PID: 7715 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1476.063024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1476.063720] Call Trace: [ 1476.064017] dump_stack+0x107/0x167 [ 1476.064333] should_fail.cold+0x5/0xa [ 1476.064659] ? create_object.isra.0+0x3a/0xa20 [ 1476.065138] should_failslab+0x5/0x20 [ 1476.065513] kmem_cache_alloc+0x5b/0x310 [ 1476.065951] create_object.isra.0+0x3a/0xa20 [ 1476.066375] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1476.066913] __kmalloc+0x16e/0x390 [ 1476.067275] io_timeout_prep+0x693/0x8b0 [ 1476.067666] io_submit_sqes+0x54d8/0x8610 [ 1476.068157] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.068626] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.069137] ? lock_downgrade+0x6d0/0x6d0 [ 1476.069499] ? find_held_lock+0x2c/0x110 [ 1476.069892] ? io_submit_sqes+0x8610/0x8610 [ 1476.070279] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1476.070694] ? wait_for_completion_io+0x270/0x270 [ 1476.071161] ? rcu_read_lock_any_held+0x75/0xa0 [ 1476.071552] ? vfs_write+0x354/0xb10 [ 1476.071937] ? fput_many+0x2f/0x1a0 [ 1476.072250] ? ksys_write+0x1a9/0x260 [ 1476.072571] ? __ia32_sys_read+0xb0/0xb0 [ 1476.072964] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1476.073425] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1476.073905] do_syscall_64+0x33/0x40 [ 1476.074222] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1476.074652] RIP: 0033:0x7fe1dcd4cb19 [ 1476.075019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1476.076608] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1476.077302] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1476.077955] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1476.078561] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1476.079207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1476.079865] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:46:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, 0x0, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:46:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, 0x0, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:46:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:46:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) 05:46:50 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) 05:46:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, 0x0, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1476.409736] FAULT_INJECTION: forcing a failure. [ 1476.409736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1476.410809] CPU: 0 PID: 7735 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1476.411384] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1476.412077] Call Trace: [ 1476.412313] dump_stack+0x107/0x167 [ 1476.412625] should_fail.cold+0x5/0xa [ 1476.412956] _copy_from_user+0x2e/0x1b0 [ 1476.413318] get_timespec64+0x75/0x190 [ 1476.413651] ? put_timespec64+0x130/0x130 [ 1476.414013] ? kasan_unpoison_shadow+0x33/0x50 [ 1476.414404] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1476.414843] io_timeout_prep+0x3c5/0x8b0 [ 1476.415214] io_submit_sqes+0x54d8/0x8610 [ 1476.415598] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.416026] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.416441] ? lock_downgrade+0x6d0/0x6d0 [ 1476.416792] ? find_held_lock+0x2c/0x110 [ 1476.417157] ? io_submit_sqes+0x8610/0x8610 [ 1476.417538] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1476.417952] ? wait_for_completion_io+0x270/0x270 [ 1476.418366] ? rcu_read_lock_any_held+0x75/0xa0 [ 1476.418766] ? vfs_write+0x354/0xb10 [ 1476.419084] ? fput_many+0x2f/0x1a0 [ 1476.419399] ? ksys_write+0x1a9/0x260 [ 1476.419728] ? __ia32_sys_read+0xb0/0xb0 [ 1476.420078] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1476.420525] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1476.420966] do_syscall_64+0x33/0x40 [ 1476.421303] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1476.421737] RIP: 0033:0x7f0159fffb19 [ 1476.422057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1476.423615] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1476.424262] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1476.424859] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1476.425477] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1476.426077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1476.426681] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:46:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) [ 1476.449003] FAULT_INJECTION: forcing a failure. [ 1476.449003] name failslab, interval 1, probability 0, space 0, times 0 [ 1476.449999] CPU: 0 PID: 7736 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1476.450568] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1476.451257] Call Trace: [ 1476.451484] dump_stack+0x107/0x167 [ 1476.451794] should_fail.cold+0x5/0xa [ 1476.452118] ? io_timeout_prep+0x693/0x8b0 [ 1476.452479] should_failslab+0x5/0x20 [ 1476.452800] __kmalloc+0x72/0x390 [ 1476.453104] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1476.453551] io_timeout_prep+0x693/0x8b0 [ 1476.453902] io_submit_sqes+0x54d8/0x8610 [ 1476.454276] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.454699] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.455113] ? lock_downgrade+0x6d0/0x6d0 [ 1476.455463] ? find_held_lock+0x2c/0x110 [ 1476.455813] ? io_submit_sqes+0x8610/0x8610 [ 1476.456184] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1476.456597] ? wait_for_completion_io+0x270/0x270 [ 1476.457008] ? rcu_read_lock_any_held+0x75/0xa0 [ 1476.457416] ? vfs_write+0x354/0xb10 [ 1476.457736] ? fput_many+0x2f/0x1a0 [ 1476.458047] ? ksys_write+0x1a9/0x260 [ 1476.458373] ? __ia32_sys_read+0xb0/0xb0 [ 1476.458724] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1476.459169] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1476.459608] do_syscall_64+0x33/0x40 [ 1476.459926] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1476.460359] RIP: 0033:0x7fd7b8236b19 [ 1476.460676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1476.462236] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1476.462877] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1476.463480] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1476.464079] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1476.464678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1476.465295] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1476.509036] FAULT_INJECTION: forcing a failure. [ 1476.509036] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1476.510136] CPU: 1 PID: 7743 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1476.510717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1476.511448] Call Trace: [ 1476.511707] dump_stack+0x107/0x167 [ 1476.512048] should_fail.cold+0x5/0xa [ 1476.512424] _copy_from_user+0x2e/0x1b0 [ 1476.512803] get_timespec64+0x75/0x190 [ 1476.513163] ? put_timespec64+0x130/0x130 [ 1476.513523] ? kasan_unpoison_shadow+0x33/0x50 [ 1476.513913] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1476.514348] io_timeout_prep+0x3c5/0x8b0 [ 1476.514711] io_submit_sqes+0x54d8/0x8610 [ 1476.515085] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.515520] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1476.515936] ? lock_downgrade+0x6d0/0x6d0 [ 1476.516297] ? find_held_lock+0x2c/0x110 [ 1476.516648] ? io_submit_sqes+0x8610/0x8610 [ 1476.517024] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1476.517451] ? wait_for_completion_io+0x270/0x270 [ 1476.517868] ? rcu_read_lock_any_held+0x75/0xa0 [ 1476.518264] ? vfs_write+0x354/0xb10 [ 1476.518586] ? fput_many+0x2f/0x1a0 [ 1476.518903] ? ksys_write+0x1a9/0x260 [ 1476.519245] ? __ia32_sys_read+0xb0/0xb0 [ 1476.519602] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1476.520055] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1476.520492] do_syscall_64+0x33/0x40 [ 1476.520809] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1476.521260] RIP: 0033:0x7fe1dcd4cb19 [ 1476.521578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1476.523136] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1476.523783] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1476.524385] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1476.524990] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1476.525620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1476.526228] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:47:04 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 05:47:04 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:04 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:47:04 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:04 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:04 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0) 05:47:04 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 05:47:04 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) [ 1490.693665] FAULT_INJECTION: forcing a failure. [ 1490.693665] name failslab, interval 1, probability 0, space 0, times 0 [ 1490.694979] CPU: 1 PID: 7753 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1490.695674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1490.696587] Call Trace: [ 1490.696931] dump_stack+0x107/0x167 [ 1490.697333] should_fail.cold+0x5/0xa [ 1490.697790] ? create_object.isra.0+0x3a/0xa20 [ 1490.698297] should_failslab+0x5/0x20 [ 1490.698705] kmem_cache_alloc+0x5b/0x310 [ 1490.699169] create_object.isra.0+0x3a/0xa20 [ 1490.699615] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1490.700231] __kmalloc+0x16e/0x390 [ 1490.700602] io_timeout_prep+0x693/0x8b0 [ 1490.701068] io_submit_sqes+0x54d8/0x8610 [ 1490.701499] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1490.702055] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1490.702553] ? lock_downgrade+0x6d0/0x6d0 [ 1490.703024] ? find_held_lock+0x2c/0x110 [ 1490.703442] ? io_submit_sqes+0x8610/0x8610 [ 1490.703933] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1490.704422] ? wait_for_completion_io+0x270/0x270 [ 1490.704984] ? rcu_read_lock_any_held+0x75/0xa0 [ 1490.705469] ? vfs_write+0x354/0xb10 [ 1490.705903] ? fput_many+0x2f/0x1a0 [ 1490.706279] ? ksys_write+0x1a9/0x260 [ 1490.706667] ? __ia32_sys_read+0xb0/0xb0 [ 1490.707130] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1490.707658] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1490.708226] do_syscall_64+0x33/0x40 [ 1490.708602] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1490.709169] RIP: 0033:0x7fd7b8236b19 [ 1490.709553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1490.711523] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1490.712339] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1490.713118] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1490.713887] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1490.714608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1490.715373] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1490.719198] FAULT_INJECTION: forcing a failure. [ 1490.719198] name failslab, interval 1, probability 0, space 0, times 0 [ 1490.720425] CPU: 1 PID: 7763 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1490.721154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1490.722068] Call Trace: [ 1490.722380] dump_stack+0x107/0x167 [ 1490.722817] should_fail.cold+0x5/0xa [ 1490.723211] ? io_timeout_prep+0x693/0x8b0 [ 1490.723637] should_failslab+0x5/0x20 [ 1490.724069] __kmalloc+0x72/0x390 [ 1490.724420] ? __hrtimer_init+0x12c/0x270 [ 1490.724891] io_timeout_prep+0x693/0x8b0 [ 1490.725311] io_submit_sqes+0x54d8/0x8610 [ 1490.725806] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1490.726324] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1490.726865] ? lock_downgrade+0x6d0/0x6d0 [ 1490.727281] ? find_held_lock+0x2c/0x110 [ 1490.727696] ? io_submit_sqes+0x8610/0x8610 [ 1490.728211] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1490.728706] ? wait_for_completion_io+0x270/0x270 [ 1490.729253] ? rcu_read_lock_any_held+0x75/0xa0 [ 1490.729727] ? vfs_write+0x354/0xb10 [ 1490.730161] ? fput_many+0x2f/0x1a0 [ 1490.730533] ? ksys_write+0x1a9/0x260 [ 1490.730966] ? __ia32_sys_read+0xb0/0xb0 [ 1490.731383] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1490.731961] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1490.732480] do_syscall_64+0x33/0x40 [ 1490.732924] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1490.733442] RIP: 0033:0x7fe1dcd4cb19 [ 1490.733873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1490.735820] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1490.736585] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1490.737368] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1490.738147] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1490.738916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1490.739638] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1490.754556] FAULT_INJECTION: forcing a failure. [ 1490.754556] name failslab, interval 1, probability 0, space 0, times 0 [ 1490.756923] CPU: 0 PID: 7762 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1490.758504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1490.760113] Call Trace: [ 1490.760640] dump_stack+0x107/0x167 [ 1490.761438] should_fail.cold+0x5/0xa [ 1490.762183] ? io_timeout_prep+0x693/0x8b0 [ 1490.763028] should_failslab+0x5/0x20 [ 1490.763752] __kmalloc+0x72/0x390 [ 1490.764401] ? __hrtimer_init+0x12c/0x270 [ 1490.765196] io_timeout_prep+0x693/0x8b0 [ 1490.766174] io_submit_sqes+0x54d8/0x8610 [ 1490.766991] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1490.767948] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1490.768876] ? lock_downgrade+0x6d0/0x6d0 [ 1490.769799] ? find_held_lock+0x2c/0x110 [ 1490.770569] ? io_submit_sqes+0x8610/0x8610 [ 1490.771386] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1490.772287] ? wait_for_completion_io+0x270/0x270 [ 1490.773225] ? rcu_read_lock_any_held+0x75/0xa0 [ 1490.774244] ? vfs_write+0x354/0xb10 [ 1490.774896] ? fput_many+0x2f/0x1a0 [ 1490.775530] ? ksys_write+0x1a9/0x260 [ 1490.776199] ? __ia32_sys_read+0xb0/0xb0 [ 1490.776908] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1490.778034] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1490.778917] do_syscall_64+0x33/0x40 [ 1490.779546] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1490.780412] RIP: 0033:0x7f0159fffb19 [ 1490.781036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1490.785079] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1490.785807] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1490.786424] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1490.787032] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1490.787631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1490.788231] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:47:05 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:05 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:05 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:05 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:19 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8, 0x0, 0x0) 05:47:19 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:19 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:19 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) 05:47:19 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:19 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) 05:47:19 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:47:19 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) [ 1505.210322] FAULT_INJECTION: forcing a failure. [ 1505.210322] name failslab, interval 1, probability 0, space 0, times 0 [ 1505.211437] CPU: 1 PID: 7799 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1505.212051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.212794] Call Trace: [ 1505.213051] dump_stack+0x107/0x167 [ 1505.213414] should_fail.cold+0x5/0xa [ 1505.213772] ? create_object.isra.0+0x3a/0xa20 [ 1505.214201] should_failslab+0x5/0x20 [ 1505.214554] kmem_cache_alloc+0x5b/0x310 [ 1505.214937] create_object.isra.0+0x3a/0xa20 [ 1505.215348] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1505.215824] __kmalloc+0x16e/0x390 [ 1505.216166] io_timeout_prep+0x693/0x8b0 [ 1505.216556] io_submit_sqes+0x54d8/0x8610 [ 1505.216969] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.217453] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.217902] ? lock_downgrade+0x6d0/0x6d0 [ 1505.218287] ? find_held_lock+0x2c/0x110 [ 1505.218675] ? io_submit_sqes+0x8610/0x8610 [ 1505.219089] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1505.219544] ? wait_for_completion_io+0x270/0x270 [ 1505.219996] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.220427] ? vfs_write+0x354/0xb10 [ 1505.220779] ? fput_many+0x2f/0x1a0 [ 1505.221122] ? ksys_write+0x1a9/0x260 [ 1505.221499] ? __ia32_sys_read+0xb0/0xb0 [ 1505.221886] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.222372] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.222853] do_syscall_64+0x33/0x40 [ 1505.223207] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.223679] RIP: 0033:0x7fe1dcd4cb19 [ 1505.224029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.225717] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1505.226418] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1505.227066] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1505.227719] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.228372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.229021] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1505.231796] FAULT_INJECTION: forcing a failure. [ 1505.231796] name failslab, interval 1, probability 0, space 0, times 0 [ 1505.232826] CPU: 0 PID: 7796 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1505.233462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.234200] Call Trace: [ 1505.234448] dump_stack+0x107/0x167 [ 1505.234784] should_fail.cold+0x5/0xa [ 1505.235134] ? create_object.isra.0+0x3a/0xa20 [ 1505.235553] should_failslab+0x5/0x20 [ 1505.235906] kmem_cache_alloc+0x5b/0x310 [ 1505.236289] create_object.isra.0+0x3a/0xa20 [ 1505.236697] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1505.237175] __kmalloc+0x16e/0x390 [ 1505.237532] io_timeout_prep+0x693/0x8b0 [ 1505.237916] io_submit_sqes+0x54d8/0x8610 [ 1505.238326] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.238784] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.239234] ? lock_downgrade+0x6d0/0x6d0 [ 1505.239616] ? find_held_lock+0x2c/0x110 [ 1505.239997] ? io_submit_sqes+0x8610/0x8610 [ 1505.240419] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1505.240868] ? wait_for_completion_io+0x270/0x270 [ 1505.241323] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.241763] ? vfs_write+0x354/0xb10 [ 1505.242109] ? fput_many+0x2f/0x1a0 [ 1505.242452] ? ksys_write+0x1a9/0x260 [ 1505.242805] ? __ia32_sys_read+0xb0/0xb0 [ 1505.243185] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.243669] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.244148] do_syscall_64+0x33/0x40 [ 1505.244500] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.244967] RIP: 0033:0x7f0159fffb19 [ 1505.249329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.250997] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1505.251692] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1505.252346] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1505.252990] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.253653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.254305] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1505.255992] FAULT_INJECTION: forcing a failure. [ 1505.255992] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.257063] CPU: 1 PID: 7790 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1505.257691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.258437] Call Trace: [ 1505.258684] dump_stack+0x107/0x167 [ 1505.259025] should_fail.cold+0x5/0xa [ 1505.259386] _copy_from_user+0x2e/0x1b0 [ 1505.259759] get_timespec64+0x75/0x190 [ 1505.260123] ? put_timespec64+0x130/0x130 [ 1505.260509] ? kasan_unpoison_shadow+0x33/0x50 [ 1505.260935] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1505.261434] io_timeout_prep+0x3c5/0x8b0 [ 1505.261819] io_submit_sqes+0x54d8/0x8610 [ 1505.262236] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.262695] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.263147] ? lock_downgrade+0x6d0/0x6d0 [ 1505.263531] ? find_held_lock+0x2c/0x110 [ 1505.263915] ? io_submit_sqes+0x8610/0x8610 [ 1505.264325] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1505.264776] ? wait_for_completion_io+0x270/0x270 [ 1505.265227] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.265671] ? vfs_write+0x354/0xb10 [ 1505.266020] ? fput_many+0x2f/0x1a0 [ 1505.266362] ? ksys_write+0x1a9/0x260 [ 1505.266717] ? __ia32_sys_read+0xb0/0xb0 [ 1505.267100] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.267584] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.268061] do_syscall_64+0x33/0x40 [ 1505.268414] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.268884] RIP: 0033:0x7fd7b8236b19 [ 1505.269230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.270902] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1505.271603] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1505.272251] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1505.272902] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.273571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.274222] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:47:19 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:19 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:19 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:19 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:19 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 05:47:19 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) [ 1505.619944] FAULT_INJECTION: forcing a failure. [ 1505.619944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.621069] CPU: 0 PID: 7812 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1505.621694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.622442] Call Trace: [ 1505.622697] dump_stack+0x107/0x167 [ 1505.623041] should_fail.cold+0x5/0xa [ 1505.623404] _copy_from_user+0x2e/0x1b0 [ 1505.623776] get_timespec64+0x75/0x190 [ 1505.624137] ? put_timespec64+0x130/0x130 [ 1505.624527] ? kasan_unpoison_shadow+0x33/0x50 [ 1505.624956] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1505.625451] io_timeout_prep+0x3c5/0x8b0 [ 1505.625832] io_submit_sqes+0x54d8/0x8610 [ 1505.626250] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.626718] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.627170] ? lock_downgrade+0x6d0/0x6d0 [ 1505.627550] ? find_held_lock+0x2c/0x110 [ 1505.627922] ? io_submit_sqes+0x8610/0x8610 [ 1505.628327] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1505.628776] ? wait_for_completion_io+0x270/0x270 [ 1505.629222] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.629665] ? vfs_write+0x354/0xb10 [ 1505.630013] ? fput_many+0x2f/0x1a0 [ 1505.630355] ? ksys_write+0x1a9/0x260 [ 1505.630709] ? __ia32_sys_read+0xb0/0xb0 [ 1505.631089] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.631574] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.632055] do_syscall_64+0x33/0x40 [ 1505.632403] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.632870] RIP: 0033:0x7f0159fffb19 [ 1505.633223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.634894] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1505.635592] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1505.636237] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1505.636885] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.637554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.638202] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:47:20 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 05:47:20 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:20 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:20 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0) [ 1505.756881] FAULT_INJECTION: forcing a failure. [ 1505.756881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1505.757996] CPU: 1 PID: 7821 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1505.758614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1505.759358] Call Trace: [ 1505.759613] dump_stack+0x107/0x167 [ 1505.759954] should_fail.cold+0x5/0xa [ 1505.760313] _copy_from_user+0x2e/0x1b0 [ 1505.760678] get_timespec64+0x75/0x190 [ 1505.761040] ? put_timespec64+0x130/0x130 [ 1505.761450] ? kasan_unpoison_shadow+0x33/0x50 [ 1505.761874] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1505.762345] io_timeout_prep+0x3c5/0x8b0 [ 1505.762728] io_submit_sqes+0x54d8/0x8610 [ 1505.763145] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.763609] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1505.764062] ? lock_downgrade+0x6d0/0x6d0 [ 1505.764445] ? find_held_lock+0x2c/0x110 [ 1505.764827] ? io_submit_sqes+0x8610/0x8610 [ 1505.765247] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1505.765714] ? wait_for_completion_io+0x270/0x270 [ 1505.766169] ? rcu_read_lock_any_held+0x75/0xa0 [ 1505.766599] ? vfs_write+0x354/0xb10 [ 1505.766946] ? fput_many+0x2f/0x1a0 [ 1505.767293] ? ksys_write+0x1a9/0x260 [ 1505.767651] ? __ia32_sys_read+0xb0/0xb0 [ 1505.768033] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1505.768511] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1505.768986] do_syscall_64+0x33/0x40 [ 1505.769348] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1505.769822] RIP: 0033:0x7fe1dcd4cb19 [ 1505.770167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1505.771821] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1505.772510] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1505.773145] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1505.773806] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1505.774454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1505.775105] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:47:34 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 05:47:34 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:34 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:34 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:47:34 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:34 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 05:47:34 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0) 05:47:34 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) [ 1520.040678] FAULT_INJECTION: forcing a failure. [ 1520.040678] name failslab, interval 1, probability 0, space 0, times 0 [ 1520.041992] CPU: 1 PID: 7843 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1520.042605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.043439] Call Trace: [ 1520.043691] dump_stack+0x107/0x167 [ 1520.044118] should_fail.cold+0x5/0xa [ 1520.044475] ? io_timeout_prep+0x693/0x8b0 [ 1520.044987] should_failslab+0x5/0x20 [ 1520.045343] __kmalloc+0x72/0x390 [ 1520.045689] ? __hrtimer_init+0x12c/0x270 [ 1520.046193] io_timeout_prep+0x693/0x8b0 [ 1520.046578] io_submit_sqes+0x54d8/0x8610 [ 1520.047086] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.047545] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.048086] ? lock_downgrade+0x6d0/0x6d0 [ 1520.048471] ? find_held_lock+0x2c/0x110 [ 1520.048973] ? io_submit_sqes+0x8610/0x8610 [ 1520.049385] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1520.049986] ? wait_for_completion_io+0x270/0x270 [ 1520.050435] ? rcu_read_lock_any_held+0x75/0xa0 [ 1520.050960] ? vfs_write+0x354/0xb10 [ 1520.051310] ? fput_many+0x2f/0x1a0 [ 1520.051655] ? ksys_write+0x1a9/0x260 [ 1520.052101] ? __ia32_sys_read+0xb0/0xb0 [ 1520.052485] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.053087] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.053581] do_syscall_64+0x33/0x40 [ 1520.054045] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.054515] RIP: 0033:0x7f0159fffb19 [ 1520.054954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.056687] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1520.057510] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1520.058272] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1520.059011] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.059660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.060391] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1520.064993] FAULT_INJECTION: forcing a failure. [ 1520.064993] name failslab, interval 1, probability 0, space 0, times 0 [ 1520.067657] CPU: 1 PID: 7841 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1520.073179] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.074127] Call Trace: [ 1520.074366] dump_stack+0x107/0x167 [ 1520.074705] should_fail.cold+0x5/0xa [ 1520.075157] ? io_timeout_prep+0x693/0x8b0 [ 1520.075544] should_failslab+0x5/0x20 [ 1520.075943] __kmalloc+0x72/0x390 [ 1520.076275] ? __hrtimer_init+0x12c/0x270 [ 1520.076665] io_timeout_prep+0x693/0x8b0 [ 1520.077128] io_submit_sqes+0x54d8/0x8610 [ 1520.077554] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.078064] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.078521] ? lock_downgrade+0x6d0/0x6d0 [ 1520.078962] ? find_held_lock+0x2c/0x110 [ 1520.079346] ? io_submit_sqes+0x8610/0x8610 [ 1520.079761] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1520.080253] ? wait_for_completion_io+0x270/0x270 [ 1520.080697] ? rcu_read_lock_any_held+0x75/0xa0 [ 1520.081203] ? vfs_write+0x354/0xb10 [ 1520.081565] ? fput_many+0x2f/0x1a0 [ 1520.081956] ? ksys_write+0x1a9/0x260 [ 1520.082318] ? __ia32_sys_read+0xb0/0xb0 [ 1520.082707] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.083239] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.083721] do_syscall_64+0x33/0x40 [ 1520.084115] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.084590] RIP: 0033:0x7fd7b8236b19 [ 1520.085012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.086915] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1520.087596] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1520.088359] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1520.089119] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.089901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.090562] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1520.104887] FAULT_INJECTION: forcing a failure. [ 1520.104887] name failslab, interval 1, probability 0, space 0, times 0 [ 1520.106023] CPU: 0 PID: 7848 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1520.106631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.107382] Call Trace: [ 1520.107627] dump_stack+0x107/0x167 [ 1520.107984] should_fail.cold+0x5/0xa [ 1520.108337] ? io_timeout_prep+0x693/0x8b0 [ 1520.108723] should_failslab+0x5/0x20 [ 1520.109093] __kmalloc+0x72/0x390 [ 1520.109415] ? __hrtimer_init+0x12c/0x270 [ 1520.109829] io_timeout_prep+0x693/0x8b0 [ 1520.110221] io_submit_sqes+0x54d8/0x8610 [ 1520.110632] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.111107] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.111557] ? lock_downgrade+0x6d0/0x6d0 [ 1520.111958] ? find_held_lock+0x2c/0x110 [ 1520.112346] ? io_submit_sqes+0x8610/0x8610 [ 1520.112749] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1520.113215] ? wait_for_completion_io+0x270/0x270 [ 1520.113672] ? rcu_read_lock_any_held+0x75/0xa0 [ 1520.114118] ? vfs_write+0x354/0xb10 [ 1520.114464] ? fput_many+0x2f/0x1a0 [ 1520.114809] ? ksys_write+0x1a9/0x260 [ 1520.115168] ? __ia32_sys_read+0xb0/0xb0 [ 1520.115538] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.116035] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.116506] do_syscall_64+0x33/0x40 [ 1520.116871] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.117339] RIP: 0033:0x7fe1dcd4cb19 [ 1520.117697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.119461] RSP: 002b:00007fe1da2a1188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1520.120170] RAX: ffffffffffffffda RBX: 00007fe1dce60020 RCX: 00007fe1dcd4cb19 [ 1520.120825] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1520.121484] RBP: 00007fe1da2a11d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.122151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.122792] R13: 00007ffefbef4e9f R14: 00007fe1da2a1300 R15: 0000000000022000 05:47:34 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:34 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:34 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0) 05:47:34 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:34 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 05:47:34 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:47:34 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000000, 0x0, 0x0) 05:47:34 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 05:47:34 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) 05:47:34 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:34 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, r3+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:34 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) [ 1520.560891] FAULT_INJECTION: forcing a failure. [ 1520.560891] name failslab, interval 1, probability 0, space 0, times 0 [ 1520.561983] CPU: 1 PID: 7880 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1520.562600] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.563342] Call Trace: [ 1520.563594] dump_stack+0x107/0x167 [ 1520.563930] should_fail.cold+0x5/0xa [ 1520.564283] ? create_object.isra.0+0x3a/0xa20 [ 1520.564706] should_failslab+0x5/0x20 [ 1520.565062] kmem_cache_alloc+0x5b/0x310 [ 1520.565460] create_object.isra.0+0x3a/0xa20 [ 1520.565886] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1520.566352] __kmalloc+0x16e/0x390 [ 1520.566688] io_timeout_prep+0x693/0x8b0 [ 1520.567069] io_submit_sqes+0x54d8/0x8610 [ 1520.567472] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.567933] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.568389] ? lock_downgrade+0x6d0/0x6d0 [ 1520.568770] ? find_held_lock+0x2c/0x110 [ 1520.569155] ? io_submit_sqes+0x8610/0x8610 [ 1520.569587] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1520.570040] ? wait_for_completion_io+0x270/0x270 [ 1520.570487] ? rcu_read_lock_any_held+0x75/0xa0 [ 1520.570915] ? vfs_write+0x354/0xb10 [ 1520.571252] ? fput_many+0x2f/0x1a0 [ 1520.571592] ? ksys_write+0x1a9/0x260 [ 1520.571948] ? __ia32_sys_read+0xb0/0xb0 [ 1520.572339] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.572815] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.573297] do_syscall_64+0x33/0x40 [ 1520.573652] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.574119] RIP: 0033:0x7fe1dcd4cb19 [ 1520.574470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.576115] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1520.576807] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1520.577458] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1520.578110] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.578747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.579392] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1520.611610] FAULT_INJECTION: forcing a failure. [ 1520.611610] name failslab, interval 1, probability 0, space 0, times 0 [ 1520.612709] CPU: 1 PID: 7883 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1520.613325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.614073] Call Trace: [ 1520.614329] dump_stack+0x107/0x167 [ 1520.614663] should_fail.cold+0x5/0xa [ 1520.615011] ? create_object.isra.0+0x3a/0xa20 [ 1520.615432] should_failslab+0x5/0x20 [ 1520.615777] kmem_cache_alloc+0x5b/0x310 [ 1520.616161] create_object.isra.0+0x3a/0xa20 [ 1520.616568] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1520.617040] __kmalloc+0x16e/0x390 [ 1520.617384] io_timeout_prep+0x693/0x8b0 [ 1520.617785] io_submit_sqes+0x54d8/0x8610 [ 1520.618205] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.618659] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.619098] ? lock_downgrade+0x6d0/0x6d0 [ 1520.619471] ? find_held_lock+0x2c/0x110 [ 1520.619845] ? io_submit_sqes+0x8610/0x8610 [ 1520.620262] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1520.620741] ? wait_for_completion_io+0x270/0x270 [ 1520.621183] ? rcu_read_lock_any_held+0x75/0xa0 [ 1520.621647] ? vfs_write+0x354/0xb10 [ 1520.622002] ? fput_many+0x2f/0x1a0 [ 1520.622343] ? ksys_write+0x1a9/0x260 [ 1520.622700] ? __ia32_sys_read+0xb0/0xb0 [ 1520.623087] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.623570] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.624043] do_syscall_64+0x33/0x40 [ 1520.624390] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.624855] RIP: 0033:0x7f0159fffb19 [ 1520.625207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.626859] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1520.627548] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1520.628197] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1520.628844] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.629490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.630132] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:47:34 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 05:47:35 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) 05:47:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:35 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8000000, 0x0, 0x0) [ 1520.738829] FAULT_INJECTION: forcing a failure. [ 1520.738829] name failslab, interval 1, probability 0, space 0, times 0 [ 1520.739917] CPU: 1 PID: 7893 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1520.740529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1520.741267] Call Trace: [ 1520.741538] dump_stack+0x107/0x167 [ 1520.741873] should_fail.cold+0x5/0xa [ 1520.742223] ? create_object.isra.0+0x3a/0xa20 [ 1520.742641] should_failslab+0x5/0x20 [ 1520.742994] kmem_cache_alloc+0x5b/0x310 [ 1520.743380] create_object.isra.0+0x3a/0xa20 [ 1520.743783] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1520.744254] __kmalloc+0x16e/0x390 [ 1520.744592] io_timeout_prep+0x693/0x8b0 [ 1520.744973] io_submit_sqes+0x54d8/0x8610 [ 1520.745380] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.745856] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1520.746302] ? lock_downgrade+0x6d0/0x6d0 [ 1520.746678] ? find_held_lock+0x2c/0x110 [ 1520.747061] ? io_submit_sqes+0x8610/0x8610 [ 1520.747463] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1520.747915] ? wait_for_completion_io+0x270/0x270 [ 1520.748365] ? rcu_read_lock_any_held+0x75/0xa0 [ 1520.748797] ? vfs_write+0x354/0xb10 [ 1520.749144] ? fput_many+0x2f/0x1a0 [ 1520.749495] ? ksys_write+0x1a9/0x260 [ 1520.749853] ? __ia32_sys_read+0xb0/0xb0 [ 1520.750234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1520.750712] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1520.751183] do_syscall_64+0x33/0x40 [ 1520.751525] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1520.751982] RIP: 0033:0x7fd7b8236b19 [ 1520.752326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1520.753991] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1520.754686] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1520.755327] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1520.755959] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1520.756605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1520.757244] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:47:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:35 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 05:47:35 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1536.135406] FAULT_INJECTION: forcing a failure. [ 1536.135406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1536.136551] CPU: 1 PID: 7916 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1536.137223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1536.138000] Call Trace: [ 1536.138246] dump_stack+0x107/0x167 [ 1536.138573] should_fail.cold+0x5/0xa [ 1536.138969] _copy_from_user+0x2e/0x1b0 [ 1536.139331] get_timespec64+0x75/0x190 [ 1536.139680] ? put_timespec64+0x130/0x130 [ 1536.140103] ? kasan_unpoison_shadow+0x33/0x50 [ 1536.140512] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1536.141016] io_timeout_prep+0x3c5/0x8b0 [ 1536.141387] io_submit_sqes+0x54d8/0x8610 [ 1536.141870] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.142321] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.142754] ? lock_downgrade+0x6d0/0x6d0 [ 1536.143170] ? find_held_lock+0x2c/0x110 [ 1536.143539] ? io_submit_sqes+0x8610/0x8610 [ 1536.143985] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1536.144418] ? wait_for_completion_io+0x270/0x270 [ 1536.144897] ? rcu_read_lock_any_held+0x75/0xa0 [ 1536.149452] ? vfs_write+0x354/0xb10 [ 1536.149855] ? fput_many+0x2f/0x1a0 [ 1536.150185] ? ksys_write+0x1a9/0x260 [ 1536.150525] ? __ia32_sys_read+0xb0/0xb0 [ 1536.150965] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1536.151430] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1536.151939] do_syscall_64+0x33/0x40 [ 1536.152273] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1536.152724] RIP: 0033:0x7f0159fffb19 [ 1536.153104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1536.154763] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1536.155503] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1536.156173] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1536.156845] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1536.157468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1536.158151] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1536.165432] FAULT_INJECTION: forcing a failure. [ 1536.165432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1536.166521] CPU: 1 PID: 7920 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1536.167161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1536.167983] Call Trace: [ 1536.168222] dump_stack+0x107/0x167 [ 1536.168547] should_fail.cold+0x5/0xa [ 1536.168940] _copy_from_user+0x2e/0x1b0 [ 1536.169299] get_timespec64+0x75/0x190 [ 1536.169662] ? put_timespec64+0x130/0x130 [ 1536.170089] ? kasan_unpoison_shadow+0x33/0x50 [ 1536.170498] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1536.171000] io_timeout_prep+0x3c5/0x8b0 [ 1536.171373] io_submit_sqes+0x54d8/0x8610 [ 1536.171839] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.172294] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.172727] ? lock_downgrade+0x6d0/0x6d0 [ 1536.173141] ? find_held_lock+0x2c/0x110 [ 1536.173510] ? io_submit_sqes+0x8610/0x8610 [ 1536.173967] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1536.174401] ? wait_for_completion_io+0x270/0x270 [ 1536.174883] ? rcu_read_lock_any_held+0x75/0xa0 [ 1536.175296] ? vfs_write+0x354/0xb10 [ 1536.175629] ? fput_many+0x2f/0x1a0 [ 1536.176011] ? ksys_write+0x1a9/0x260 [ 1536.176354] ? __ia32_sys_read+0xb0/0xb0 [ 1536.176729] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1536.177395] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1536.177950] do_syscall_64+0x33/0x40 [ 1536.178283] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1536.178733] RIP: 0033:0x7fe1dcd4cb19 [ 1536.179112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1536.180762] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1536.181503] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1536.182189] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1536.182871] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1536.183501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1536.184179] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1536.191485] FAULT_INJECTION: forcing a failure. [ 1536.191485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1536.192872] CPU: 1 PID: 7912 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1536.193491] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1536.194312] Call Trace: [ 1536.194583] dump_stack+0x107/0x167 [ 1536.194991] should_fail.cold+0x5/0xa [ 1536.195389] _copy_from_user+0x2e/0x1b0 [ 1536.195847] get_timespec64+0x75/0x190 [ 1536.196224] ? put_timespec64+0x130/0x130 [ 1536.196601] ? kasan_unpoison_shadow+0x33/0x50 [ 1536.197057] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1536.197525] io_timeout_prep+0x3c5/0x8b0 [ 1536.197966] io_submit_sqes+0x54d8/0x8610 [ 1536.198380] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.198870] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.199307] ? lock_downgrade+0x6d0/0x6d0 [ 1536.199678] ? find_held_lock+0x2c/0x110 [ 1536.200128] ? io_submit_sqes+0x8610/0x8610 [ 1536.200527] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1536.201022] ? wait_for_completion_io+0x270/0x270 [ 1536.201469] ? rcu_read_lock_any_held+0x75/0xa0 [ 1536.202097] ? vfs_write+0x354/0xb10 [ 1536.202432] ? fput_many+0x2f/0x1a0 [ 1536.202759] ? ksys_write+0x1a9/0x260 [ 1536.203170] ? __ia32_sys_read+0xb0/0xb0 [ 1536.203537] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1536.204048] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1536.204513] do_syscall_64+0x33/0x40 [ 1536.204894] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1536.205345] RIP: 0033:0x7fd7b8236b19 [ 1536.205712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1536.207393] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1536.208134] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1536.208754] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1536.209421] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1536.210115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1536.210737] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:47:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:47:50 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0) 05:47:50 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 05:47:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, r3+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 05:47:50 executing program 5: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(0x0, r1, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r2, r3+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r1, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:47:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 05:47:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 05:47:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1536.490257] FAULT_INJECTION: forcing a failure. [ 1536.490257] name failslab, interval 1, probability 0, space 0, times 0 [ 1536.491701] CPU: 1 PID: 7930 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1536.492353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1536.493115] Call Trace: [ 1536.493361] dump_stack+0x107/0x167 [ 1536.493700] should_fail.cold+0x5/0xa [ 1536.494131] should_failslab+0x5/0x20 [ 1536.494474] kmem_cache_alloc_bulk+0x4b/0x320 [ 1536.494926] io_submit_sqes+0x6fe6/0x8610 [ 1536.495298] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1536.495748] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.496250] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.496688] ? lock_downgrade+0x6d0/0x6d0 [ 1536.497101] ? find_held_lock+0x2c/0x110 [ 1536.497472] ? io_submit_sqes+0x8610/0x8610 [ 1536.497961] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1536.498397] ? wait_for_completion_io+0x270/0x270 [ 1536.498879] ? rcu_read_lock_any_held+0x75/0xa0 [ 1536.499301] ? vfs_write+0x354/0xb10 [ 1536.499634] ? fput_many+0x2f/0x1a0 [ 1536.500018] ? ksys_write+0x1a9/0x260 [ 1536.500361] ? __ia32_sys_read+0xb0/0xb0 [ 1536.500727] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1536.501244] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1536.501720] do_syscall_64+0x33/0x40 [ 1536.502142] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1536.502597] RIP: 0033:0x7f30a2e99b19 [ 1536.502979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1536.504634] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1536.505351] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1536.506070] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1536.506699] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1536.507374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1536.508054] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:47:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:47:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 05:47:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:47:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) [ 1536.622177] FAULT_INJECTION: forcing a failure. [ 1536.622177] name failslab, interval 1, probability 0, space 0, times 0 [ 1536.625256] CPU: 1 PID: 7937 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1536.625900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1536.626626] Call Trace: [ 1536.626873] dump_stack+0x107/0x167 [ 1536.627205] should_fail.cold+0x5/0xa [ 1536.627550] ? io_timeout_prep+0x693/0x8b0 [ 1536.627934] should_failslab+0x5/0x20 [ 1536.628278] __kmalloc+0x72/0x390 [ 1536.628592] ? __hrtimer_init+0x12c/0x270 [ 1536.628970] io_timeout_prep+0x693/0x8b0 [ 1536.629351] io_submit_sqes+0x54d8/0x8610 [ 1536.629770] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.630220] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.630660] ? lock_downgrade+0x6d0/0x6d0 [ 1536.631028] ? find_held_lock+0x2c/0x110 [ 1536.631396] ? io_submit_sqes+0x8610/0x8610 [ 1536.631793] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1536.632230] ? wait_for_completion_io+0x270/0x270 [ 1536.632668] ? rcu_read_lock_any_held+0x75/0xa0 [ 1536.633083] ? vfs_write+0x354/0xb10 [ 1536.633423] ? fput_many+0x2f/0x1a0 [ 1536.633770] ? ksys_write+0x1a9/0x260 [ 1536.634115] ? __ia32_sys_read+0xb0/0xb0 [ 1536.634484] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1536.634952] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1536.635417] do_syscall_64+0x33/0x40 [ 1536.635753] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1536.636210] RIP: 0033:0x7f0159fffb19 [ 1536.636545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1536.638294] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1536.639019] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1536.639643] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1536.640318] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1536.641022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1536.641657] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:47:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1536.698831] FAULT_INJECTION: forcing a failure. [ 1536.698831] name failslab, interval 1, probability 0, space 0, times 0 [ 1536.699949] CPU: 1 PID: 7942 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1536.700545] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1536.701343] Call Trace: 05:47:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, r3+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1536.701588] dump_stack+0x107/0x167 [ 1536.701985] should_fail.cold+0x5/0xa [ 1536.702329] ? io_timeout_prep+0x693/0x8b0 [ 1536.702714] should_failslab+0x5/0x20 [ 1536.703116] __kmalloc+0x72/0x390 [ 1536.703429] ? __hrtimer_init+0x12c/0x270 [ 1536.703853] io_timeout_prep+0x693/0x8b0 [ 1536.704224] io_submit_sqes+0x54d8/0x8610 [ 1536.704620] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.705147] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1536.705579] ? lock_downgrade+0x6d0/0x6d0 [ 1536.706013] ? find_held_lock+0x2c/0x110 [ 1536.706383] ? io_submit_sqes+0x8610/0x8610 [ 1536.706828] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1536.707273] ? wait_for_completion_io+0x270/0x270 [ 1536.707703] ? rcu_read_lock_any_held+0x75/0xa0 [ 1536.708168] ? vfs_write+0x354/0xb10 [ 1536.708504] ? fput_many+0x2f/0x1a0 [ 1536.708917] ? ksys_write+0x1a9/0x260 [ 1536.709259] ? __ia32_sys_read+0xb0/0xb0 [ 1536.709639] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1536.710154] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1536.710615] do_syscall_64+0x33/0x40 [ 1536.711006] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1536.711467] RIP: 0033:0x7fe1dcd4cb19 [ 1536.711848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1536.713527] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1536.714260] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1536.714940] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1536.715567] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1536.716243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1536.716951] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:47:51 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x100000000000000, 0x0, 0x0) 05:48:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 05:48:06 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 05:48:06 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) 05:48:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:06 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000000000000, 0x0, 0x0) 05:48:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, 0x0}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1552.258284] FAULT_INJECTION: forcing a failure. [ 1552.258284] name failslab, interval 1, probability 0, space 0, times 0 [ 1552.259308] CPU: 1 PID: 7969 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1552.259915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1552.260599] Call Trace: [ 1552.260871] dump_stack+0x107/0x167 [ 1552.261180] should_fail.cold+0x5/0xa [ 1552.261502] ? create_object.isra.0+0x3a/0xa20 [ 1552.261980] should_failslab+0x5/0x20 [ 1552.262305] kmem_cache_alloc+0x5b/0x310 [ 1552.262650] create_object.isra.0+0x3a/0xa20 [ 1552.263071] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1552.263500] __kmalloc+0x16e/0x390 [ 1552.263855] io_timeout_prep+0x693/0x8b0 [ 1552.264203] io_submit_sqes+0x54d8/0x8610 [ 1552.264572] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.265037] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.265447] ? lock_downgrade+0x6d0/0x6d0 [ 1552.265885] ? find_held_lock+0x2c/0x110 [ 1552.266232] ? io_submit_sqes+0x8610/0x8610 [ 1552.266601] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1552.267055] ? wait_for_completion_io+0x270/0x270 [ 1552.267464] ? rcu_read_lock_any_held+0x75/0xa0 [ 1552.267898] ? vfs_write+0x354/0xb10 [ 1552.268215] ? fput_many+0x2f/0x1a0 [ 1552.268523] ? ksys_write+0x1a9/0x260 [ 1552.268889] ? __ia32_sys_read+0xb0/0xb0 [ 1552.269235] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1552.269674] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1552.270176] do_syscall_64+0x33/0x40 [ 1552.270492] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1552.270992] RIP: 0033:0x7f0159fffb19 [ 1552.271305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1552.272903] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1552.273538] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1552.274189] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1552.274852] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1552.275447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1552.276086] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:48:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 05:48:06 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) [ 1552.303849] FAULT_INJECTION: forcing a failure. [ 1552.303849] name failslab, interval 1, probability 0, space 0, times 0 [ 1552.304865] CPU: 0 PID: 7957 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1552.305452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1552.306176] Call Trace: [ 1552.306409] dump_stack+0x107/0x167 [ 1552.306724] should_fail.cold+0x5/0xa [ 1552.307053] ? io_timeout_prep+0x693/0x8b0 [ 1552.307416] should_failslab+0x5/0x20 [ 1552.307742] __kmalloc+0x72/0x390 [ 1552.308040] ? __hrtimer_init+0x12c/0x270 [ 1552.308396] io_timeout_prep+0x693/0x8b0 [ 1552.308747] io_submit_sqes+0x54d8/0x8610 [ 1552.309123] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.309546] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.310027] ? lock_downgrade+0x6d0/0x6d0 [ 1552.310384] ? find_held_lock+0x2c/0x110 [ 1552.310728] ? io_submit_sqes+0x8610/0x8610 [ 1552.311098] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1552.311504] ? wait_for_completion_io+0x270/0x270 [ 1552.311909] ? rcu_read_lock_any_held+0x75/0xa0 [ 1552.312306] ? vfs_write+0x354/0xb10 [ 1552.312628] ? fput_many+0x2f/0x1a0 [ 1552.312947] ? ksys_write+0x1a9/0x260 [ 1552.313291] ? __ia32_sys_read+0xb0/0xb0 [ 1552.313649] FAULT_INJECTION: forcing a failure. [ 1552.313649] name failslab, interval 1, probability 0, space 0, times 0 [ 1552.313661] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1552.313678] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1552.315548] do_syscall_64+0x33/0x40 [ 1552.315863] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1552.316301] RIP: 0033:0x7fd7b8236b19 [ 1552.316616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1552.318177] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1552.318821] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1552.319427] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1552.320022] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1552.320632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1552.321248] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1552.326889] CPU: 1 PID: 7971 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1552.327486] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1552.328241] Call Trace: [ 1552.328479] dump_stack+0x107/0x167 [ 1552.328862] should_fail.cold+0x5/0xa [ 1552.329200] ? create_object.isra.0+0x3a/0xa20 [ 1552.329593] should_failslab+0x5/0x20 [ 1552.329992] kmem_cache_alloc+0x5b/0x310 [ 1552.330351] create_object.isra.0+0x3a/0xa20 [ 1552.330766] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1552.331214] kmem_cache_alloc_bulk+0x168/0x320 [ 1552.331622] io_submit_sqes+0x6fe6/0x8610 [ 1552.332026] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1552.332466] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.332939] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.333362] ? lock_downgrade+0x6d0/0x6d0 [ 1552.333795] ? find_held_lock+0x2c/0x110 [ 1552.334160] ? io_submit_sqes+0x8610/0x8610 [ 1552.334538] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1552.335002] ? wait_for_completion_io+0x270/0x270 [ 1552.335425] ? rcu_read_lock_any_held+0x75/0xa0 [ 1552.335879] ? vfs_write+0x354/0xb10 [ 1552.336201] ? fput_many+0x2f/0x1a0 [ 1552.336516] ? ksys_write+0x1a9/0x260 [ 1552.336895] ? __ia32_sys_read+0xb0/0xb0 [ 1552.337250] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1552.337694] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1552.338231] do_syscall_64+0x33/0x40 [ 1552.338551] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1552.339037] RIP: 0033:0x7f30a2e99b19 [ 1552.339364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1552.340992] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1552.341644] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1552.342330] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1552.343010] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1552.343630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1552.344284] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1552.351149] FAULT_INJECTION: forcing a failure. [ 1552.351149] name failslab, interval 1, probability 0, space 0, times 0 [ 1552.352172] CPU: 1 PID: 7968 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1552.352811] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1552.353529] Call Trace: [ 1552.353851] dump_stack+0x107/0x167 [ 1552.354193] should_fail.cold+0x5/0xa [ 1552.354541] ? create_object.isra.0+0x3a/0xa20 [ 1552.354994] should_failslab+0x5/0x20 [ 1552.355326] kmem_cache_alloc+0x5b/0x310 [ 1552.355673] create_object.isra.0+0x3a/0xa20 [ 1552.356095] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1552.356525] __kmalloc+0x16e/0x390 [ 1552.356876] io_timeout_prep+0x693/0x8b0 [ 1552.357225] io_submit_sqes+0x54d8/0x8610 [ 1552.357592] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.358088] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.358499] ? lock_downgrade+0x6d0/0x6d0 [ 1552.358897] ? find_held_lock+0x2c/0x110 [ 1552.359245] ? io_submit_sqes+0x8610/0x8610 [ 1552.359613] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1552.360073] ? wait_for_completion_io+0x270/0x270 [ 1552.360482] ? rcu_read_lock_any_held+0x75/0xa0 [ 1552.360917] ? vfs_write+0x354/0xb10 [ 1552.361234] ? fput_many+0x2f/0x1a0 [ 1552.361547] ? ksys_write+0x1a9/0x260 [ 1552.361964] ? __ia32_sys_read+0xb0/0xb0 [ 1552.362321] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1552.362810] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1552.363247] do_syscall_64+0x33/0x40 [ 1552.363560] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1552.364046] RIP: 0033:0x7fe1dcd4cb19 [ 1552.364371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1552.366041] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1552.366676] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1552.367318] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1552.367961] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1552.368569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1552.369212] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:48:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, 0x0}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:48:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) [ 1552.729698] FAULT_INJECTION: forcing a failure. [ 1552.729698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1552.730841] CPU: 1 PID: 7984 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1552.731422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1552.732117] Call Trace: [ 1552.732349] dump_stack+0x107/0x167 [ 1552.732665] should_fail.cold+0x5/0xa [ 1552.732997] _copy_from_user+0x2e/0x1b0 [ 1552.733346] get_timespec64+0x75/0x190 [ 1552.733679] ? put_timespec64+0x130/0x130 [ 1552.734055] ? kasan_unpoison_shadow+0x33/0x50 [ 1552.734444] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1552.734877] io_timeout_prep+0x3c5/0x8b0 [ 1552.735228] io_submit_sqes+0x54d8/0x8610 [ 1552.735601] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.736022] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1552.736438] ? lock_downgrade+0x6d0/0x6d0 [ 1552.736788] ? find_held_lock+0x2c/0x110 [ 1552.737137] ? io_submit_sqes+0x8610/0x8610 [ 1552.737510] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1552.737955] ? wait_for_completion_io+0x270/0x270 [ 1552.738370] ? rcu_read_lock_any_held+0x75/0xa0 [ 1552.738766] ? vfs_write+0x354/0xb10 [ 1552.739085] ? fput_many+0x2f/0x1a0 [ 1552.739398] ? ksys_write+0x1a9/0x260 [ 1552.739724] ? __ia32_sys_read+0xb0/0xb0 [ 1552.740075] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1552.740521] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1552.740961] do_syscall_64+0x33/0x40 [ 1552.741280] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1552.741714] RIP: 0033:0x7f0159fffb19 [ 1552.742298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1552.745634] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1552.746768] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1552.748091] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1552.749412] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1552.750203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1552.750807] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:48:20 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) 05:48:20 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) 05:48:20 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, 0x0}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:48:20 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) 05:48:20 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:20 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 05:48:20 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) 05:48:20 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x800000000000000, 0x0, 0x0) [ 1566.468331] FAULT_INJECTION: forcing a failure. [ 1566.468331] name failslab, interval 1, probability 0, space 0, times 0 [ 1566.471005] CPU: 0 PID: 7997 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1566.472528] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1566.474479] Call Trace: [ 1566.475125] dump_stack+0x107/0x167 [ 1566.475955] should_fail.cold+0x5/0xa [ 1566.476801] ? create_object.isra.0+0x3a/0xa20 [ 1566.477842] should_failslab+0x5/0x20 [ 1566.478676] kmem_cache_alloc+0x5b/0x310 [ 1566.479623] ? mark_held_locks+0x9e/0xe0 [ 1566.480547] create_object.isra.0+0x3a/0xa20 [ 1566.481539] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1566.482701] kmem_cache_alloc_bulk+0x168/0x320 [ 1566.483858] io_submit_sqes+0x6fe6/0x8610 [ 1566.484270] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1566.485369] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.485912] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.487003] ? lock_downgrade+0x6d0/0x6d0 [ 1566.487982] ? find_held_lock+0x2c/0x110 [ 1566.488897] ? io_submit_sqes+0x8610/0x8610 [ 1566.489336] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1566.490473] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1566.491641] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1566.492238] ? trace_hardirqs_on+0x5b/0x180 [ 1566.493217] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1566.494446] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1566.494996] do_syscall_64+0x33/0x40 [ 1566.495878] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1566.497029] RIP: 0033:0x7f30a2e99b19 [ 1566.497880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1566.502107] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1566.503874] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1566.505487] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1566.507156] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1566.508885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1566.510572] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1566.510746] FAULT_INJECTION: forcing a failure. [ 1566.510746] name failslab, interval 1, probability 0, space 0, times 0 [ 1566.513612] CPU: 1 PID: 8003 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1566.514320] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1566.515158] Call Trace: [ 1566.515455] dump_stack+0x107/0x167 [ 1566.515989] should_fail.cold+0x5/0xa [ 1566.516821] ? create_object.isra.0+0x3a/0xa20 [ 1566.517817] should_failslab+0x5/0x20 [ 1566.522008] kmem_cache_alloc+0x5b/0x310 [ 1566.522908] create_object.isra.0+0x3a/0xa20 [ 1566.523883] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1566.524989] __kmalloc+0x16e/0x390 [ 1566.525780] io_timeout_prep+0x693/0x8b0 [ 1566.530700] io_submit_sqes+0x54d8/0x8610 [ 1566.531620] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.532721] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.533774] ? lock_downgrade+0x6d0/0x6d0 [ 1566.534680] ? find_held_lock+0x2c/0x110 [ 1566.535562] ? io_submit_sqes+0x8610/0x8610 [ 1566.536503] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1566.537568] ? wait_for_completion_io+0x270/0x270 [ 1566.538393] ? rcu_read_lock_any_held+0x75/0xa0 [ 1566.539409] ? vfs_write+0x354/0xb10 [ 1566.540225] ? fput_many+0x2f/0x1a0 [ 1566.541023] ? ksys_write+0x1a9/0x260 [ 1566.541903] ? __ia32_sys_read+0xb0/0xb0 [ 1566.542790] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1566.543926] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1566.545042] do_syscall_64+0x33/0x40 [ 1566.545854] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1566.546993] RIP: 0033:0x7fd7b8236b19 [ 1566.547812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1566.551874] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1566.553553] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1566.555120] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1566.556668] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1566.558242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1566.559840] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1566.577102] FAULT_INJECTION: forcing a failure. [ 1566.577102] name failslab, interval 1, probability 0, space 0, times 0 [ 1566.578322] CPU: 0 PID: 7992 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1566.579095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1566.579949] Call Trace: [ 1566.580221] dump_stack+0x107/0x167 [ 1566.580594] should_fail.cold+0x5/0xa [ 1566.581034] ? io_timeout_prep+0x693/0x8b0 [ 1566.581458] should_failslab+0x5/0x20 [ 1566.581889] __kmalloc+0x72/0x390 [ 1566.582224] ? __hrtimer_init+0x12c/0x270 [ 1566.582637] io_timeout_prep+0x693/0x8b0 [ 1566.583121] io_submit_sqes+0x54d8/0x8610 [ 1566.583554] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.584082] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.584552] ? lock_downgrade+0x6d0/0x6d0 [ 1566.585000] ? find_held_lock+0x2c/0x110 [ 1566.585388] ? io_submit_sqes+0x8610/0x8610 [ 1566.585878] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1566.586365] ? wait_for_completion_io+0x270/0x270 [ 1566.586927] ? rcu_read_lock_any_held+0x75/0xa0 [ 1566.587398] ? vfs_write+0x354/0xb10 [ 1566.587799] ? fput_many+0x2f/0x1a0 [ 1566.588156] ? ksys_write+0x1a9/0x260 [ 1566.588519] ? __ia32_sys_read+0xb0/0xb0 [ 1566.588967] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1566.589470] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1566.590030] do_syscall_64+0x33/0x40 [ 1566.590404] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1566.590975] RIP: 0033:0x7f0159fffb19 [ 1566.591331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1566.592986] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1566.593641] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1566.594306] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1566.594946] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1566.595556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1566.596232] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1566.598215] FAULT_INJECTION: forcing a failure. [ 1566.598215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1566.599200] CPU: 1 PID: 8000 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1566.599784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1566.600487] Call Trace: [ 1566.600718] dump_stack+0x107/0x167 [ 1566.601054] should_fail.cold+0x5/0xa [ 1566.601394] _copy_from_user+0x2e/0x1b0 [ 1566.601753] get_timespec64+0x75/0x190 [ 1566.602220] ? put_timespec64+0x130/0x130 [ 1566.603138] ? kasan_unpoison_shadow+0x33/0x50 [ 1566.604135] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1566.605242] io_timeout_prep+0x3c5/0x8b0 [ 1566.606140] io_submit_sqes+0x54d8/0x8610 [ 1566.607078] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.608161] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1566.609212] ? lock_downgrade+0x6d0/0x6d0 [ 1566.610117] ? find_held_lock+0x2c/0x110 [ 1566.611014] ? io_submit_sqes+0x8610/0x8610 [ 1566.611975] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1566.613028] ? wait_for_completion_io+0x270/0x270 [ 1566.614096] ? rcu_read_lock_any_held+0x75/0xa0 [ 1566.615107] ? vfs_write+0x354/0xb10 [ 1566.615933] ? fput_many+0x2f/0x1a0 [ 1566.616743] ? ksys_write+0x1a9/0x260 [ 1566.617567] ? __ia32_sys_read+0xb0/0xb0 [ 1566.618462] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1566.619625] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1566.620746] do_syscall_64+0x33/0x40 [ 1566.621551] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1566.622679] RIP: 0033:0x7fe1dcd4cb19 [ 1566.623490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1566.627500] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1566.629176] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1566.630742] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1566.632323] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1566.633457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1566.635024] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1581.215389] FAULT_INJECTION: forcing a failure. [ 1581.215389] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.217661] CPU: 1 PID: 8022 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1581.218442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.219129] Call Trace: [ 1581.219361] dump_stack+0x107/0x167 [ 1581.219671] should_fail.cold+0x5/0xa [ 1581.219996] ? create_object.isra.0+0x3a/0xa20 [ 1581.220383] should_failslab+0x5/0x20 [ 1581.220709] kmem_cache_alloc+0x5b/0x310 [ 1581.221058] create_object.isra.0+0x3a/0xa20 [ 1581.221431] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1581.221862] __kmalloc+0x16e/0x390 [ 1581.222193] io_timeout_prep+0x693/0x8b0 [ 1581.222544] io_submit_sqes+0x54d8/0x8610 [ 1581.222916] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.223339] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.223753] ? lock_downgrade+0x6d0/0x6d0 [ 1581.224104] ? find_held_lock+0x2c/0x110 [ 1581.224452] ? io_submit_sqes+0x8610/0x8610 [ 1581.224826] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.225238] ? wait_for_completion_io+0x270/0x270 [ 1581.225650] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.226051] ? vfs_write+0x354/0xb10 [ 1581.226378] ? fput_many+0x2f/0x1a0 [ 1581.226689] ? ksys_write+0x1a9/0x260 [ 1581.227012] ? __ia32_sys_read+0xb0/0xb0 [ 1581.227360] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.227802] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.228239] do_syscall_64+0x33/0x40 [ 1581.228557] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.228989] RIP: 0033:0x7f0159fffb19 [ 1581.229304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.230862] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.231505] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1581.232103] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1581.232703] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.233300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1581.233899] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1581.237846] FAULT_INJECTION: forcing a failure. [ 1581.237846] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1581.238857] CPU: 1 PID: 8018 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1581.239433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.240123] Call Trace: [ 1581.240349] dump_stack+0x107/0x167 [ 1581.240660] should_fail.cold+0x5/0xa [ 1581.240989] _copy_from_user+0x2e/0x1b0 [ 1581.241332] get_timespec64+0x75/0x190 [ 1581.241663] ? put_timespec64+0x130/0x130 [ 1581.242029] ? kasan_unpoison_shadow+0x33/0x50 [ 1581.242430] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1581.242868] io_timeout_prep+0x3c5/0x8b0 [ 1581.243221] io_submit_sqes+0x54d8/0x8610 [ 1581.243595] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.244017] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.244428] ? lock_downgrade+0x6d0/0x6d0 [ 1581.244781] ? find_held_lock+0x2c/0x110 [ 1581.245131] ? io_submit_sqes+0x8610/0x8610 [ 1581.245505] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.245919] ? wait_for_completion_io+0x270/0x270 [ 1581.246340] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.246736] ? vfs_write+0x354/0xb10 [ 1581.247054] ? fput_many+0x2f/0x1a0 [ 1581.247367] ? ksys_write+0x1a9/0x260 [ 1581.247692] ? __ia32_sys_read+0xb0/0xb0 [ 1581.248043] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.248487] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.248927] do_syscall_64+0x33/0x40 [ 1581.249244] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.249679] RIP: 0033:0x7fd7b8236b19 [ 1581.249996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.251563] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.252208] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1581.252809] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1581.253408] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.254020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1581.254626] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1581.255738] FAULT_INJECTION: forcing a failure. [ 1581.255738] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.256685] CPU: 1 PID: 8026 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1581.257254] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.257942] Call Trace: [ 1581.258189] dump_stack+0x107/0x167 [ 1581.258499] should_fail.cold+0x5/0xa [ 1581.258822] ? io_timeout_prep+0x693/0x8b0 [ 1581.259181] should_failslab+0x5/0x20 [ 1581.259508] __kmalloc+0x72/0x390 [ 1581.259805] ? __hrtimer_init+0x12c/0x270 [ 1581.260161] io_timeout_prep+0x693/0x8b0 [ 1581.260511] io_submit_sqes+0x54d8/0x8610 [ 1581.260884] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.261307] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.261719] ? lock_downgrade+0x6d0/0x6d0 [ 1581.262083] ? find_held_lock+0x2c/0x110 [ 1581.262435] ? io_submit_sqes+0x8610/0x8610 [ 1581.262808] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.263220] ? wait_for_completion_io+0x270/0x270 [ 1581.263630] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.264030] ? vfs_write+0x354/0xb10 [ 1581.264351] ? fput_many+0x2f/0x1a0 [ 1581.264662] ? ksys_write+0x1a9/0x260 [ 1581.264987] ? __ia32_sys_read+0xb0/0xb0 [ 1581.265338] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.265781] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.266245] do_syscall_64+0x33/0x40 [ 1581.266563] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.266996] RIP: 0033:0x7fe1dcd4cb19 [ 1581.267328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.269101] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.269978] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1581.270711] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1581.271330] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.271945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1581.272553] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1581.291872] FAULT_INJECTION: forcing a failure. [ 1581.291872] name failslab, interval 1, probability 0, space 0, times 0 05:48:35 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) 05:48:35 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:35 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 05:48:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) 05:48:35 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:48:35 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) 05:48:35 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) 05:48:35 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) [ 1581.293524] CPU: 0 PID: 8028 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1581.294338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.295249] Call Trace: [ 1581.295484] dump_stack+0x107/0x167 [ 1581.295880] should_fail.cold+0x5/0xa [ 1581.296342] ? create_object.isra.0+0x3a/0xa20 [ 1581.296848] should_failslab+0x5/0x20 [ 1581.297372] kmem_cache_alloc+0x5b/0x310 [ 1581.297804] ? mark_held_locks+0x9e/0xe0 [ 1581.298318] create_object.isra.0+0x3a/0xa20 [ 1581.298691] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1581.299213] kmem_cache_alloc_bulk+0x168/0x320 [ 1581.299821] io_submit_sqes+0x6fe6/0x8610 [ 1581.300175] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1581.302573] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.303082] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.307346] ? lock_downgrade+0x6d0/0x6d0 [ 1581.307708] ? find_held_lock+0x2c/0x110 [ 1581.308341] ? io_submit_sqes+0x8610/0x8610 [ 1581.308808] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.309370] ? wait_for_completion_io+0x270/0x270 [ 1581.309891] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.310447] ? vfs_write+0x354/0xb10 [ 1581.310878] ? fput_many+0x2f/0x1a0 [ 1581.311205] ? ksys_write+0x1a9/0x260 [ 1581.311669] ? __ia32_sys_read+0xb0/0xb0 [ 1581.312108] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.312689] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.313216] do_syscall_64+0x33/0x40 [ 1581.313537] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.314231] RIP: 0033:0x7f30a2e99b19 [ 1581.314546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.316545] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.317415] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1581.318282] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1581.318995] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.319831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1581.320575] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:48:35 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:35 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:48:35 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:35 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) 05:48:35 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) [ 1581.660989] FAULT_INJECTION: forcing a failure. [ 1581.660989] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.662141] CPU: 1 PID: 8037 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1581.662722] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.663414] Call Trace: [ 1581.663645] dump_stack+0x107/0x167 [ 1581.663958] should_fail.cold+0x5/0xa [ 1581.664287] ? io_uring_alloc_task_context+0x99/0x6a0 [ 1581.664726] should_failslab+0x5/0x20 [ 1581.665051] kmem_cache_alloc_trace+0x55/0x320 [ 1581.665445] io_uring_alloc_task_context+0x99/0x6a0 [ 1581.665867] ? io_import_iovec+0x1120/0x1120 [ 1581.666258] ? find_held_lock+0x2c/0x110 [ 1581.666609] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1581.667023] __io_uring_add_tctx_node+0x2c6/0x520 [ 1581.667433] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1581.667887] __do_sys_io_uring_enter+0x1489/0x18c0 [ 1581.668307] ? lock_downgrade+0x6d0/0x6d0 [ 1581.668660] ? find_held_lock+0x2c/0x110 [ 1581.669011] ? io_submit_sqes+0x8610/0x8610 [ 1581.669387] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.669806] ? wait_for_completion_io+0x270/0x270 [ 1581.670242] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.670638] ? vfs_write+0x354/0xb10 [ 1581.670956] ? fput_many+0x2f/0x1a0 [ 1581.671269] ? ksys_write+0x1a9/0x260 [ 1581.671593] ? __ia32_sys_read+0xb0/0xb0 [ 1581.671941] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.672389] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.672830] do_syscall_64+0x33/0x40 [ 1581.673149] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.673582] RIP: 0033:0x7f3842280b19 [ 1581.673900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.675464] RSP: 002b:00007f383f7d5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.676110] RAX: ffffffffffffffda RBX: 00007f3842394020 RCX: 00007f3842280b19 [ 1581.676711] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1581.677310] RBP: 00007f383f7d51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.677910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1581.678533] R13: 00007ffcde4da82f R14: 00007f383f7d5300 R15: 0000000000022000 05:48:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 05:48:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1581.788826] FAULT_INJECTION: forcing a failure. [ 1581.788826] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.789951] CPU: 0 PID: 8045 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1581.790531] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.791247] Call Trace: [ 1581.791479] dump_stack+0x107/0x167 [ 1581.791798] should_fail.cold+0x5/0xa [ 1581.792127] ? io_timeout_prep+0x693/0x8b0 [ 1581.792488] should_failslab+0x5/0x20 [ 1581.792828] __kmalloc+0x72/0x390 [ 1581.793126] ? io_timeout_prep+0x181/0x8b0 [ 1581.793490] io_timeout_prep+0x693/0x8b0 [ 1581.793861] io_submit_sqes+0x54d8/0x8610 [ 1581.794288] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.794753] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.795210] ? lock_downgrade+0x6d0/0x6d0 [ 1581.795586] ? find_held_lock+0x2c/0x110 [ 1581.795986] ? io_submit_sqes+0x8610/0x8610 [ 1581.796394] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.796860] ? wait_for_completion_io+0x270/0x270 [ 1581.797308] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.797734] ? vfs_write+0x354/0xb10 [ 1581.798134] ? fput_many+0x2f/0x1a0 [ 1581.798487] ? ksys_write+0x1a9/0x260 [ 1581.798843] ? __ia32_sys_read+0xb0/0xb0 [ 1581.799226] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.799722] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.800199] do_syscall_64+0x33/0x40 [ 1581.800561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.801030] RIP: 0033:0x7fd7b8236b19 [ 1581.801376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.803056] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.803762] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1581.804408] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1581.805067] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.805714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1581.806388] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1581.815378] FAULT_INJECTION: forcing a failure. [ 1581.815378] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1581.816423] CPU: 1 PID: 8041 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1581.817024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.817760] Call Trace: [ 1581.818026] dump_stack+0x107/0x167 [ 1581.818352] should_fail.cold+0x5/0xa [ 1581.818679] _copy_from_user+0x2e/0x1b0 [ 1581.819021] get_timespec64+0x75/0x190 [ 1581.819352] ? put_timespec64+0x130/0x130 [ 1581.819704] ? kasan_unpoison_shadow+0x33/0x50 [ 1581.820091] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1581.820523] io_timeout_prep+0x3c5/0x8b0 [ 1581.820872] io_submit_sqes+0x54d8/0x8610 [ 1581.821242] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.821662] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.822106] ? lock_downgrade+0x6d0/0x6d0 [ 1581.822481] ? find_held_lock+0x2c/0x110 [ 1581.822851] ? io_submit_sqes+0x8610/0x8610 [ 1581.823256] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.823697] ? wait_for_completion_io+0x270/0x270 [ 1581.824146] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.824564] ? vfs_write+0x354/0xb10 [ 1581.824913] ? fput_many+0x2f/0x1a0 [ 1581.825253] ? ksys_write+0x1a9/0x260 [ 1581.825607] ? __ia32_sys_read+0xb0/0xb0 [ 1581.825979] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.826476] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.826958] do_syscall_64+0x33/0x40 [ 1581.827305] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.827778] RIP: 0033:0x7f0159fffb19 [ 1581.828124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.829762] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.830539] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1581.831283] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1581.832024] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.832755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1581.833484] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1581.834946] FAULT_INJECTION: forcing a failure. [ 1581.834946] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.836184] CPU: 1 PID: 8042 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1581.836880] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.837732] Call Trace: [ 1581.838022] dump_stack+0x107/0x167 [ 1581.838397] should_fail.cold+0x5/0xa [ 1581.838796] ? create_object.isra.0+0x3a/0xa20 [ 1581.839279] should_failslab+0x5/0x20 [ 1581.839671] kmem_cache_alloc+0x5b/0x310 [ 1581.840107] create_object.isra.0+0x3a/0xa20 [ 1581.840572] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1581.841109] __kmalloc+0x16e/0x390 [ 1581.841497] io_timeout_prep+0x693/0x8b0 [ 1581.841929] io_submit_sqes+0x54d8/0x8610 [ 1581.842390] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.842910] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.843419] ? lock_downgrade+0x6d0/0x6d0 [ 1581.843855] ? find_held_lock+0x2c/0x110 [ 1581.844287] ? io_submit_sqes+0x8610/0x8610 [ 1581.844753] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.845258] ? wait_for_completion_io+0x270/0x270 [ 1581.845762] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.846247] ? vfs_write+0x354/0xb10 [ 1581.846602] ? fput_many+0x2f/0x1a0 [ 1581.846950] ? ksys_write+0x1a9/0x260 [ 1581.847312] ? __ia32_sys_read+0xb0/0xb0 [ 1581.847699] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.848194] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.848682] do_syscall_64+0x33/0x40 [ 1581.849035] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.849519] RIP: 0033:0x7fe1dcd4cb19 [ 1581.849871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.851744] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.852523] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1581.853257] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1581.853994] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.854735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1581.855464] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:48:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffff00000000, 0x0, 0x0) 05:48:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) 05:48:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1581.977481] FAULT_INJECTION: forcing a failure. [ 1581.977481] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.978600] CPU: 1 PID: 8055 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1581.979208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1581.979941] Call Trace: [ 1581.980195] dump_stack+0x107/0x167 [ 1581.980535] should_fail.cold+0x5/0xa [ 1581.980893] ? create_object.isra.0+0x3a/0xa20 [ 1581.981316] should_failslab+0x5/0x20 [ 1581.981672] kmem_cache_alloc+0x5b/0x310 [ 1581.982054] ? mark_held_locks+0x9e/0xe0 [ 1581.982439] create_object.isra.0+0x3a/0xa20 [ 1581.982846] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1581.983320] kmem_cache_alloc_bulk+0x168/0x320 [ 1581.983753] io_submit_sqes+0x6fe6/0x8610 [ 1581.984140] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1581.984605] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.985065] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1581.985518] ? lock_downgrade+0x6d0/0x6d0 [ 1581.985899] ? find_held_lock+0x2c/0x110 [ 1581.986288] ? io_submit_sqes+0x8610/0x8610 [ 1581.986698] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1581.987147] ? wait_for_completion_io+0x270/0x270 [ 1581.987599] ? rcu_read_lock_any_held+0x75/0xa0 [ 1581.988022] ? vfs_write+0x354/0xb10 [ 1581.988366] ? fput_many+0x2f/0x1a0 [ 1581.988707] ? ksys_write+0x1a9/0x260 [ 1581.989059] ? __ia32_sys_read+0xb0/0xb0 [ 1581.989441] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1581.989915] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1581.990400] do_syscall_64+0x33/0x40 [ 1581.990743] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1581.991209] RIP: 0033:0x7f30a2e99b19 [ 1581.991552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1581.993192] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1581.993883] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1581.994551] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1581.995197] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.995847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1581.996494] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:48:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1582.068927] FAULT_INJECTION: forcing a failure. [ 1582.068927] name failslab, interval 1, probability 0, space 0, times 0 [ 1582.070314] CPU: 1 PID: 8057 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1582.070939] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1582.071684] Call Trace: [ 1582.071936] dump_stack+0x107/0x167 [ 1582.072275] should_fail.cold+0x5/0xa [ 1582.072629] ? create_object.isra.0+0x3a/0xa20 [ 1582.073042] should_failslab+0x5/0x20 [ 1582.073393] kmem_cache_alloc+0x5b/0x310 [ 1582.073774] create_object.isra.0+0x3a/0xa20 [ 1582.074194] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1582.074656] kmem_cache_alloc_bulk+0x168/0x320 [ 1582.075078] io_submit_sqes+0x6fe6/0x8610 [ 1582.075469] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1582.075928] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1582.076379] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1582.076832] ? lock_downgrade+0x6d0/0x6d0 [ 1582.077215] ? find_held_lock+0x2c/0x110 [ 1582.077597] ? io_submit_sqes+0x8610/0x8610 [ 1582.078007] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1582.078473] ? wait_for_completion_io+0x270/0x270 [ 1582.078909] ? rcu_read_lock_any_held+0x75/0xa0 [ 1582.079335] ? vfs_write+0x354/0xb10 [ 1582.079682] ? fput_many+0x2f/0x1a0 [ 1582.080025] ? ksys_write+0x1a9/0x260 [ 1582.080385] ? __ia32_sys_read+0xb0/0xb0 [ 1582.080766] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1582.081250] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1582.081727] do_syscall_64+0x33/0x40 [ 1582.082080] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1582.082551] RIP: 0033:0x7f3842280b19 [ 1582.082897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1582.084549] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1582.085246] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1582.085896] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1582.086559] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1582.087196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1582.087841] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:48:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1597.021544] FAULT_INJECTION: forcing a failure. [ 1597.021544] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.024199] CPU: 1 PID: 8073 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1597.025692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1597.027524] Call Trace: [ 1597.028103] dump_stack+0x107/0x167 [ 1597.028894] should_fail.cold+0x5/0xa [ 1597.029730] ? create_object.isra.0+0x3a/0xa20 [ 1597.030739] should_failslab+0x5/0x20 [ 1597.031571] kmem_cache_alloc+0x5b/0x310 [ 1597.032463] ? mark_held_locks+0x9e/0xe0 [ 1597.033353] create_object.isra.0+0x3a/0xa20 [ 1597.034321] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1597.035439] kmem_cache_alloc_bulk+0x168/0x320 [ 1597.036443] io_submit_sqes+0x6fe6/0x8610 [ 1597.037348] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1597.038427] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.039522] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.040578] ? lock_downgrade+0x6d0/0x6d0 [ 1597.041477] ? find_held_lock+0x2c/0x110 [ 1597.042380] ? io_submit_sqes+0x8610/0x8610 [ 1597.043331] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1597.044389] ? wait_for_completion_io+0x270/0x270 [ 1597.045447] ? rcu_read_lock_any_held+0x75/0xa0 [ 1597.046473] ? vfs_write+0x354/0xb10 [ 1597.047288] ? fput_many+0x2f/0x1a0 [ 1597.048085] ? ksys_write+0x1a9/0x260 [ 1597.048918] ? __ia32_sys_read+0xb0/0xb0 [ 1597.049808] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1597.050966] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1597.052106] do_syscall_64+0x33/0x40 [ 1597.052919] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1597.054039] RIP: 0033:0x7f30a2e99b19 [ 1597.054861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1597.058956] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1597.060618] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1597.066194] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1597.066799] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.067393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1597.067988] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:48:51 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) 05:48:51 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) 05:48:51 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:48:51 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4) 05:48:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000600)={{}, 0x0, 0x8, @inherit={0x50, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000d3070000000000000006000070000000000500ffff000000000000010000000000ffffffff0010400009000000000000000700000000004000000100000000000087805415eb6a7b85efbffc1b9f2bf571aa5dfb00"/99]}, @subvolid=0x4}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:48:51 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 05:48:51 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) [ 1597.072750] FAULT_INJECTION: forcing a failure. [ 1597.072750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1597.073815] CPU: 1 PID: 8084 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1597.074630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1597.075353] Call Trace: [ 1597.075581] dump_stack+0x107/0x167 [ 1597.075890] should_fail.cold+0x5/0xa [ 1597.076218] _copy_from_user+0x2e/0x1b0 [ 1597.076564] get_timespec64+0x75/0x190 [ 1597.076895] ? put_timespec64+0x130/0x130 [ 1597.077251] ? kasan_unpoison_shadow+0x33/0x50 [ 1597.077640] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1597.078075] io_timeout_prep+0x3c5/0x8b0 [ 1597.078460] io_submit_sqes+0x54d8/0x8610 [ 1597.078835] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.079254] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.079664] ? lock_downgrade+0x6d0/0x6d0 [ 1597.080013] ? find_held_lock+0x2c/0x110 [ 1597.080366] ? io_submit_sqes+0x8610/0x8610 [ 1597.080737] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1597.081147] ? wait_for_completion_io+0x270/0x270 [ 1597.081557] ? rcu_read_lock_any_held+0x75/0xa0 [ 1597.081949] ? vfs_write+0x354/0xb10 [ 1597.082302] ? fput_many+0x2f/0x1a0 [ 1597.082613] ? ksys_write+0x1a9/0x260 [ 1597.082937] ? __ia32_sys_read+0xb0/0xb0 [ 1597.083284] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1597.083725] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1597.084161] do_syscall_64+0x33/0x40 [ 1597.084477] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1597.084908] RIP: 0033:0x7fe1dcd4cb19 [ 1597.085224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1597.086789] RSP: 002b:00007fe1da2a1188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1597.087426] RAX: ffffffffffffffda RBX: 00007fe1dce60020 RCX: 00007fe1dcd4cb19 [ 1597.088019] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1597.088613] RBP: 00007fe1da2a11d0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.089206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1597.089804] R13: 00007ffefbef4e9f R14: 00007fe1da2a1300 R15: 0000000000022000 [ 1597.106521] FAULT_INJECTION: forcing a failure. [ 1597.106521] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.107573] CPU: 0 PID: 8088 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1597.108152] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1597.108837] Call Trace: [ 1597.109067] dump_stack+0x107/0x167 [ 1597.109376] should_fail.cold+0x5/0xa [ 1597.109702] ? create_object.isra.0+0x3a/0xa20 [ 1597.110089] should_failslab+0x5/0x20 [ 1597.110434] kmem_cache_alloc+0x5b/0x310 [ 1597.110780] create_object.isra.0+0x3a/0xa20 [ 1597.111150] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1597.111659] __kmalloc+0x16e/0x390 [ 1597.111968] io_timeout_prep+0x693/0x8b0 [ 1597.112316] io_submit_sqes+0x54d8/0x8610 [ 1597.112687] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.113106] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.113517] ? lock_downgrade+0x6d0/0x6d0 [ 1597.113867] ? find_held_lock+0x2c/0x110 [ 1597.114296] ? io_submit_sqes+0x8610/0x8610 [ 1597.114671] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1597.115080] ? wait_for_completion_io+0x270/0x270 [ 1597.115487] ? rcu_read_lock_any_held+0x75/0xa0 [ 1597.115876] ? vfs_write+0x354/0xb10 [ 1597.116190] ? fput_many+0x2f/0x1a0 [ 1597.116497] ? ksys_write+0x1a9/0x260 [ 1597.116818] ? __ia32_sys_read+0xb0/0xb0 [ 1597.117163] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1597.117602] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1597.118036] do_syscall_64+0x33/0x40 [ 1597.118389] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1597.118821] RIP: 0033:0x7fd7b8236b19 [ 1597.119135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1597.120662] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1597.121300] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1597.121891] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1597.122518] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.123114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1597.123708] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1597.129660] FAULT_INJECTION: forcing a failure. [ 1597.129660] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.134659] CPU: 0 PID: 8087 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1597.135227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1597.135912] Call Trace: [ 1597.136139] dump_stack+0x107/0x167 [ 1597.136447] should_fail.cold+0x5/0xa [ 1597.136770] ? io_timeout_prep+0x693/0x8b0 [ 1597.137128] should_failslab+0x5/0x20 [ 1597.137451] __kmalloc+0x72/0x390 [ 1597.137747] ? __hrtimer_init+0x12c/0x270 [ 1597.138101] io_timeout_prep+0x693/0x8b0 [ 1597.138487] io_submit_sqes+0x54d8/0x8610 [ 1597.138859] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.139277] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.139686] ? lock_downgrade+0x6d0/0x6d0 [ 1597.140034] ? find_held_lock+0x2c/0x110 [ 1597.140379] ? io_submit_sqes+0x8610/0x8610 [ 1597.140745] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1597.141151] ? wait_for_completion_io+0x270/0x270 [ 1597.141555] ? rcu_read_lock_any_held+0x75/0xa0 [ 1597.141941] ? vfs_write+0x354/0xb10 [ 1597.142292] ? fput_many+0x2f/0x1a0 [ 1597.142603] ? ksys_write+0x1a9/0x260 [ 1597.142925] ? __ia32_sys_read+0xb0/0xb0 [ 1597.143270] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1597.143707] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1597.144139] do_syscall_64+0x33/0x40 [ 1597.144453] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1597.144878] RIP: 0033:0x7f0159fffb19 [ 1597.145193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1597.146743] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1597.147380] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1597.147971] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1597.148561] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.149151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1597.149743] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1597.177703] FAULT_INJECTION: forcing a failure. [ 1597.177703] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.178929] CPU: 0 PID: 8086 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1597.179525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1597.180232] Call Trace: [ 1597.180474] dump_stack+0x107/0x167 [ 1597.180800] should_fail.cold+0x5/0xa [ 1597.181141] ? create_object.isra.0+0x3a/0xa20 [ 1597.181546] should_failslab+0x5/0x20 [ 1597.181887] kmem_cache_alloc+0x5b/0x310 [ 1597.182263] ? mark_held_locks+0x9e/0xe0 [ 1597.182619] create_object.isra.0+0x3a/0xa20 [ 1597.182992] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1597.183424] kmem_cache_alloc_bulk+0x168/0x320 [ 1597.183815] io_submit_sqes+0x6fe6/0x8610 [ 1597.184167] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1597.184590] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.185010] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.185419] ? lock_downgrade+0x6d0/0x6d0 [ 1597.185768] ? find_held_lock+0x2c/0x110 [ 1597.186116] ? io_submit_sqes+0x8610/0x8610 [ 1597.186526] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1597.186938] ? wait_for_completion_io+0x270/0x270 [ 1597.187349] ? rcu_read_lock_any_held+0x75/0xa0 [ 1597.187745] ? vfs_write+0x354/0xb10 [ 1597.188060] ? fput_many+0x2f/0x1a0 [ 1597.188370] ? ksys_write+0x1a9/0x260 [ 1597.188692] ? __ia32_sys_read+0xb0/0xb0 [ 1597.189038] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1597.189479] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1597.189915] do_syscall_64+0x33/0x40 [ 1597.190270] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1597.190700] RIP: 0033:0x7f3842280b19 [ 1597.191014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1597.192542] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1597.193181] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1597.193781] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1597.194414] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.195007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1597.195599] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:48:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:48:51 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) 05:48:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1597.398496] FAULT_INJECTION: forcing a failure. [ 1597.398496] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.399840] CPU: 0 PID: 8096 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1597.400416] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1597.401165] Call Trace: [ 1597.401397] dump_stack+0x107/0x167 [ 1597.401705] should_fail.cold+0x5/0xa [ 1597.402086] ? io_timeout_prep+0x693/0x8b0 [ 1597.402456] should_failslab+0x5/0x20 [ 1597.402825] __kmalloc+0x72/0x390 [ 1597.403120] ? __hrtimer_init+0x12c/0x270 [ 1597.403470] io_timeout_prep+0x693/0x8b0 [ 1597.403903] io_submit_sqes+0x54d8/0x8610 [ 1597.404273] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.404689] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.405142] ? lock_downgrade+0x6d0/0x6d0 [ 1597.405491] ? find_held_lock+0x2c/0x110 [ 1597.405914] ? io_submit_sqes+0x8610/0x8610 [ 1597.406309] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1597.406719] ? wait_for_completion_io+0x270/0x270 [ 1597.407215] ? rcu_read_lock_any_held+0x75/0xa0 [ 1597.407607] ? vfs_write+0x354/0xb10 [ 1597.408133] ? fput_many+0x2f/0x1a0 [ 1597.408443] ? ksys_write+0x1a9/0x260 [ 1597.408841] ? __ia32_sys_read+0xb0/0xb0 [ 1597.409196] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1597.409635] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1597.410792] do_syscall_64+0x33/0x40 [ 1597.411118] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1597.411547] RIP: 0033:0x7fe1dcd4cb19 [ 1597.411908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1597.413481] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1597.414167] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1597.414812] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1597.415408] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.416048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1597.416644] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:48:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:48:51 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) [ 1597.582045] FAULT_INJECTION: forcing a failure. [ 1597.582045] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.583575] CPU: 0 PID: 8104 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1597.584212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1597.588267] Call Trace: [ 1597.588505] dump_stack+0x107/0x167 [ 1597.588867] should_fail.cold+0x5/0xa [ 1597.589192] ? create_object.isra.0+0x3a/0xa20 [ 1597.589577] should_failslab+0x5/0x20 [ 1597.589901] kmem_cache_alloc+0x5b/0x310 [ 1597.590258] create_object.isra.0+0x3a/0xa20 [ 1597.590628] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1597.591056] __kmalloc+0x16e/0x390 [ 1597.591364] io_timeout_prep+0x693/0x8b0 [ 1597.591712] io_submit_sqes+0x54d8/0x8610 [ 1597.592081] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.592498] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1597.592907] ? lock_downgrade+0x6d0/0x6d0 [ 1597.593258] ? find_held_lock+0x2c/0x110 [ 1597.593605] ? io_submit_sqes+0x8610/0x8610 [ 1597.593977] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1597.594400] ? wait_for_completion_io+0x270/0x270 [ 1597.594807] ? rcu_read_lock_any_held+0x75/0xa0 [ 1597.595196] ? vfs_write+0x354/0xb10 [ 1597.595511] ? fput_many+0x2f/0x1a0 [ 1597.595819] ? ksys_write+0x1a9/0x260 [ 1597.596142] ? __ia32_sys_read+0xb0/0xb0 [ 1597.596490] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1597.596933] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1597.597369] do_syscall_64+0x33/0x40 [ 1597.597684] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1597.598113] RIP: 0033:0x7f0159fffb19 [ 1597.598449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1597.599980] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1597.600622] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1597.601220] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1597.601817] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.602427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1597.603027] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:49:06 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) 05:49:06 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) 05:49:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) 05:49:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:06 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8) 05:49:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) 05:49:06 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:49:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1611.847361] FAULT_INJECTION: forcing a failure. [ 1611.847361] name failslab, interval 1, probability 0, space 0, times 0 [ 1611.848361] CPU: 0 PID: 8109 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1611.848943] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1611.849647] Call Trace: [ 1611.849885] dump_stack+0x107/0x167 [ 1611.850205] should_fail.cold+0x5/0xa [ 1611.850554] ? create_object.isra.0+0x3a/0xa20 [ 1611.850938] ? create_object.isra.0+0x3a/0xa20 [ 1611.851323] should_failslab+0x5/0x20 [ 1611.851648] kmem_cache_alloc+0x5b/0x310 [ 1611.851997] create_object.isra.0+0x3a/0xa20 [ 1611.852369] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1611.852801] kmem_cache_alloc_bulk+0x168/0x320 [ 1611.853194] io_submit_sqes+0x6fe6/0x8610 [ 1611.853547] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1611.853972] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.854407] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.854822] ? lock_downgrade+0x6d0/0x6d0 [ 1611.855172] ? find_held_lock+0x2c/0x110 [ 1611.855522] ? io_submit_sqes+0x8610/0x8610 [ 1611.855895] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1611.856310] ? wait_for_completion_io+0x270/0x270 [ 1611.856721] ? rcu_read_lock_any_held+0x75/0xa0 [ 1611.857115] ? vfs_write+0x354/0xb10 [ 1611.857434] ? fput_many+0x2f/0x1a0 [ 1611.857745] ? ksys_write+0x1a9/0x260 [ 1611.858070] ? __ia32_sys_read+0xb0/0xb0 [ 1611.858442] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1611.858886] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1611.859326] do_syscall_64+0x33/0x40 [ 1611.859644] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1611.860079] RIP: 0033:0x7f3842280b19 [ 1611.860396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1611.861924] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1611.862578] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1611.863176] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1611.863772] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1611.864370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1611.864966] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1611.886912] FAULT_INJECTION: forcing a failure. [ 1611.886912] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1611.888046] CPU: 1 PID: 8116 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1611.888658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1611.889400] Call Trace: [ 1611.889652] dump_stack+0x107/0x167 [ 1611.889989] should_fail.cold+0x5/0xa [ 1611.890358] _copy_from_user+0x2e/0x1b0 [ 1611.890732] get_timespec64+0x75/0x190 [ 1611.891096] ? put_timespec64+0x130/0x130 [ 1611.891488] ? kasan_unpoison_shadow+0x33/0x50 [ 1611.891916] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1611.892387] io_timeout_prep+0x3c5/0x8b0 [ 1611.892771] io_submit_sqes+0x54d8/0x8610 [ 1611.893181] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.893638] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.894085] ? lock_downgrade+0x6d0/0x6d0 [ 1611.894482] ? find_held_lock+0x2c/0x110 [ 1611.894861] ? io_submit_sqes+0x8610/0x8610 [ 1611.895272] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1611.895722] ? wait_for_completion_io+0x270/0x270 [ 1611.896169] ? rcu_read_lock_any_held+0x75/0xa0 [ 1611.896597] ? vfs_write+0x354/0xb10 [ 1611.896945] ? fput_many+0x2f/0x1a0 [ 1611.897282] ? ksys_write+0x1a9/0x260 [ 1611.897633] ? __ia32_sys_read+0xb0/0xb0 [ 1611.898012] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1611.898509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1611.898982] do_syscall_64+0x33/0x40 [ 1611.899328] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1611.899795] RIP: 0033:0x7f0159fffb19 [ 1611.900138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1611.901781] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1611.902493] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1611.903139] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1611.903784] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1611.904427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1611.905073] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1611.918720] FAULT_INJECTION: forcing a failure. [ 1611.918720] name failslab, interval 1, probability 0, space 0, times 0 [ 1611.919808] CPU: 1 PID: 8118 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1611.920452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1611.921216] Call Trace: [ 1611.921467] dump_stack+0x107/0x167 [ 1611.921696] FAULT_INJECTION: forcing a failure. [ 1611.921696] name failslab, interval 1, probability 0, space 0, times 0 [ 1611.921804] should_fail.cold+0x5/0xa [ 1611.923136] ? create_object.isra.0+0x3a/0xa20 [ 1611.923563] should_failslab+0x5/0x20 [ 1611.923912] kmem_cache_alloc+0x5b/0x310 [ 1611.924296] ? mark_held_locks+0x9e/0xe0 [ 1611.924675] create_object.isra.0+0x3a/0xa20 [ 1611.925079] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1611.925559] kmem_cache_alloc_bulk+0x168/0x320 [ 1611.925986] io_submit_sqes+0x6fe6/0x8610 [ 1611.926398] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1611.926864] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.927332] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.927779] ? lock_downgrade+0x6d0/0x6d0 [ 1611.928164] ? find_held_lock+0x2c/0x110 [ 1611.928550] ? io_submit_sqes+0x8610/0x8610 [ 1611.928955] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1611.929414] ? wait_for_completion_io+0x270/0x270 [ 1611.929857] ? rcu_read_lock_any_held+0x75/0xa0 [ 1611.930299] ? vfs_write+0x354/0xb10 [ 1611.930651] ? fput_many+0x2f/0x1a0 [ 1611.930989] ? ksys_write+0x1a9/0x260 [ 1611.931355] ? __ia32_sys_read+0xb0/0xb0 [ 1611.931733] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1611.932221] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1611.932703] do_syscall_64+0x33/0x40 [ 1611.933047] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1611.933524] RIP: 0033:0x7f30a2e99b19 [ 1611.933870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1611.935545] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1611.936235] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1611.936878] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1611.937522] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1611.938214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1611.938889] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1611.939568] CPU: 0 PID: 8120 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1611.940171] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1611.940864] Call Trace: [ 1611.941097] dump_stack+0x107/0x167 [ 1611.941408] should_fail.cold+0x5/0xa [ 1611.941744] ? create_object.isra.0+0x3a/0xa20 [ 1611.942135] should_failslab+0x5/0x20 [ 1611.942477] kmem_cache_alloc+0x5b/0x310 [ 1611.942824] create_object.isra.0+0x3a/0xa20 [ 1611.943205] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1611.943642] __kmalloc+0x16e/0x390 [ 1611.943953] io_timeout_prep+0x693/0x8b0 [ 1611.944305] io_submit_sqes+0x54d8/0x8610 [ 1611.944675] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.945096] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.945508] ? lock_downgrade+0x6d0/0x6d0 [ 1611.945857] ? find_held_lock+0x2c/0x110 [ 1611.946206] ? io_submit_sqes+0x8610/0x8610 [ 1611.946597] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1611.947006] ? wait_for_completion_io+0x270/0x270 [ 1611.947422] ? rcu_read_lock_any_held+0x75/0xa0 [ 1611.947816] ? vfs_write+0x354/0xb10 [ 1611.948133] ? fput_many+0x2f/0x1a0 [ 1611.948442] ? ksys_write+0x1a9/0x260 [ 1611.948766] ? __ia32_sys_read+0xb0/0xb0 [ 1611.949115] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1611.949556] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1611.949993] do_syscall_64+0x33/0x40 [ 1611.950330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1611.950766] RIP: 0033:0x7fe1dcd4cb19 [ 1611.951085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1611.952622] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1611.953277] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1611.953875] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1611.954499] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1611.955107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1611.955717] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1611.962802] FAULT_INJECTION: forcing a failure. [ 1611.962802] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1611.963937] CPU: 1 PID: 8123 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1611.964568] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1611.965319] Call Trace: [ 1611.965565] dump_stack+0x107/0x167 [ 1611.965901] should_fail.cold+0x5/0xa [ 1611.966267] _copy_from_user+0x2e/0x1b0 [ 1611.966657] get_timespec64+0x75/0x190 [ 1611.967017] ? put_timespec64+0x130/0x130 [ 1611.967420] ? kasan_unpoison_shadow+0x33/0x50 [ 1611.967842] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1611.968332] io_timeout_prep+0x3c5/0x8b0 [ 1611.968713] io_submit_sqes+0x54d8/0x8610 [ 1611.969128] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.969585] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1611.970034] ? lock_downgrade+0x6d0/0x6d0 [ 1611.970434] ? find_held_lock+0x2c/0x110 [ 1611.970816] ? io_submit_sqes+0x8610/0x8610 [ 1611.971221] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1611.971668] ? wait_for_completion_io+0x270/0x270 [ 1611.972116] ? rcu_read_lock_any_held+0x75/0xa0 [ 1611.972554] ? vfs_write+0x354/0xb10 [ 1611.972902] ? fput_many+0x2f/0x1a0 [ 1611.973253] ? ksys_write+0x1a9/0x260 [ 1611.973608] ? __ia32_sys_read+0xb0/0xb0 [ 1611.973987] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1611.974500] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1611.974976] do_syscall_64+0x33/0x40 [ 1611.975323] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1611.975791] RIP: 0033:0x7fd7b8236b19 [ 1611.976135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1611.977783] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1611.978493] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1611.979155] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1611.979807] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1611.980480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1611.981137] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:49:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:20 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) 05:49:20 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) 05:49:20 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) 05:49:20 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:49:20 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) 05:49:20 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:49:20 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) [ 1626.304515] FAULT_INJECTION: forcing a failure. [ 1626.304515] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.305505] CPU: 1 PID: 8136 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1626.306073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.310789] Call Trace: [ 1626.311021] dump_stack+0x107/0x167 [ 1626.311330] should_fail.cold+0x5/0xa [ 1626.311653] ? create_object.isra.0+0x3a/0xa20 [ 1626.312038] should_failslab+0x5/0x20 [ 1626.312373] kmem_cache_alloc+0x5b/0x310 [ 1626.312721] ? mark_held_locks+0x9e/0xe0 [ 1626.313069] create_object.isra.0+0x3a/0xa20 [ 1626.313440] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.313871] kmem_cache_alloc_bulk+0x168/0x320 [ 1626.314265] io_submit_sqes+0x6fe6/0x8610 [ 1626.314634] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1626.315059] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.315479] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.315890] ? lock_downgrade+0x6d0/0x6d0 [ 1626.316239] ? find_held_lock+0x2c/0x110 [ 1626.316586] ? io_submit_sqes+0x8610/0x8610 [ 1626.316959] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.317371] ? wait_for_completion_io+0x270/0x270 [ 1626.317782] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.318173] ? vfs_write+0x354/0xb10 [ 1626.318509] ? fput_many+0x2f/0x1a0 [ 1626.318821] ? ksys_write+0x1a9/0x260 [ 1626.319146] ? __ia32_sys_read+0xb0/0xb0 [ 1626.319494] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.319936] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.320374] do_syscall_64+0x33/0x40 [ 1626.320691] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.321121] RIP: 0033:0x7f3842280b19 [ 1626.321440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.322993] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.323639] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1626.324236] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1626.324832] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.325431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.326030] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1626.350157] FAULT_INJECTION: forcing a failure. [ 1626.350157] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.351143] CPU: 1 PID: 8146 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1626.351725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.352417] Call Trace: [ 1626.352647] dump_stack+0x107/0x167 [ 1626.352958] should_fail.cold+0x5/0xa [ 1626.353283] ? io_timeout_prep+0x693/0x8b0 [ 1626.353649] should_failslab+0x5/0x20 [ 1626.353984] __kmalloc+0x72/0x390 [ 1626.354288] ? __hrtimer_init+0x12c/0x270 [ 1626.354669] io_timeout_prep+0x693/0x8b0 [ 1626.355021] io_submit_sqes+0x54d8/0x8610 [ 1626.355397] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.355821] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.356236] ? lock_downgrade+0x6d0/0x6d0 [ 1626.356596] ? find_held_lock+0x2c/0x110 [ 1626.356954] ? io_submit_sqes+0x8610/0x8610 [ 1626.357337] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.357754] ? wait_for_completion_io+0x270/0x270 [ 1626.358167] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.358582] ? vfs_write+0x354/0xb10 [ 1626.358901] ? fput_many+0x2f/0x1a0 [ 1626.359214] ? ksys_write+0x1a9/0x260 [ 1626.359547] ? __ia32_sys_read+0xb0/0xb0 [ 1626.359901] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.360352] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.360796] do_syscall_64+0x33/0x40 [ 1626.361116] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.361551] RIP: 0033:0x7f0159fffb19 [ 1626.361872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.363516] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.364154] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1626.364749] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1626.365344] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.365940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1626.366663] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1626.368575] FAULT_INJECTION: forcing a failure. [ 1626.368575] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.369522] CPU: 1 PID: 8147 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1626.370089] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.374801] Call Trace: [ 1626.375025] dump_stack+0x107/0x167 [ 1626.375333] should_fail.cold+0x5/0xa [ 1626.375659] ? io_timeout_prep+0x693/0x8b0 [ 1626.376014] should_failslab+0x5/0x20 [ 1626.376334] __kmalloc+0x72/0x390 [ 1626.376633] ? __hrtimer_init+0x12c/0x270 [ 1626.376988] io_timeout_prep+0x693/0x8b0 [ 1626.377337] io_submit_sqes+0x54d8/0x8610 [ 1626.377708] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.378127] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.378560] ? lock_downgrade+0x6d0/0x6d0 [ 1626.378908] ? find_held_lock+0x2c/0x110 [ 1626.379255] ? io_submit_sqes+0x8610/0x8610 [ 1626.379629] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.380040] ? wait_for_completion_io+0x270/0x270 [ 1626.380450] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.380841] ? vfs_write+0x354/0xb10 [ 1626.381157] ? fput_many+0x2f/0x1a0 [ 1626.381467] ? ksys_write+0x1a9/0x260 [ 1626.381790] ? __ia32_sys_read+0xb0/0xb0 [ 1626.382136] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.382600] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.383036] do_syscall_64+0x33/0x40 [ 1626.383352] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.383784] RIP: 0033:0x7fd7b8236b19 [ 1626.384100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.385641] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.386285] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1626.386897] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1626.387495] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.388095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1626.388695] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1626.389710] FAULT_INJECTION: forcing a failure. [ 1626.389710] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.390891] CPU: 0 PID: 8143 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1626.391465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.392177] Call Trace: [ 1626.392404] dump_stack+0x107/0x167 [ 1626.392734] should_fail.cold+0x5/0xa [ 1626.393059] ? create_object.isra.0+0x3a/0xa20 [ 1626.393445] should_failslab+0x5/0x20 [ 1626.393787] kmem_cache_alloc+0x5b/0x310 [ 1626.394133] ? mark_held_locks+0x9e/0xe0 [ 1626.394575] create_object.isra.0+0x3a/0xa20 [ 1626.395420] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.396408] kmem_cache_alloc+0x159/0x310 [ 1626.397277] xas_alloc+0x336/0x440 [ 1626.397973] xas_create+0x34a/0x10d0 [ 1626.398677] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1626.399527] FAULT_INJECTION: forcing a failure. [ 1626.399527] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.399680] xas_store+0x8c/0x1c40 [ 1626.401449] __xa_store+0x164/0x2d0 [ 1626.402081] ? xa_delete_node+0x280/0x280 [ 1626.402945] ? trace_hardirqs_on+0x5b/0x180 [ 1626.403900] xa_store+0x31/0x50 [ 1626.404493] __io_uring_add_tctx_node+0x1cf/0x520 [ 1626.405339] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1626.406229] __do_sys_io_uring_enter+0x1489/0x18c0 [ 1626.407317] ? lock_downgrade+0x6d0/0x6d0 [ 1626.408251] ? find_held_lock+0x2c/0x110 [ 1626.409173] ? io_submit_sqes+0x8610/0x8610 [ 1626.410147] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.411251] ? wait_for_completion_io+0x270/0x270 [ 1626.412342] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.413384] ? vfs_write+0x354/0xb10 [ 1626.414234] ? fput_many+0x2f/0x1a0 [ 1626.415069] ? ksys_write+0x1a9/0x260 [ 1626.415939] ? __ia32_sys_read+0xb0/0xb0 [ 1626.416826] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.418019] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.419188] do_syscall_64+0x33/0x40 [ 1626.419997] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.421172] RIP: 0033:0x7fe1dcd4cb19 [ 1626.421990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.426120] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.427836] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1626.429416] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1626.431040] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.432617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1626.434232] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1626.435852] CPU: 1 PID: 8148 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1626.436506] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.437286] Call Trace: [ 1626.437539] dump_stack+0x107/0x167 [ 1626.437888] should_fail.cold+0x5/0xa [ 1626.438248] ? create_object.isra.0+0x3a/0xa20 [ 1626.438690] should_failslab+0x5/0x20 [ 1626.439048] kmem_cache_alloc+0x5b/0x310 [ 1626.439432] ? mark_held_locks+0x9e/0xe0 [ 1626.439819] create_object.isra.0+0x3a/0xa20 [ 1626.440230] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.440712] kmem_cache_alloc_bulk+0x168/0x320 [ 1626.441144] io_submit_sqes+0x6fe6/0x8610 [ 1626.441545] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1626.442027] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.442505] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.442966] ? lock_downgrade+0x6d0/0x6d0 [ 1626.443357] ? find_held_lock+0x2c/0x110 [ 1626.443750] ? io_submit_sqes+0x8610/0x8610 [ 1626.444176] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.444637] ? wait_for_completion_io+0x270/0x270 [ 1626.445099] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.445547] ? vfs_write+0x354/0xb10 [ 1626.445899] ? fput_many+0x2f/0x1a0 [ 1626.446257] ? ksys_write+0x1a9/0x260 [ 1626.446626] ? __ia32_sys_read+0xb0/0xb0 [ 1626.447012] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.447513] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.448017] do_syscall_64+0x33/0x40 05:49:20 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1626.448375] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.454829] RIP: 0033:0x7f30a2e99b19 [ 1626.455167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.457019] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.457715] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1626.458368] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1626.459036] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.459694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.460352] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:49:20 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:20 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:49:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) [ 1626.804404] FAULT_INJECTION: forcing a failure. [ 1626.804404] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.806997] CPU: 1 PID: 8164 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1626.808479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.810262] Call Trace: [ 1626.810848] dump_stack+0x107/0x167 [ 1626.811629] should_fail.cold+0x5/0xa [ 1626.812454] ? create_object.isra.0+0x3a/0xa20 [ 1626.813451] should_failslab+0x5/0x20 [ 1626.814269] kmem_cache_alloc+0x5b/0x310 [ 1626.815154] ? mark_held_locks+0x9e/0xe0 [ 1626.816032] create_object.isra.0+0x3a/0xa20 [ 1626.816980] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.818074] kmem_cache_alloc_bulk+0x168/0x320 [ 1626.819072] io_submit_sqes+0x6fe6/0x8610 [ 1626.819967] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1626.821023] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.822094] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.823158] ? lock_downgrade+0x6d0/0x6d0 [ 1626.823823] FAULT_INJECTION: forcing a failure. [ 1626.823823] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.824043] ? find_held_lock+0x2c/0x110 [ 1626.824059] ? io_submit_sqes+0x8610/0x8610 [ 1626.824079] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.828816] ? wait_for_completion_io+0x270/0x270 [ 1626.829856] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.830866] ? vfs_write+0x354/0xb10 [ 1626.831667] ? fput_many+0x2f/0x1a0 [ 1626.832448] ? ksys_write+0x1a9/0x260 [ 1626.833265] ? __ia32_sys_read+0xb0/0xb0 [ 1626.834141] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.835284] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.836404] do_syscall_64+0x33/0x40 [ 1626.837211] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.838317] RIP: 0033:0x7f3842280b19 [ 1626.839135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.843123] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.844760] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1626.846294] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1626.847839] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.849373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.850923] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1626.852478] CPU: 0 PID: 8166 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1626.853109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.853882] Call Trace: [ 1626.854128] dump_stack+0x107/0x167 [ 1626.854491] should_fail.cold+0x5/0xa [ 1626.854846] ? create_object.isra.0+0x3a/0xa20 [ 1626.855267] should_failslab+0x5/0x20 [ 1626.855634] kmem_cache_alloc+0x5b/0x310 [ 1626.856018] create_object.isra.0+0x3a/0xa20 [ 1626.856435] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.856909] __kmalloc+0x16e/0x390 [ 1626.857241] io_timeout_prep+0x693/0x8b0 [ 1626.857640] io_submit_sqes+0x54d8/0x8610 [ 1626.858052] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.859166] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.859662] ? lock_downgrade+0x6d0/0x6d0 [ 1626.860548] ? find_held_lock+0x2c/0x110 [ 1626.860959] ? io_submit_sqes+0x8610/0x8610 [ 1626.861908] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.862375] ? wait_for_completion_io+0x270/0x270 [ 1626.863433] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.863894] ? vfs_write+0x354/0xb10 [ 1626.864700] ? fput_many+0x2f/0x1a0 [ 1626.865065] ? ksys_write+0x1a9/0x260 [ 1626.865876] ? __ia32_sys_read+0xb0/0xb0 [ 1626.866284] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.867439] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.867939] do_syscall_64+0x33/0x40 [ 1626.868749] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.869255] RIP: 0033:0x7f0159fffb19 [ 1626.870050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.874095] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.875774] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1626.877336] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1626.878913] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.880459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1626.882032] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:49:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) 05:49:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) [ 1626.958555] FAULT_INJECTION: forcing a failure. [ 1626.958555] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.960439] CPU: 0 PID: 8172 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1626.961942] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1626.963783] Call Trace: [ 1626.964347] dump_stack+0x107/0x167 [ 1626.965156] should_fail.cold+0x5/0xa [ 1626.965998] ? create_object.isra.0+0x3a/0xa20 [ 1626.967016] should_failslab+0x5/0x20 [ 1626.967833] kmem_cache_alloc+0x5b/0x310 [ 1626.968248] create_object.isra.0+0x3a/0xa20 [ 1626.969213] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1626.969713] __kmalloc+0x16e/0x390 [ 1626.970522] io_timeout_prep+0x693/0x8b0 [ 1626.971423] io_submit_sqes+0x54d8/0x8610 [ 1626.972364] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.973461] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1626.974544] ? lock_downgrade+0x6d0/0x6d0 [ 1626.975455] ? find_held_lock+0x2c/0x110 [ 1626.976331] ? io_submit_sqes+0x8610/0x8610 [ 1626.977284] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1626.978344] ? wait_for_completion_io+0x270/0x270 [ 1626.978834] ? rcu_read_lock_any_held+0x75/0xa0 [ 1626.979861] ? vfs_write+0x354/0xb10 [ 1626.980690] ? fput_many+0x2f/0x1a0 [ 1626.981473] ? ksys_write+0x1a9/0x260 [ 1626.981564] FAULT_INJECTION: forcing a failure. [ 1626.981564] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.982303] ? __ia32_sys_read+0xb0/0xb0 [ 1626.982319] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1626.982335] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1626.985972] do_syscall_64+0x33/0x40 [ 1626.986782] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1626.987293] RIP: 0033:0x7fd7b8236b19 [ 1626.988107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1626.989836] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1626.991534] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1626.993087] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1626.994675] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1626.996232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1626.997806] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1626.999392] CPU: 1 PID: 8174 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1627.000051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1627.001850] Call Trace: [ 1627.002409] dump_stack+0x107/0x167 [ 1627.003200] should_fail.cold+0x5/0xa [ 1627.004015] ? io_timeout_prep+0x693/0x8b0 [ 1627.004922] should_failslab+0x5/0x20 [ 1627.005737] __kmalloc+0x72/0x390 [ 1627.006502] ? __hrtimer_init+0x12c/0x270 [ 1627.007396] io_timeout_prep+0x693/0x8b0 [ 1627.008271] io_submit_sqes+0x54d8/0x8610 [ 1627.009172] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.009658] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.010712] ? lock_downgrade+0x6d0/0x6d0 [ 1627.011601] ? find_held_lock+0x2c/0x110 [ 1627.012477] ? io_submit_sqes+0x8610/0x8610 [ 1627.013405] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1627.013874] ? wait_for_completion_io+0x270/0x270 [ 1627.014918] ? rcu_read_lock_any_held+0x75/0xa0 [ 1627.015913] ? vfs_write+0x354/0xb10 [ 1627.016708] ? fput_many+0x2f/0x1a0 [ 1627.017476] ? ksys_write+0x1a9/0x260 [ 1627.017845] ? __ia32_sys_read+0xb0/0xb0 [ 1627.018724] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1627.019223] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1627.020365] do_syscall_64+0x33/0x40 [ 1627.020757] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1627.021927] RIP: 0033:0x7fe1dcd4cb19 [ 1627.022731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1627.026533] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1627.027169] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1627.027769] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1627.028361] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1627.028954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1627.029547] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:49:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:21 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000) 05:49:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) 05:49:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) 05:49:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1627.197951] FAULT_INJECTION: forcing a failure. [ 1627.197951] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1627.200486] CPU: 1 PID: 8179 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1627.201764] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1627.202853] Call Trace: [ 1627.203086] dump_stack+0x107/0x167 [ 1627.203396] should_fail.cold+0x5/0xa [ 1627.203724] _copy_from_user+0x2e/0x1b0 [ 1627.204066] get_timespec64+0x75/0x190 [ 1627.204400] ? put_timespec64+0x130/0x130 [ 1627.204755] ? kasan_unpoison_shadow+0x33/0x50 [ 1627.205144] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1627.205580] io_timeout_prep+0x3c5/0x8b0 [ 1627.205931] io_submit_sqes+0x54d8/0x8610 [ 1627.206303] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.207231] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.208046] ? lock_downgrade+0x6d0/0x6d0 [ 1627.208738] ? find_held_lock+0x2c/0x110 [ 1627.209423] ? io_submit_sqes+0x8610/0x8610 [ 1627.210153] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1627.211155] ? wait_for_completion_io+0x270/0x270 [ 1627.211966] ? rcu_read_lock_any_held+0x75/0xa0 [ 1627.212743] ? vfs_write+0x354/0xb10 [ 1627.213366] ? fput_many+0x2f/0x1a0 [ 1627.213991] ? ksys_write+0x1a9/0x260 [ 1627.214742] ? __ia32_sys_read+0xb0/0xb0 [ 1627.215426] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1627.216301] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1627.217165] do_syscall_64+0x33/0x40 [ 1627.217796] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1627.218753] RIP: 0033:0x7f0159fffb19 [ 1627.219374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1627.222518] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1627.223794] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1627.224990] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1627.226181] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1627.226992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1627.227596] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:49:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1627.273796] FAULT_INJECTION: forcing a failure. [ 1627.273796] name failslab, interval 1, probability 0, space 0, times 0 [ 1627.276109] CPU: 0 PID: 8186 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1627.277286] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1627.278780] Call Trace: [ 1627.279248] dump_stack+0x107/0x167 [ 1627.279871] should_fail.cold+0x5/0xa [ 1627.280532] ? create_object.isra.0+0x3a/0xa20 [ 1627.281327] should_failslab+0x5/0x20 [ 1627.281964] kmem_cache_alloc+0x5b/0x310 [ 1627.282573] ? mark_held_locks+0x9e/0xe0 [ 1627.282924] create_object.isra.0+0x3a/0xa20 [ 1627.283297] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1627.283742] kmem_cache_alloc_bulk+0x168/0x320 [ 1627.284135] io_submit_sqes+0x6fe6/0x8610 [ 1627.284502] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1627.284926] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.285344] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.285766] ? lock_downgrade+0x6d0/0x6d0 [ 1627.286116] ? find_held_lock+0x2c/0x110 [ 1627.286485] ? io_submit_sqes+0x8610/0x8610 [ 1627.286865] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1627.287282] ? wait_for_completion_io+0x270/0x270 [ 1627.287706] ? rcu_read_lock_any_held+0x75/0xa0 [ 1627.288098] ? vfs_write+0x354/0xb10 [ 1627.288413] ? fput_many+0x2f/0x1a0 [ 1627.288739] ? ksys_write+0x1a9/0x260 [ 1627.289074] ? __ia32_sys_read+0xb0/0xb0 [ 1627.289430] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1627.289890] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1627.290326] do_syscall_64+0x33/0x40 [ 1627.290659] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1627.291101] RIP: 0033:0x7f30a2e99b19 [ 1627.291417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1627.292960] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1627.293598] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1627.294204] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1627.294814] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1627.295417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1627.296023] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:49:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:49:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1627.364770] FAULT_INJECTION: forcing a failure. [ 1627.364770] name failslab, interval 1, probability 0, space 0, times 0 [ 1627.365829] CPU: 0 PID: 8192 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1627.366410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1627.367132] Call Trace: [ 1627.367369] dump_stack+0x107/0x167 [ 1627.367678] should_fail.cold+0x5/0xa [ 1627.368001] ? create_object.isra.0+0x3a/0xa20 [ 1627.368406] should_failslab+0x5/0x20 [ 1627.368729] kmem_cache_alloc+0x5b/0x310 [ 1627.369073] ? mark_held_locks+0x9e/0xe0 [ 1627.369438] create_object.isra.0+0x3a/0xa20 [ 1627.369814] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1627.370245] kmem_cache_alloc_bulk+0x168/0x320 [ 1627.370667] io_submit_sqes+0x6fe6/0x8610 [ 1627.371021] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1627.371461] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.371882] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1627.372293] ? lock_downgrade+0x6d0/0x6d0 [ 1627.372655] ? find_held_lock+0x2c/0x110 [ 1627.373004] ? io_submit_sqes+0x8610/0x8610 [ 1627.373373] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1627.373795] ? wait_for_completion_io+0x270/0x270 [ 1627.374206] ? rcu_read_lock_any_held+0x75/0xa0 [ 1627.374630] ? vfs_write+0x354/0xb10 [ 1627.374946] ? fput_many+0x2f/0x1a0 [ 1627.375255] ? ksys_write+0x1a9/0x260 [ 1627.375577] ? __ia32_sys_read+0xb0/0xb0 [ 1627.375937] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1627.376381] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1627.376833] do_syscall_64+0x33/0x40 [ 1627.377153] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1627.377585] RIP: 0033:0x7f3842280b19 [ 1627.377915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1627.379476] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1627.380129] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1627.380722] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1627.381329] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1627.381926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1627.382553] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:49:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:49:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) [ 1641.799106] FAULT_INJECTION: forcing a failure. [ 1641.799106] name failslab, interval 1, probability 0, space 0, times 0 [ 1641.800126] CPU: 0 PID: 8219 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1641.800700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1641.801395] Call Trace: [ 1641.801631] dump_stack+0x107/0x167 [ 1641.801944] should_fail.cold+0x5/0xa [ 1641.802278] should_failslab+0x5/0x20 [ 1641.802630] kmem_cache_alloc_bulk+0x4b/0x320 [ 1641.803023] io_submit_sqes+0x6fe6/0x8610 [ 1641.803394] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.803813] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.804224] ? lock_downgrade+0x6d0/0x6d0 [ 1641.804572] ? find_held_lock+0x2c/0x110 [ 1641.804919] ? io_submit_sqes+0x8610/0x8610 [ 1641.805292] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1641.805703] ? wait_for_completion_io+0x270/0x270 [ 1641.806114] ? rcu_read_lock_any_held+0x75/0xa0 [ 1641.806508] ? vfs_write+0x354/0xb10 [ 1641.806843] ? fput_many+0x2f/0x1a0 [ 1641.807153] ? ksys_write+0x1a9/0x260 [ 1641.807474] ? __ia32_sys_read+0xb0/0xb0 [ 1641.807821] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1641.808262] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1641.808697] do_syscall_64+0x33/0x40 [ 1641.809012] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1641.809445] RIP: 0033:0x7f0159fffb19 [ 1641.809767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1641.811310] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1641.811951] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1641.812548] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1641.813145] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1641.813740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1641.814338] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1641.816891] FAULT_INJECTION: forcing a failure. [ 1641.816891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1641.817931] CPU: 0 PID: 8220 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1641.818505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1641.819207] Call Trace: [ 1641.819432] dump_stack+0x107/0x167 [ 1641.819739] should_fail.cold+0x5/0xa [ 1641.820064] _copy_from_user+0x2e/0x1b0 [ 1641.820403] get_timespec64+0x75/0x190 [ 1641.820732] ? put_timespec64+0x130/0x130 [ 1641.821085] ? kasan_unpoison_shadow+0x33/0x50 [ 1641.821471] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1641.821901] io_timeout_prep+0x3c5/0x8b0 [ 1641.822250] io_submit_sqes+0x54d8/0x8610 [ 1641.822633] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.823058] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.823466] ? lock_downgrade+0x6d0/0x6d0 [ 1641.823814] ? find_held_lock+0x2c/0x110 [ 1641.824159] ? io_submit_sqes+0x8610/0x8610 [ 1641.824529] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1641.824938] ? wait_for_completion_io+0x270/0x270 [ 1641.825344] ? rcu_read_lock_any_held+0x75/0xa0 [ 1641.825734] ? vfs_write+0x354/0xb10 [ 1641.826049] ? fput_many+0x2f/0x1a0 [ 1641.826357] ? ksys_write+0x1a9/0x260 [ 1641.826699] ? __ia32_sys_read+0xb0/0xb0 [ 1641.827049] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1641.827492] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1641.827929] do_syscall_64+0x33/0x40 [ 1641.828246] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1641.828684] RIP: 0033:0x7fd7b8236b19 [ 1641.828999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1641.830539] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1641.831186] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1641.831783] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1641.832379] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1641.832974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1641.833569] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1641.840213] FAULT_INJECTION: forcing a failure. [ 1641.840213] name failslab, interval 1, probability 0, space 0, times 0 [ 1641.840982] FAULT_INJECTION: forcing a failure. [ 1641.840982] name failslab, interval 1, probability 0, space 0, times 0 [ 1641.841190] CPU: 0 PID: 8211 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1641.842759] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1641.843467] Call Trace: [ 1641.843694] dump_stack+0x107/0x167 [ 1641.844006] should_fail.cold+0x5/0xa [ 1641.844344] ? create_object.isra.0+0x3a/0xa20 [ 1641.844739] should_failslab+0x5/0x20 [ 1641.845064] kmem_cache_alloc+0x5b/0x310 [ 1641.845422] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1641.845884] create_object.isra.0+0x3a/0xa20 [ 1641.846270] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1641.846718] __kmalloc+0x16e/0x390 [ 1641.847027] io_timeout_prep+0x693/0x8b0 [ 1641.847393] io_submit_sqes+0x54d8/0x8610 [ 1641.847774] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.848216] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.848643] ? lock_downgrade+0x6d0/0x6d0 [ 1641.849004] ? find_held_lock+0x2c/0x110 [ 1641.849376] ? io_submit_sqes+0x8610/0x8610 [ 1641.849760] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1641.850187] ? wait_for_completion_io+0x270/0x270 [ 1641.850630] ? rcu_read_lock_any_held+0x75/0xa0 [ 1641.851024] ? vfs_write+0x354/0xb10 [ 1641.851349] ? fput_many+0x2f/0x1a0 [ 1641.851656] ? ksys_write+0x1a9/0x260 [ 1641.851976] ? __ia32_sys_read+0xb0/0xb0 [ 1641.852332] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1641.852769] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1641.853209] do_syscall_64+0x33/0x40 [ 1641.853525] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1641.853958] RIP: 0033:0x7fe1dcd4cb19 [ 1641.854281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1641.855860] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1641.856512] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1641.857117] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1641.857723] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1641.858331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1641.858942] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1641.862611] CPU: 1 PID: 8209 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1641.863216] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1641.863904] Call Trace: [ 1641.864140] dump_stack+0x107/0x167 [ 1641.864463] should_fail.cold+0x5/0xa [ 1641.864792] ? io_timeout_prep+0x693/0x8b0 [ 1641.865160] should_failslab+0x5/0x20 [ 1641.865493] __kmalloc+0x72/0x390 [ 1641.865794] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1641.866242] io_timeout_prep+0x693/0x8b0 [ 1641.866609] io_submit_sqes+0x54d8/0x8610 [ 1641.866980] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.867415] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.867836] ? lock_downgrade+0x6d0/0x6d0 [ 1641.868190] ? find_held_lock+0x2c/0x110 [ 1641.868548] ? io_submit_sqes+0x8610/0x8610 [ 1641.868927] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1641.869351] ? wait_for_completion_io+0x270/0x270 [ 1641.869772] ? rcu_read_lock_any_held+0x75/0xa0 [ 1641.870171] ? vfs_write+0x354/0xb10 [ 1641.870492] ? fput_many+0x2f/0x1a0 [ 1641.870818] ? ksys_write+0x1a9/0x260 [ 1641.871142] ? __ia32_sys_read+0xb0/0xb0 [ 1641.871488] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1641.871945] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1641.872394] do_syscall_64+0x33/0x40 [ 1641.872709] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1641.873140] RIP: 0033:0x7f30a2e99b19 [ 1641.873454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1641.875017] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1641.875657] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1641.876265] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1641.876862] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1641.877462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1641.878058] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:49:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:49:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) 05:49:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000) 05:49:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) 05:49:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) 05:49:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1641.884554] FAULT_INJECTION: forcing a failure. [ 1641.884554] name failslab, interval 1, probability 0, space 0, times 0 [ 1641.885516] CPU: 0 PID: 8210 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1641.886098] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1641.886832] Call Trace: [ 1641.887086] dump_stack+0x107/0x167 [ 1641.887437] should_fail.cold+0x5/0xa [ 1641.887795] ? create_object.isra.0+0x3a/0xa20 [ 1641.888232] should_failslab+0x5/0x20 [ 1641.888595] kmem_cache_alloc+0x5b/0x310 [ 1641.888950] ? mark_held_locks+0x9e/0xe0 [ 1641.889314] create_object.isra.0+0x3a/0xa20 [ 1641.889703] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1641.890151] kmem_cache_alloc_bulk+0x168/0x320 [ 1641.890553] io_submit_sqes+0x6fe6/0x8610 [ 1641.894931] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1641.895354] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.895773] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1641.896183] ? lock_downgrade+0x6d0/0x6d0 [ 1641.896530] ? find_held_lock+0x2c/0x110 [ 1641.896877] ? io_submit_sqes+0x8610/0x8610 [ 1641.897245] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1641.897654] ? wait_for_completion_io+0x270/0x270 [ 1641.898060] ? rcu_read_lock_any_held+0x75/0xa0 [ 1641.898449] ? vfs_write+0x354/0xb10 [ 1641.898782] ? fput_many+0x2f/0x1a0 [ 1641.899092] ? ksys_write+0x1a9/0x260 [ 1641.899415] ? __ia32_sys_read+0xb0/0xb0 [ 1641.899763] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1641.900208] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1641.900645] do_syscall_64+0x33/0x40 [ 1641.900963] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1641.901396] RIP: 0033:0x7f3842280b19 [ 1641.901715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1641.903263] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1641.903902] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1641.904501] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1641.905107] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1641.905705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1641.906302] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:49:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) 05:49:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:49:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000) 05:49:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) [ 1642.145344] FAULT_INJECTION: forcing a failure. [ 1642.145344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1642.146409] CPU: 0 PID: 8234 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1642.146997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1642.147692] Call Trace: [ 1642.147927] dump_stack+0x107/0x167 [ 1642.148243] should_fail.cold+0x5/0xa [ 1642.148576] _copy_from_user+0x2e/0x1b0 [ 1642.148922] get_timespec64+0x75/0x190 [ 1642.149260] ? put_timespec64+0x130/0x130 [ 1642.149625] ? io_timeout_prep+0x341/0x8b0 [ 1642.149992] io_timeout_prep+0x3c5/0x8b0 [ 1642.150347] io_submit_sqes+0x54d8/0x8610 [ 1642.150737] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1642.151167] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1642.151588] ? lock_downgrade+0x6d0/0x6d0 [ 1642.151942] ? find_held_lock+0x2c/0x110 [ 1642.152295] ? io_submit_sqes+0x8610/0x8610 [ 1642.152672] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1642.153088] ? wait_for_completion_io+0x270/0x270 [ 1642.153501] ? rcu_read_lock_any_held+0x75/0xa0 [ 1642.153901] ? vfs_write+0x354/0xb10 [ 1642.154224] ? fput_many+0x2f/0x1a0 [ 1642.154539] ? ksys_write+0x1a9/0x260 [ 1642.154885] ? __ia32_sys_read+0xb0/0xb0 [ 1642.155242] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1642.155695] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1642.156141] do_syscall_64+0x33/0x40 [ 1642.156463] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1642.156899] RIP: 0033:0x7fe1dcd4cb19 [ 1642.157219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1642.158783] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1642.159431] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1642.160035] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1642.160642] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1642.161262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1642.161890] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:49:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1642.195502] FAULT_INJECTION: forcing a failure. [ 1642.195502] name failslab, interval 1, probability 0, space 0, times 0 [ 1642.196481] CPU: 0 PID: 8240 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1642.197059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1642.197768] Call Trace: [ 1642.198005] dump_stack+0x107/0x167 [ 1642.198334] should_fail.cold+0x5/0xa [ 1642.198680] ? create_object.isra.0+0x3a/0xa20 [ 1642.199075] should_failslab+0x5/0x20 [ 1642.199409] kmem_cache_alloc+0x5b/0x310 [ 1642.199767] create_object.isra.0+0x3a/0xa20 [ 1642.200148] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1642.200589] kmem_cache_alloc_bulk+0x168/0x320 [ 1642.200991] io_submit_sqes+0x6fe6/0x8610 [ 1642.201372] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1642.201801] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1642.202223] ? lock_downgrade+0x6d0/0x6d0 [ 1642.202586] ? find_held_lock+0x2c/0x110 [ 1642.202955] ? io_submit_sqes+0x8610/0x8610 [ 1642.203349] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1642.203770] ? wait_for_completion_io+0x270/0x270 [ 1642.204188] ? rcu_read_lock_any_held+0x75/0xa0 [ 1642.204588] ? vfs_write+0x354/0xb10 [ 1642.204909] ? fput_many+0x2f/0x1a0 [ 1642.205239] ? ksys_write+0x1a9/0x260 [ 1642.205576] ? __ia32_sys_read+0xb0/0xb0 [ 1642.205929] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1642.206382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1642.206835] do_syscall_64+0x33/0x40 [ 1642.207157] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1642.207595] RIP: 0033:0x7f0159fffb19 [ 1642.207914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1642.209476] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1642.210125] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1642.210756] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1642.211365] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1642.211973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1642.212582] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:49:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:50 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) 05:49:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:50 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000) 05:49:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) 05:49:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:49:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) 05:49:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) 05:49:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1656.278304] FAULT_INJECTION: forcing a failure. [ 1656.278304] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.299862] CPU: 1 PID: 8257 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1656.300434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1656.301122] Call Trace: [ 1656.301354] dump_stack+0x107/0x167 [ 1656.301665] should_fail.cold+0x5/0xa [ 1656.301992] ? io_timeout_prep+0x693/0x8b0 [ 1656.302353] should_failslab+0x5/0x20 [ 1656.302676] __kmalloc+0x72/0x390 [ 1656.302986] ? __hrtimer_init+0x12c/0x270 [ 1656.303342] io_timeout_prep+0x693/0x8b0 [ 1656.303692] io_submit_sqes+0x54d8/0x8610 [ 1656.304065] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.304488] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.304901] ? lock_downgrade+0x6d0/0x6d0 [ 1656.305251] ? find_held_lock+0x2c/0x110 [ 1656.305599] ? io_submit_sqes+0x8610/0x8610 [ 1656.305974] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1656.306387] ? wait_for_completion_io+0x270/0x270 [ 1656.306809] ? rcu_read_lock_any_held+0x75/0xa0 [ 1656.307203] ? vfs_write+0x354/0xb10 [ 1656.307520] ? fput_many+0x2f/0x1a0 [ 1656.307830] ? ksys_write+0x1a9/0x260 [ 1656.308153] ? __ia32_sys_read+0xb0/0xb0 [ 1656.308499] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1656.308941] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1656.309379] do_syscall_64+0x33/0x40 [ 1656.309698] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1656.310129] RIP: 0033:0x7fd7b8236b19 [ 1656.310447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1656.312007] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1656.312650] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1656.313247] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1656.313845] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1656.314444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1656.331086] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1656.370977] FAULT_INJECTION: forcing a failure. [ 1656.370977] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.372160] CPU: 1 PID: 8266 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1656.372732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1656.373420] Call Trace: [ 1656.373649] dump_stack+0x107/0x167 [ 1656.373960] should_fail.cold+0x5/0xa [ 1656.374285] ? create_object.isra.0+0x3a/0xa20 [ 1656.374672] should_failslab+0x5/0x20 [ 1656.375042] kmem_cache_alloc+0x5b/0x310 [ 1656.375391] ? mark_held_locks+0x9e/0xe0 [ 1656.375741] create_object.isra.0+0x3a/0xa20 [ 1656.376118] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1656.376553] kmem_cache_alloc_bulk+0x168/0x320 [ 1656.376947] io_submit_sqes+0x6fe6/0x8610 [ 1656.377301] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1656.377726] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.378150] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.378563] ? lock_downgrade+0x6d0/0x6d0 [ 1656.382960] ? find_held_lock+0x2c/0x110 [ 1656.383348] ? io_submit_sqes+0x8610/0x8610 [ 1656.383754] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1656.384207] ? wait_for_completion_io+0x270/0x270 [ 1656.384656] ? rcu_read_lock_any_held+0x75/0xa0 [ 1656.385085] ? vfs_write+0x354/0xb10 [ 1656.385435] ? fput_many+0x2f/0x1a0 [ 1656.385772] ? ksys_write+0x1a9/0x260 [ 1656.386129] ? __ia32_sys_read+0xb0/0xb0 [ 1656.386512] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1656.387018] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1656.387498] do_syscall_64+0x33/0x40 [ 1656.387846] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1656.388319] RIP: 0033:0x7f3842280b19 [ 1656.388666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1656.390314] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1656.391044] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1656.391697] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1656.392348] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1656.393046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1656.393836] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1656.440808] FAULT_INJECTION: forcing a failure. [ 1656.440808] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.443148] CPU: 1 PID: 8259 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1656.443915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1656.444844] Call Trace: [ 1656.445169] dump_stack+0x107/0x167 [ 1656.445600] should_fail.cold+0x5/0xa [ 1656.446029] should_failslab+0x5/0x20 [ 1656.446470] kmem_cache_alloc_bulk+0x4b/0x320 [ 1656.447005] io_submit_sqes+0x6fe6/0x8610 [ 1656.447539] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.448117] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.448692] ? lock_downgrade+0x6d0/0x6d0 [ 1656.449187] ? find_held_lock+0x2c/0x110 [ 1656.449662] ? io_submit_sqes+0x8610/0x8610 [ 1656.450152] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1656.454725] ? wait_for_completion_io+0x270/0x270 [ 1656.455298] ? rcu_read_lock_any_held+0x75/0xa0 [ 1656.455846] ? vfs_write+0x354/0xb10 [ 1656.456305] ? fput_many+0x2f/0x1a0 [ 1656.456745] ? ksys_write+0x1a9/0x260 [ 1656.457201] ? __ia32_sys_read+0xb0/0xb0 [ 1656.457685] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1656.458299] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1656.458890] do_syscall_64+0x33/0x40 [ 1656.459323] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1656.459906] RIP: 0033:0x7fe1dcd4cb19 [ 1656.460354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1656.462377] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1656.463248] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1656.464060] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1656.464868] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1656.465665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1656.466464] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1656.468032] FAULT_INJECTION: forcing a failure. [ 1656.468032] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.469335] CPU: 1 PID: 8268 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1656.470012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1656.470906] Call Trace: [ 1656.471211] dump_stack+0x107/0x167 [ 1656.471643] should_fail.cold+0x5/0xa [ 1656.472017] ? create_object.isra.0+0x3a/0xa20 [ 1656.472435] should_failslab+0x5/0x20 [ 1656.472799] kmem_cache_alloc+0x5b/0x310 [ 1656.473178] ? mark_held_locks+0x9e/0xe0 [ 1656.473566] create_object.isra.0+0x3a/0xa20 [ 1656.473980] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1656.474453] kmem_cache_alloc_bulk+0x168/0x320 [ 1656.474910] io_submit_sqes+0x6fe6/0x8610 [ 1656.475324] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.475797] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.476259] ? lock_downgrade+0x6d0/0x6d0 [ 1656.476644] ? find_held_lock+0x2c/0x110 [ 1656.477029] ? io_submit_sqes+0x8610/0x8610 [ 1656.477439] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1656.477886] ? wait_for_completion_io+0x270/0x270 [ 1656.478338] ? rcu_read_lock_any_held+0x75/0xa0 [ 1656.482973] ? vfs_write+0x354/0xb10 [ 1656.483894] ? fput_many+0x2f/0x1a0 [ 1656.484791] ? ksys_write+0x1a9/0x260 [ 1656.485705] ? __ia32_sys_read+0xb0/0xb0 [ 1656.486725] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1656.487997] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1656.489266] do_syscall_64+0x33/0x40 [ 1656.490235] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1656.490918] FAULT_INJECTION: forcing a failure. [ 1656.490918] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.491426] RIP: 0033:0x7f0159fffb19 [ 1656.491443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1656.496036] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1656.496825] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1656.497561] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1656.498298] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1656.499038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1656.499777] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1656.500552] CPU: 0 PID: 8272 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1656.502210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1656.504215] Call Trace: [ 1656.504841] dump_stack+0x107/0x167 [ 1656.505725] should_fail.cold+0x5/0xa [ 1656.506658] ? xas_alloc+0x336/0x440 [ 1656.507508] should_failslab+0x5/0x20 [ 1656.508337] kmem_cache_alloc+0x5b/0x310 [ 1656.509220] ? stack_trace_consume_entry+0x160/0x160 [ 1656.510322] xas_alloc+0x336/0x440 [ 1656.511184] xas_create+0x34a/0x10d0 [ 1656.512097] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1656.513359] xas_store+0x8c/0x1c40 [ 1656.514220] __xa_store+0x164/0x2d0 [ 1656.515104] ? xa_delete_node+0x280/0x280 [ 1656.516108] ? trace_hardirqs_on+0x5b/0x180 [ 1656.517159] xa_store+0x31/0x50 [ 1656.517968] __io_uring_add_tctx_node+0x1cf/0x520 [ 1656.519125] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1656.520417] __do_sys_io_uring_enter+0x1489/0x18c0 [ 1656.521612] ? lock_downgrade+0x6d0/0x6d0 [ 1656.522623] ? find_held_lock+0x2c/0x110 [ 1656.523642] ? io_submit_sqes+0x8610/0x8610 [ 1656.524701] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1656.525881] ? wait_for_completion_io+0x270/0x270 [ 1656.527064] ? rcu_read_lock_any_held+0x75/0xa0 [ 1656.528207] ? vfs_write+0x354/0xb10 [ 1656.529124] ? fput_many+0x2f/0x1a0 [ 1656.530024] ? ksys_write+0x1a9/0x260 [ 1656.530955] ? __ia32_sys_read+0xb0/0xb0 [ 1656.531940] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1656.533191] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1656.534443] do_syscall_64+0x33/0x40 [ 1656.535304] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1656.536421] RIP: 0033:0x7f30a2e99b19 [ 1656.537229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1656.541485] RSP: 002b:00007f30a03ee188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1656.543297] RAX: ffffffffffffffda RBX: 00007f30a2fad020 RCX: 00007f30a2e99b19 [ 1656.544969] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1656.546652] RBP: 00007f30a03ee1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1656.548344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1656.550023] R13: 00007ffcb9e7c18f R14: 00007f30a03ee300 R15: 0000000000022000 05:49:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:49:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:49:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:49:51 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) 05:49:51 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:49:51 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) [ 1656.892672] FAULT_INJECTION: forcing a failure. [ 1656.892672] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.895000] CPU: 0 PID: 8284 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1656.895699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1656.896553] Call Trace: [ 1656.896843] dump_stack+0x107/0x167 [ 1656.897223] should_fail.cold+0x5/0xa [ 1656.897635] ? create_object.isra.0+0x3a/0xa20 [ 1656.898114] should_failslab+0x5/0x20 [ 1656.898515] kmem_cache_alloc+0x5b/0x310 [ 1656.898967] create_object.isra.0+0x3a/0xa20 [ 1656.899437] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1656.899973] __kmalloc+0x16e/0x390 [ 1656.900363] io_timeout_prep+0x693/0x8b0 [ 1656.900813] io_submit_sqes+0x54d8/0x8610 [ 1656.901275] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.901787] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.902297] ? lock_downgrade+0x6d0/0x6d0 [ 1656.902757] ? find_held_lock+0x2c/0x110 [ 1656.903212] ? io_submit_sqes+0x8610/0x8610 [ 1656.903690] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1656.904208] ? wait_for_completion_io+0x270/0x270 [ 1656.904724] ? rcu_read_lock_any_held+0x75/0xa0 [ 1656.905229] ? vfs_write+0x354/0xb10 [ 1656.905647] ? fput_many+0x2f/0x1a0 [ 1656.906045] ? ksys_write+0x1a9/0x260 [ 1656.906456] ? __ia32_sys_read+0xb0/0xb0 [ 1656.906908] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1656.907466] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1656.908028] do_syscall_64+0x33/0x40 [ 1656.908436] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1656.908979] RIP: 0033:0x7fd7b8236b19 [ 1656.909368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1656.911255] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1656.912077] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1656.912825] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1656.913540] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1656.914276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1656.915012] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:49:51 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) [ 1656.956919] FAULT_INJECTION: forcing a failure. [ 1656.956919] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.958144] CPU: 1 PID: 8288 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1656.958860] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1656.959668] Call Trace: [ 1656.959933] dump_stack+0x107/0x167 [ 1656.960279] should_fail.cold+0x5/0xa [ 1656.961177] ? io_timeout_prep+0x693/0x8b0 [ 1656.961569] should_failslab+0x5/0x20 [ 1656.961948] __kmalloc+0x72/0x390 [ 1656.962331] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1656.962900] io_timeout_prep+0x693/0x8b0 [ 1656.963363] io_submit_sqes+0x54d8/0x8610 [ 1656.963847] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.964383] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1656.964900] ? lock_downgrade+0x6d0/0x6d0 [ 1656.965866] ? find_held_lock+0x2c/0x110 [ 1656.966792] ? io_submit_sqes+0x8610/0x8610 [ 1656.967210] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1656.967666] ? wait_for_completion_io+0x270/0x270 [ 1656.968662] ? rcu_read_lock_any_held+0x75/0xa0 [ 1656.969566] ? vfs_write+0x354/0xb10 [ 1656.970125] ? fput_many+0x2f/0x1a0 [ 1656.970981] ? ksys_write+0x1a9/0x260 [ 1656.971375] ? __ia32_sys_read+0xb0/0xb0 [ 1656.971814] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1656.972372] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1656.972852] do_syscall_64+0x33/0x40 [ 1656.973194] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1656.973706] RIP: 0033:0x7f3842280b19 05:49:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1656.974080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1656.975937] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa 05:49:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1656.976699] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1656.977409] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1656.978682] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1656.980402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1656.982041] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1657.014942] FAULT_INJECTION: forcing a failure. [ 1657.014942] name failslab, interval 1, probability 0, space 0, times 0 [ 1657.017699] CPU: 1 PID: 8291 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1657.019324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1657.021287] Call Trace: [ 1657.021910] dump_stack+0x107/0x167 [ 1657.022414] should_fail.cold+0x5/0xa [ 1657.022781] ? create_object.isra.0+0x3a/0xa20 [ 1657.023258] should_failslab+0x5/0x20 [ 1657.023600] kmem_cache_alloc+0x5b/0x310 [ 1657.023943] ? mark_held_locks+0x9e/0xe0 05:49:51 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8000000) [ 1657.024391] create_object.isra.0+0x3a/0xa20 [ 1657.024910] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1657.025898] kmem_cache_alloc_bulk+0x168/0x320 [ 1657.026971] io_submit_sqes+0x6fe6/0x8610 [ 1657.027966] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1657.029123] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1657.030077] ? lock_downgrade+0x6d0/0x6d0 [ 1657.030872] ? find_held_lock+0x2c/0x110 [ 1657.031657] ? io_submit_sqes+0x8610/0x8610 [ 1657.032478] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1657.033406] ? wait_for_completion_io+0x270/0x270 [ 1657.034335] ? rcu_read_lock_any_held+0x75/0xa0 [ 1657.035406] ? vfs_write+0x354/0xb10 [ 1657.036300] ? fput_many+0x2f/0x1a0 [ 1657.037183] ? ksys_write+0x1a9/0x260 [ 1657.038108] ? __ia32_sys_read+0xb0/0xb0 [ 1657.039100] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1657.040379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1657.041638] do_syscall_64+0x33/0x40 [ 1657.042535] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1657.043762] RIP: 0033:0x7f0159fffb19 [ 1657.044679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1657.049204] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1657.050991] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1657.052662] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1657.054382] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1657.056036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1657.057745] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1657.143400] FAULT_INJECTION: forcing a failure. [ 1657.143400] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1657.145453] CPU: 0 PID: 8299 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1657.147294] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1657.149439] Call Trace: [ 1657.150120] dump_stack+0x107/0x167 [ 1657.151077] should_fail.cold+0x5/0xa [ 1657.152085] _copy_from_user+0x2e/0x1b0 [ 1657.153151] get_timespec64+0x75/0x190 [ 1657.154170] ? put_timespec64+0x130/0x130 [ 1657.155271] ? kasan_unpoison_shadow+0x33/0x50 [ 1657.156459] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1657.157774] io_timeout_prep+0x3c5/0x8b0 [ 1657.158840] io_submit_sqes+0x54d8/0x8610 [ 1657.159980] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1657.161299] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1657.162544] ? lock_downgrade+0x6d0/0x6d0 [ 1657.163641] ? find_held_lock+0x2c/0x110 [ 1657.164712] ? io_submit_sqes+0x8610/0x8610 [ 1657.165828] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1657.167105] ? wait_for_completion_io+0x270/0x270 [ 1657.168369] ? rcu_read_lock_any_held+0x75/0xa0 [ 1657.169582] ? vfs_write+0x354/0xb10 [ 1657.170555] ? fput_many+0x2f/0x1a0 [ 1657.171512] ? ksys_write+0x1a9/0x260 [ 1657.172483] ? __ia32_sys_read+0xb0/0xb0 [ 1657.173553] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1657.174946] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1657.176305] do_syscall_64+0x33/0x40 [ 1657.177283] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1657.178599] RIP: 0033:0x7f30a2e99b19 [ 1657.179613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1657.184493] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1657.186452] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1657.188356] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1657.190190] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1657.192063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1657.193895] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1671.614228] FAULT_INJECTION: forcing a failure. [ 1671.614228] name failslab, interval 1, probability 0, space 0, times 0 [ 1671.615247] CPU: 1 PID: 8306 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1671.615826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.616520] Call Trace: [ 1671.616753] dump_stack+0x107/0x167 [ 1671.617070] should_fail.cold+0x5/0xa [ 1671.617400] ? create_object.isra.0+0x3a/0xa20 [ 1671.617794] should_failslab+0x5/0x20 [ 1671.618127] kmem_cache_alloc+0x5b/0x310 [ 1671.618478] ? mark_held_locks+0x9e/0xe0 05:50:05 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) 05:50:05 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000) 05:50:05 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) 05:50:05 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:05 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:50:05 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) 05:50:05 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:50:05 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) [ 1671.634847] create_object.isra.0+0x3a/0xa20 [ 1671.635283] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1671.635729] kmem_cache_alloc_bulk+0x168/0x320 [ 1671.636140] io_submit_sqes+0x6fe6/0x8610 [ 1671.636617] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.637040] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.637451] ? lock_downgrade+0x6d0/0x6d0 [ 1671.637799] ? find_held_lock+0x2c/0x110 [ 1671.638147] ? io_submit_sqes+0x8610/0x8610 [ 1671.638518] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1671.638993] ? wait_for_completion_io+0x270/0x270 [ 1671.639403] ? rcu_read_lock_any_held+0x75/0xa0 [ 1671.639794] ? vfs_write+0x354/0xb10 [ 1671.640110] ? fput_many+0x2f/0x1a0 [ 1671.640419] ? ksys_write+0x1a9/0x260 [ 1671.640741] ? __ia32_sys_read+0xb0/0xb0 [ 1671.641089] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.641531] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.641965] do_syscall_64+0x33/0x40 [ 1671.642281] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.642712] RIP: 0033:0x7f0159fffb19 [ 1671.643053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.644581] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1671.645219] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1671.645811] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1671.646406] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1671.647014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1671.647613] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1671.655349] FAULT_INJECTION: forcing a failure. [ 1671.655349] name failslab, interval 1, probability 0, space 0, times 0 [ 1671.656351] CPU: 0 PID: 8314 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1671.656924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.657616] Call Trace: [ 1671.657850] dump_stack+0x107/0x167 [ 1671.658162] should_fail.cold+0x5/0xa [ 1671.658491] ? create_object.isra.0+0x3a/0xa20 [ 1671.658891] should_failslab+0x5/0x20 [ 1671.659221] kmem_cache_alloc+0x5b/0x310 [ 1671.659573] create_object.isra.0+0x3a/0xa20 [ 1671.659948] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1671.660383] kmem_cache_alloc_bulk+0x168/0x320 [ 1671.660779] io_submit_sqes+0x6fe6/0x8610 [ 1671.661153] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.661576] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.661992] ? lock_downgrade+0x6d0/0x6d0 [ 1671.662344] ? find_held_lock+0x2c/0x110 [ 1671.662694] ? io_submit_sqes+0x8610/0x8610 [ 1671.663095] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1671.663508] ? wait_for_completion_io+0x270/0x270 [ 1671.663927] ? rcu_read_lock_any_held+0x75/0xa0 [ 1671.664322] ? vfs_write+0x354/0xb10 [ 1671.664640] ? fput_many+0x2f/0x1a0 [ 1671.664951] ? ksys_write+0x1a9/0x260 [ 1671.665277] ? __ia32_sys_read+0xb0/0xb0 [ 1671.665626] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.666070] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.666507] do_syscall_64+0x33/0x40 [ 1671.666825] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.667274] RIP: 0033:0x7fe1dcd4cb19 [ 1671.667591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.669129] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1671.669774] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1671.670371] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1671.670991] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1671.671594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1671.672196] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:50:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1671.703057] FAULT_INJECTION: forcing a failure. [ 1671.703057] name failslab, interval 1, probability 0, space 0, times 0 [ 1671.704057] CPU: 0 PID: 8318 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1671.704643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.705330] Call Trace: [ 1671.705558] dump_stack+0x107/0x167 [ 1671.705878] should_fail.cold+0x5/0xa [ 1671.706212] ? io_timeout_prep+0x693/0x8b0 [ 1671.706582] should_failslab+0x5/0x20 [ 1671.706930] __kmalloc+0x72/0x390 [ 1671.707227] ? __hrtimer_init+0x12c/0x270 [ 1671.707581] io_timeout_prep+0x693/0x8b0 [ 1671.707929] io_submit_sqes+0x54d8/0x8610 [ 1671.708300] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.708720] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.709128] ? lock_downgrade+0x6d0/0x6d0 [ 1671.709495] ? find_held_lock+0x2c/0x110 [ 1671.710152] ? io_submit_sqes+0x8610/0x8610 [ 1671.711116] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1671.712169] ? wait_for_completion_io+0x270/0x270 [ 1671.713219] ? rcu_read_lock_any_held+0x75/0xa0 [ 1671.714228] ? vfs_write+0x354/0xb10 [ 1671.715054] ? fput_many+0x2f/0x1a0 [ 1671.715843] ? ksys_write+0x1a9/0x260 [ 1671.716668] ? __ia32_sys_read+0xb0/0xb0 [ 1671.717551] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.718693] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.719834] do_syscall_64+0x33/0x40 [ 1671.720642] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.721810] RIP: 0033:0x7f30a2e99b19 [ 1671.722611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.726739] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1671.728464] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1671.730055] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1671.731678] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1671.731716] FAULT_INJECTION: forcing a failure. [ 1671.731716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1671.733258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1671.733267] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1671.735826] CPU: 1 PID: 8315 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1671.736402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.737103] Call Trace: [ 1671.737337] dump_stack+0x107/0x167 [ 1671.737654] should_fail.cold+0x5/0xa [ 1671.737988] _copy_from_user+0x2e/0x1b0 [ 1671.738336] get_timespec64+0x75/0x190 [ 1671.738673] ? put_timespec64+0x130/0x130 [ 1671.739050] ? kasan_unpoison_shadow+0x33/0x50 [ 1671.739444] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1671.739882] io_timeout_prep+0x3c5/0x8b0 [ 1671.740242] io_submit_sqes+0x54d8/0x8610 [ 1671.740618] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.741057] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.741486] ? lock_downgrade+0x6d0/0x6d0 [ 1671.741840] ? find_held_lock+0x2c/0x110 [ 1671.742192] ? io_submit_sqes+0x8610/0x8610 [ 1671.742571] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1671.759045] ? wait_for_completion_io+0x270/0x270 [ 1671.759510] ? rcu_read_lock_any_held+0x75/0xa0 [ 1671.759962] ? vfs_write+0x354/0xb10 [ 1671.760315] ? fput_many+0x2f/0x1a0 [ 1671.760669] ? ksys_write+0x1a9/0x260 [ 1671.761028] ? __ia32_sys_read+0xb0/0xb0 [ 1671.761420] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.761908] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.762422] do_syscall_64+0x33/0x40 [ 1671.762777] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.763283] RIP: 0033:0x7fd7b8236b19 [ 1671.763637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.765407] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1671.766126] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1671.766808] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1671.767515] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1671.768202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1671.768882] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1671.815900] FAULT_INJECTION: forcing a failure. [ 1671.815900] name failslab, interval 1, probability 0, space 0, times 0 [ 1671.817117] CPU: 1 PID: 8322 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1671.817809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.818637] Call Trace: [ 1671.818930] dump_stack+0x107/0x167 [ 1671.819308] should_fail.cold+0x5/0xa [ 1671.819705] ? create_object.isra.0+0x3a/0xa20 [ 1671.820171] should_failslab+0x5/0x20 [ 1671.820571] kmem_cache_alloc+0x5b/0x310 [ 1671.821002] create_object.isra.0+0x3a/0xa20 [ 1671.821471] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1671.822002] __kmalloc+0x16e/0x390 [ 1671.822368] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1671.822932] io_timeout_prep+0x693/0x8b0 [ 1671.823363] io_submit_sqes+0x54d8/0x8610 [ 1671.823832] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.824350] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1671.824864] ? lock_downgrade+0x6d0/0x6d0 [ 1671.825303] ? find_held_lock+0x2c/0x110 [ 1671.825744] ? io_submit_sqes+0x8610/0x8610 [ 1671.826204] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1671.826709] ? wait_for_completion_io+0x270/0x270 [ 1671.827187] ? rcu_read_lock_any_held+0x75/0xa0 [ 1671.827581] ? vfs_write+0x354/0xb10 [ 1671.827899] ? fput_many+0x2f/0x1a0 [ 1671.828209] ? ksys_write+0x1a9/0x260 [ 1671.828534] ? __ia32_sys_read+0xb0/0xb0 [ 1671.828879] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.829326] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.829763] do_syscall_64+0x33/0x40 [ 1671.830081] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.830513] RIP: 0033:0x7f3842280b19 [ 1671.830842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.832756] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1671.833572] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1671.834325] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1671.834954] perf: interrupt took too long (28487 > 28118), lowering kernel.perf_event_max_sample_rate to 7000 [ 1671.835063] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1671.835079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1671.837194] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:50:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) [ 1687.677888] FAULT_INJECTION: forcing a failure. [ 1687.677888] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.679121] CPU: 0 PID: 8341 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1687.679787] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.680585] Call Trace: [ 1687.680816] dump_stack+0x107/0x167 [ 1687.681127] should_fail.cold+0x5/0xa [ 1687.681452] ? create_object.isra.0+0x3a/0xa20 [ 1687.681840] should_failslab+0x5/0x20 [ 1687.682164] kmem_cache_alloc+0x5b/0x310 [ 1687.682513] create_object.isra.0+0x3a/0xa20 [ 1687.682888] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.683329] __kmalloc+0x16e/0x390 [ 1687.683639] io_timeout_prep+0x693/0x8b0 [ 1687.683989] io_submit_sqes+0x54d8/0x8610 [ 1687.684362] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.684783] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.685217] ? lock_downgrade+0x6d0/0x6d0 [ 1687.685571] ? find_held_lock+0x2c/0x110 [ 1687.685926] ? io_submit_sqes+0x8610/0x8610 [ 1687.686304] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1687.686726] ? wait_for_completion_io+0x270/0x270 [ 1687.687169] ? rcu_read_lock_any_held+0x75/0xa0 [ 1687.687561] ? vfs_write+0x354/0xb10 [ 1687.687877] ? fput_many+0x2f/0x1a0 [ 1687.688389] ? ksys_write+0x1a9/0x260 [ 1687.689256] ? __ia32_sys_read+0xb0/0xb0 [ 1687.690173] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.691165] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.691607] do_syscall_64+0x33/0x40 [ 1687.691935] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.692371] RIP: 0033:0x7f30a2e99b19 [ 1687.692691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.694217] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1687.694860] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1687.695463] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1687.696057] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1687.696650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.697244] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1687.701477] FAULT_INJECTION: forcing a failure. [ 1687.701477] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.702567] CPU: 1 PID: 8335 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1687.703198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.703942] Call Trace: [ 1687.704190] dump_stack+0x107/0x167 [ 1687.704530] should_fail.cold+0x5/0xa [ 1687.704885] ? create_object.isra.0+0x3a/0xa20 [ 1687.705312] should_failslab+0x5/0x20 [ 1687.705668] kmem_cache_alloc+0x5b/0x310 [ 1687.706045] ? mark_held_locks+0x9e/0xe0 [ 1687.706427] create_object.isra.0+0x3a/0xa20 [ 1687.706836] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.707333] kmem_cache_alloc_bulk+0x168/0x320 [ 1687.707761] io_submit_sqes+0x6fe6/0x8610 [ 1687.708172] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.708633] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.709082] ? lock_downgrade+0x6d0/0x6d0 [ 1687.709467] ? find_held_lock+0x2c/0x110 [ 1687.709848] ? io_submit_sqes+0x8610/0x8610 [ 1687.710258] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1687.710709] ? wait_for_completion_io+0x270/0x270 [ 1687.711174] ? rcu_read_lock_any_held+0x75/0xa0 [ 1687.711605] ? vfs_write+0x354/0xb10 [ 1687.711954] ? fput_many+0x2f/0x1a0 [ 1687.712297] ? ksys_write+0x1a9/0x260 [ 1687.712655] ? __ia32_sys_read+0xb0/0xb0 [ 1687.713037] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.713525] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.714003] do_syscall_64+0x33/0x40 [ 1687.714351] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.714825] RIP: 0033:0x7fe1dcd4cb19 [ 1687.715186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.716839] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1687.717537] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1687.718188] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1687.718836] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1687.723514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.724161] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:50:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) 05:50:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:50:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) 05:50:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) 05:50:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:21 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000) 05:50:22 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1687.747442] FAULT_INJECTION: forcing a failure. [ 1687.747442] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.748533] CPU: 0 PID: 8337 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1687.749157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.749907] Call Trace: [ 1687.750159] dump_stack+0x107/0x167 [ 1687.750502] should_fail.cold+0x5/0xa [ 1687.750864] ? create_object.isra.0+0x3a/0xa20 [ 1687.751309] should_failslab+0x5/0x20 [ 1687.751664] kmem_cache_alloc+0x5b/0x310 [ 1687.752057] create_object.isra.0+0x3a/0xa20 [ 1687.752462] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.752938] __kmalloc+0x16e/0x390 [ 1687.753270] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1687.753750] io_timeout_prep+0x693/0x8b0 [ 1687.754148] io_submit_sqes+0x54d8/0x8610 [ 1687.754562] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.755028] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.755486] ? lock_downgrade+0x6d0/0x6d0 [ 1687.755863] ? find_held_lock+0x2c/0x110 [ 1687.756250] ? io_submit_sqes+0x8610/0x8610 [ 1687.756657] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1687.757106] ? wait_for_completion_io+0x270/0x270 [ 1687.757562] ? rcu_read_lock_any_held+0x75/0xa0 [ 1687.757980] ? vfs_write+0x354/0xb10 [ 1687.758317] ? fput_many+0x2f/0x1a0 [ 1687.758659] ? ksys_write+0x1a9/0x260 [ 1687.759024] ? __ia32_sys_read+0xb0/0xb0 [ 1687.759412] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.759901] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.760375] do_syscall_64+0x33/0x40 [ 1687.760719] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.761192] RIP: 0033:0x7f3842280b19 [ 1687.761540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.763218] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1687.763908] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1687.764569] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1687.765215] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1687.765870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.766526] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:50:22 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1687.782462] FAULT_INJECTION: forcing a failure. [ 1687.782462] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.783515] CPU: 0 PID: 8350 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1687.784130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.784859] Call Trace: [ 1687.785107] dump_stack+0x107/0x167 [ 1687.785451] should_fail.cold+0x5/0xa [ 1687.785814] ? create_object.isra.0+0x3a/0xa20 [ 1687.786244] should_failslab+0x5/0x20 [ 1687.786605] kmem_cache_alloc+0x5b/0x310 [ 1687.786998] ? mark_held_locks+0x9e/0xe0 [ 1687.787388] create_object.isra.0+0x3a/0xa20 [ 1687.787799] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.788280] kmem_cache_alloc_bulk+0x168/0x320 [ 1687.788707] io_submit_sqes+0x6fe6/0x8610 [ 1687.789123] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.789584] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.790030] ? lock_downgrade+0x6d0/0x6d0 [ 1687.790408] ? find_held_lock+0x2c/0x110 [ 1687.790791] ? io_submit_sqes+0x8610/0x8610 [ 1687.791213] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1687.791664] ? wait_for_completion_io+0x270/0x270 [ 1687.792111] ? rcu_read_lock_any_held+0x75/0xa0 [ 1687.792539] ? vfs_write+0x354/0xb10 [ 1687.792888] ? fput_many+0x2f/0x1a0 [ 1687.793233] ? ksys_write+0x1a9/0x260 [ 1687.793590] ? __ia32_sys_read+0xb0/0xb0 [ 1687.793973] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.794457] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.794933] do_syscall_64+0x33/0x40 [ 1687.795294] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.795765] RIP: 0033:0x7f0159fffb19 [ 1687.796112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.797736] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1687.798424] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1687.799085] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1687.799726] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1687.800364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.801014] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1687.803833] FAULT_INJECTION: forcing a failure. [ 1687.803833] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.804977] CPU: 0 PID: 8348 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1687.805594] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.806344] Call Trace: [ 1687.806590] dump_stack+0x107/0x167 [ 1687.806928] should_fail.cold+0x5/0xa [ 1687.807295] ? create_object.isra.0+0x3a/0xa20 [ 1687.807719] should_failslab+0x5/0x20 [ 1687.808074] kmem_cache_alloc+0x5b/0x310 [ 1687.808459] create_object.isra.0+0x3a/0xa20 [ 1687.808866] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.809336] __kmalloc+0x16e/0x390 [ 1687.809665] io_timeout_prep+0x693/0x8b0 [ 1687.810049] io_submit_sqes+0x54d8/0x8610 [ 1687.810441] ? percpu_ref_tryget_many+0x21c/0x2d0 [ 1687.810898] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.811400] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.811908] ? lock_downgrade+0x6d0/0x6d0 [ 1687.812351] ? find_held_lock+0x2c/0x110 [ 1687.812783] ? io_submit_sqes+0x8610/0x8610 [ 1687.813242] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.813777] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1687.814336] ? trace_hardirqs_on+0x5b/0x180 [ 1687.814788] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1687.815375] ? ksys_write+0x19b/0x260 [ 1687.815802] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 1687.816302] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 1687.816888] ? ksys_write+0x1a9/0x260 [ 1687.817314] ? __ia32_sys_read+0xb0/0xb0 [ 1687.817820] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.818461] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.819078] do_syscall_64+0x33/0x40 [ 1687.819525] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.820136] RIP: 0033:0x7fd7b8236b19 [ 1687.820589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.822808] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1687.823605] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1687.824246] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1687.824897] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1687.825545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.826197] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:50:22 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) 05:50:22 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1687.959986] FAULT_INJECTION: forcing a failure. [ 1687.959986] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.962815] CPU: 1 PID: 8356 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1687.964263] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.965895] Call Trace: [ 1687.966419] dump_stack+0x107/0x167 [ 1687.967083] should_fail.cold+0x5/0xa [ 1687.967440] ? create_object.isra.0+0x3a/0xa20 [ 1687.967860] should_failslab+0x5/0x20 [ 1687.968213] kmem_cache_alloc+0x5b/0x310 [ 1687.968595] create_object.isra.0+0x3a/0xa20 [ 1687.968999] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.969470] kmem_cache_alloc_bulk+0x168/0x320 [ 1687.969900] io_submit_sqes+0x6fe6/0x8610 [ 1687.970307] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.970771] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1687.971520] ? lock_downgrade+0x6d0/0x6d0 [ 1687.972300] ? find_held_lock+0x2c/0x110 [ 1687.973051] ? io_submit_sqes+0x8610/0x8610 [ 1687.973858] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1687.974757] ? wait_for_completion_io+0x270/0x270 [ 1687.975347] ? rcu_read_lock_any_held+0x75/0xa0 [ 1687.975772] ? vfs_write+0x354/0xb10 [ 1687.976118] ? fput_many+0x2f/0x1a0 [ 1687.976458] ? ksys_write+0x1a9/0x260 [ 1687.976812] ? __ia32_sys_read+0xb0/0xb0 [ 1687.977194] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.977676] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.978155] do_syscall_64+0x33/0x40 [ 1687.978501] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.978968] RIP: 0033:0x7fe1dcd4cb19 [ 1687.979410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.981101] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1687.981804] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1687.982454] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1687.983173] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1687.983835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.984487] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1688.015816] FAULT_INJECTION: forcing a failure. [ 1688.015816] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.017234] CPU: 1 PID: 8359 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1688.017874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.018617] Call Trace: [ 1688.018895] dump_stack+0x107/0x167 [ 1688.019266] should_fail.cold+0x5/0xa [ 1688.019624] should_failslab+0x5/0x20 [ 1688.020017] kmem_cache_alloc_bulk+0x4b/0x320 [ 1688.020436] io_submit_sqes+0x6fe6/0x8610 [ 1688.020834] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1688.021302] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1688.021761] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1688.022218] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1688.022632] ? _raw_spin_unlock_irq+0x27/0x30 [ 1688.023107] ? io_submit_sqes+0x8610/0x8610 [ 1688.023507] ? finish_task_switch+0x126/0x5d0 [ 1688.023947] ? finish_task_switch+0xef/0x5d0 [ 1688.024352] ? __switch_to+0x572/0xf70 [ 1688.024714] ? __switch_to_asm+0x3a/0x60 [ 1688.025119] ? __switch_to_asm+0x34/0x60 [ 1688.025501] ? __schedule+0x82c/0x1ea0 [ 1688.025893] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.026376] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1688.026895] ? trace_hardirqs_on+0x5b/0x180 [ 1688.027328] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1688.027842] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.028323] do_syscall_64+0x33/0x40 [ 1688.028668] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.029142] RIP: 0033:0x7f285a8beb19 [ 1688.029489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.031190] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1688.031875] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1688.032495] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1688.033119] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1688.033767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1688.034414] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1702.009668] FAULT_INJECTION: forcing a failure. [ 1702.009668] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.011564] CPU: 1 PID: 8371 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1702.012307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.013864] Call Trace: [ 1702.014334] dump_stack+0x107/0x167 [ 1702.014973] should_fail.cold+0x5/0xa [ 1702.015351] FAULT_INJECTION: forcing a failure. [ 1702.015351] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.015430] ? create_object.isra.0+0x3a/0xa20 [ 1702.016788] should_failslab+0x5/0x20 [ 1702.017119] kmem_cache_alloc+0x5b/0x310 [ 1702.017471] ? mark_held_locks+0x9e/0xe0 [ 1702.017822] create_object.isra.0+0x3a/0xa20 [ 1702.018206] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.018642] kmem_cache_alloc_bulk+0x168/0x320 [ 1702.019037] io_submit_sqes+0x6fe6/0x8610 [ 1702.019450] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.019872] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.020301] ? lock_downgrade+0x6d0/0x6d0 [ 1702.020653] ? find_held_lock+0x2c/0x110 [ 1702.021003] ? io_submit_sqes+0x8610/0x8610 [ 1702.021434] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.021931] ? wait_for_completion_io+0x270/0x270 [ 1702.022442] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.022917] ? vfs_write+0x354/0xb10 [ 1702.023323] ? fput_many+0x2f/0x1a0 [ 1702.023706] ? ksys_write+0x1a9/0x260 [ 1702.024101] ? __ia32_sys_read+0xb0/0xb0 [ 1702.024526] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.025072] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.025612] do_syscall_64+0x33/0x40 [ 1702.026003] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.026547] RIP: 0033:0x7f0159fffb19 [ 1702.026938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.028847] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.029631] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1702.030608] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1702.031870] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.033144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.034420] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1702.035442] CPU: 0 PID: 8374 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1702.036030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.036731] Call Trace: [ 1702.036964] dump_stack+0x107/0x167 [ 1702.037296] should_fail.cold+0x5/0xa [ 1702.037623] ? create_object.isra.0+0x3a/0xa20 [ 1702.038009] should_failslab+0x5/0x20 [ 1702.038353] kmem_cache_alloc+0x5b/0x310 [ 1702.038698] ? mark_held_locks+0x9e/0xe0 [ 1702.039043] create_object.isra.0+0x3a/0xa20 [ 1702.039473] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.039961] kmem_cache_alloc_bulk+0x168/0x320 [ 1702.040448] io_submit_sqes+0x6fe6/0x8610 [ 1702.040883] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.041407] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.041900] ? lock_downgrade+0x6d0/0x6d0 [ 1702.042343] ? find_held_lock+0x2c/0x110 [ 1702.042762] ? io_submit_sqes+0x8610/0x8610 [ 1702.043246] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.043742] ? wait_for_completion_io+0x270/0x270 [ 1702.044256] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.044730] ? vfs_write+0x354/0xb10 [ 1702.045123] ? fput_many+0x2f/0x1a0 [ 1702.045507] ? ksys_write+0x1a9/0x260 [ 1702.045894] ? __ia32_sys_read+0xb0/0xb0 [ 1702.046570] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.047615] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.048518] do_syscall_64+0x33/0x40 [ 1702.049180] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.050042] RIP: 0033:0x7fe1dcd4cb19 [ 1702.050803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.056776] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.057585] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1702.058286] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1702.058953] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.059601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.060194] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 05:50:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) 05:50:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:50:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) 05:50:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x100000000000000) 05:50:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) 05:50:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:50:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) [ 1702.070591] FAULT_INJECTION: forcing a failure. [ 1702.070591] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1702.071700] CPU: 0 PID: 8376 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1702.072295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.073072] Call Trace: [ 1702.073323] dump_stack+0x107/0x167 [ 1702.073672] should_fail.cold+0x5/0xa [ 1702.074032] _copy_from_user+0x2e/0x1b0 [ 1702.074425] get_timespec64+0x75/0x190 [ 1702.074791] ? put_timespec64+0x130/0x130 [ 1702.075238] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.075682] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.076156] io_timeout_prep+0x3c5/0x8b0 [ 1702.076527] io_submit_sqes+0x54d8/0x8610 [ 1702.076910] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.077330] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.077752] ? lock_downgrade+0x6d0/0x6d0 [ 1702.078102] ? find_held_lock+0x2c/0x110 [ 1702.078451] ? io_submit_sqes+0x8610/0x8610 [ 1702.078833] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.079283] ? wait_for_completion_io+0x270/0x270 [ 1702.079690] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.080079] ? vfs_write+0x354/0xb10 [ 1702.080394] ? fput_many+0x2f/0x1a0 [ 1702.080705] ? ksys_write+0x1a9/0x260 [ 1702.081028] ? __ia32_sys_read+0xb0/0xb0 [ 1702.081374] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.081834] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.082270] do_syscall_64+0x33/0x40 [ 1702.082585] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.083015] RIP: 0033:0x7f30a2e99b19 [ 1702.083368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.084898] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.085536] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1702.086130] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1702.086744] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.087370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.087964] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1702.088817] FAULT_INJECTION: forcing a failure. [ 1702.088817] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.089779] CPU: 0 PID: 8382 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1702.090349] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.091036] Call Trace: [ 1702.091297] dump_stack+0x107/0x167 [ 1702.091606] should_fail.cold+0x5/0xa [ 1702.091936] ? create_object.isra.0+0x3a/0xa20 [ 1702.092333] should_failslab+0x5/0x20 [ 1702.092666] kmem_cache_alloc+0x5b/0x310 [ 1702.093025] create_object.isra.0+0x3a/0xa20 [ 1702.093406] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.093539] FAULT_INJECTION: forcing a failure. [ 1702.093539] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.093840] __kmalloc+0x16e/0x390 [ 1702.095073] io_timeout_prep+0x693/0x8b0 [ 1702.095456] io_submit_sqes+0x54d8/0x8610 [ 1702.095842] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.096279] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.096717] ? lock_downgrade+0x6d0/0x6d0 [ 1702.097075] ? find_held_lock+0x2c/0x110 [ 1702.097439] ? io_submit_sqes+0x8610/0x8610 [ 1702.097822] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.098258] ? wait_for_completion_io+0x270/0x270 [ 1702.098677] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.099079] ? vfs_write+0x354/0xb10 [ 1702.099422] ? fput_many+0x2f/0x1a0 [ 1702.099741] ? ksys_write+0x1a9/0x260 [ 1702.100079] ? __ia32_sys_read+0xb0/0xb0 [ 1702.100444] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.100897] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.101358] do_syscall_64+0x33/0x40 [ 1702.101690] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.102138] RIP: 0033:0x7fd7b8236b19 [ 1702.102458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.104007] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.104654] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1702.105259] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1702.105857] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.106463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.107078] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1702.107731] CPU: 1 PID: 8381 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1702.108338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.109037] Call Trace: [ 1702.109272] dump_stack+0x107/0x167 [ 1702.109592] should_fail.cold+0x5/0xa [ 1702.109927] ? io_timeout_prep+0x693/0x8b0 [ 1702.110294] should_failslab+0x5/0x20 [ 1702.110620] __kmalloc+0x72/0x390 [ 1702.110927] ? __hrtimer_init+0x12c/0x270 [ 1702.111308] io_timeout_prep+0x693/0x8b0 [ 1702.111667] io_submit_sqes+0x54d8/0x8610 [ 1702.112050] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.112484] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.112901] ? lock_downgrade+0x6d0/0x6d0 [ 1702.113263] ? find_held_lock+0x2c/0x110 [ 1702.113621] ? io_submit_sqes+0x8610/0x8610 [ 1702.113996] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.114416] ? wait_for_completion_io+0x270/0x270 [ 1702.114838] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.119267] ? vfs_write+0x354/0xb10 [ 1702.119584] ? fput_many+0x2f/0x1a0 [ 1702.119894] ? ksys_write+0x1a9/0x260 [ 1702.120225] ? __ia32_sys_read+0xb0/0xb0 [ 1702.120570] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.121009] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.121456] do_syscall_64+0x33/0x40 [ 1702.121769] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.122204] RIP: 0033:0x7f3842280b19 [ 1702.122525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.124095] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.124765] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1702.125366] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1702.125971] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.126577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.127202] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1702.139878] FAULT_INJECTION: forcing a failure. [ 1702.139878] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.140986] CPU: 0 PID: 8379 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1702.141567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.142292] Call Trace: [ 1702.142549] dump_stack+0x107/0x167 [ 1702.142902] should_fail.cold+0x5/0xa [ 1702.143301] ? create_object.isra.0+0x3a/0xa20 [ 1702.143727] should_failslab+0x5/0x20 [ 1702.144078] kmem_cache_alloc+0x5b/0x310 [ 1702.144434] create_object.isra.0+0x3a/0xa20 [ 1702.144808] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.145254] kmem_cache_alloc_bulk+0x168/0x320 [ 1702.145643] io_submit_sqes+0x6fe6/0x8610 [ 1702.145996] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1702.146423] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.146843] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.147314] ? lock_downgrade+0x6d0/0x6d0 [ 1702.147664] ? find_held_lock+0x2c/0x110 [ 1702.148013] ? io_submit_sqes+0x8610/0x8610 [ 1702.148395] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.148806] ? wait_for_completion_io+0x270/0x270 [ 1702.149217] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.149617] ? vfs_write+0x354/0xb10 [ 1702.149935] ? fput_many+0x2f/0x1a0 [ 1702.150250] ? ksys_write+0x1a9/0x260 [ 1702.150594] ? __ia32_sys_read+0xb0/0xb0 [ 1702.150943] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.151421] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.151871] do_syscall_64+0x33/0x40 [ 1702.152195] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.152626] RIP: 0033:0x7f285a8beb19 [ 1702.152943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.154482] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.155137] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1702.155760] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1702.156362] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.156964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1702.157582] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:50:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) 05:50:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 05:50:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000000000000) [ 1702.435691] FAULT_INJECTION: forcing a failure. [ 1702.435691] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.436692] CPU: 0 PID: 8391 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1702.437283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.437972] Call Trace: [ 1702.438204] dump_stack+0x107/0x167 [ 1702.451552] should_fail.cold+0x5/0xa [ 1702.451906] ? create_object.isra.0+0x3a/0xa20 [ 1702.452322] should_failslab+0x5/0x20 [ 1702.452648] kmem_cache_alloc+0x5b/0x310 [ 1702.452995] ? mark_held_locks+0x9e/0xe0 [ 1702.453344] create_object.isra.0+0x3a/0xa20 [ 1702.453717] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.454149] kmem_cache_alloc_bulk+0x168/0x320 [ 1702.454542] io_submit_sqes+0x6fe6/0x8610 [ 1702.454913] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.455357] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.455766] ? lock_downgrade+0x6d0/0x6d0 [ 1702.456124] ? find_held_lock+0x2c/0x110 [ 1702.456484] ? io_submit_sqes+0x8610/0x8610 [ 1702.456868] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.457293] ? wait_for_completion_io+0x270/0x270 [ 1702.457715] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.458123] ? vfs_write+0x354/0xb10 [ 1702.458451] ? fput_many+0x2f/0x1a0 [ 1702.458771] ? ksys_write+0x1a9/0x260 [ 1702.459103] ? __ia32_sys_read+0xb0/0xb0 [ 1702.459468] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.459912] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.460354] do_syscall_64+0x33/0x40 [ 1702.460672] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.461105] RIP: 0033:0x7f0159fffb19 [ 1702.461425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.462967] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.463622] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1702.464220] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1702.464822] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.465421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.466027] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:50:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) 05:50:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) [ 1702.556533] FAULT_INJECTION: forcing a failure. [ 1702.556533] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.557511] CPU: 0 PID: 8395 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1702.558082] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.558777] Call Trace: [ 1702.559007] dump_stack+0x107/0x167 [ 1702.559335] should_fail.cold+0x5/0xa [ 1702.559662] ? io_timeout_prep+0x693/0x8b0 [ 1702.560023] should_failslab+0x5/0x20 [ 1702.560348] __kmalloc+0x72/0x390 [ 1702.560649] ? __hrtimer_init+0x12c/0x270 [ 1702.561006] io_timeout_prep+0x693/0x8b0 [ 1702.561366] io_submit_sqes+0x54d8/0x8610 [ 1702.561745] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.562172] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.562589] ? lock_downgrade+0x6d0/0x6d0 [ 1702.562941] ? find_held_lock+0x2c/0x110 [ 1702.563306] ? io_submit_sqes+0x8610/0x8610 [ 1702.563691] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.564111] ? wait_for_completion_io+0x270/0x270 [ 1702.564530] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.564933] ? vfs_write+0x354/0xb10 [ 1702.565254] ? fput_many+0x2f/0x1a0 [ 1702.565566] ? ksys_write+0x1a9/0x260 [ 1702.565894] ? __ia32_sys_read+0xb0/0xb0 [ 1702.566245] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.566691] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.567145] do_syscall_64+0x33/0x40 [ 1702.567471] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.567908] RIP: 0033:0x7f30a2e99b19 [ 1702.568230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.569783] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.570433] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1702.571039] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1702.571665] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.572271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.572874] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1702.580951] FAULT_INJECTION: forcing a failure. [ 1702.580951] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1702.581951] CPU: 0 PID: 8402 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1702.582530] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.583246] Call Trace: [ 1702.583474] dump_stack+0x107/0x167 [ 1702.583786] should_fail.cold+0x5/0xa [ 1702.584118] _copy_from_user+0x2e/0x1b0 [ 1702.584464] get_timespec64+0x75/0x190 [ 1702.584815] ? put_timespec64+0x130/0x130 [ 1702.585191] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.585597] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.586040] io_timeout_prep+0x3c5/0x8b0 [ 1702.586403] io_submit_sqes+0x54d8/0x8610 [ 1702.586788] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.587407] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.588278] ? lock_downgrade+0x6d0/0x6d0 [ 1702.588659] FAULT_INJECTION: forcing a failure. [ 1702.588659] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.589033] ? find_held_lock+0x2c/0x110 [ 1702.589062] ? io_submit_sqes+0x8610/0x8610 [ 1702.589096] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.593610] ? wait_for_completion_io+0x270/0x270 [ 1702.594433] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.595218] ? vfs_write+0x354/0xb10 [ 1702.595542] ? fput_many+0x2f/0x1a0 [ 1702.595856] ? ksys_write+0x1a9/0x260 [ 1702.596193] ? __ia32_sys_read+0xb0/0xb0 [ 1702.596547] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.596996] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.597441] do_syscall_64+0x33/0x40 [ 1702.597761] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.598194] RIP: 0033:0x7fd7b8236b19 [ 1702.598514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.601099] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.602405] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1702.603687] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1702.605305] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.606605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.607504] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1702.608140] CPU: 1 PID: 8403 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1702.608740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.609441] Call Trace: [ 1702.609678] dump_stack+0x107/0x167 [ 1702.610008] should_fail.cold+0x5/0xa [ 1702.610346] ? create_object.isra.0+0x3a/0xa20 [ 1702.610753] should_failslab+0x5/0x20 [ 1702.611093] kmem_cache_alloc+0x5b/0x310 [ 1702.611518] ? mark_held_locks+0x9e/0xe0 [ 1702.611952] create_object.isra.0+0x3a/0xa20 [ 1702.612662] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.613627] kmem_cache_alloc_bulk+0x168/0x320 [ 1702.614520] io_submit_sqes+0x6fe6/0x8610 [ 1702.615279] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.615709] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1702.616134] ? lock_downgrade+0x6d0/0x6d0 [ 1702.616489] ? find_held_lock+0x2c/0x110 [ 1702.616835] ? io_submit_sqes+0x8610/0x8610 [ 1702.617225] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1702.617633] ? wait_for_completion_io+0x270/0x270 [ 1702.618041] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.618453] ? vfs_write+0x354/0xb10 [ 1702.618769] ? fput_many+0x2f/0x1a0 [ 1702.619079] ? ksys_write+0x1a9/0x260 [ 1702.619438] ? __ia32_sys_read+0xb0/0xb0 [ 1702.619784] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.620222] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.620670] do_syscall_64+0x33/0x40 [ 1702.620986] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.621415] RIP: 0033:0x7fe1dcd4cb19 [ 1702.621742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.623291] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1702.623938] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1702.624528] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1702.625133] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.625737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.626329] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1716.585595] FAULT_INJECTION: forcing a failure. [ 1716.585595] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.586629] CPU: 0 PID: 8413 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1716.587198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.587901] Call Trace: [ 1716.588134] dump_stack+0x107/0x167 [ 1716.588445] should_fail.cold+0x5/0xa [ 1716.588775] should_failslab+0x5/0x20 [ 1716.589100] kmem_cache_alloc_bulk+0x4b/0x320 [ 1716.589490] io_submit_sqes+0x6fe6/0x8610 [ 1716.589864] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.590287] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.590702] ? lock_downgrade+0x6d0/0x6d0 [ 1716.591055] ? find_held_lock+0x2c/0x110 [ 1716.591418] ? io_submit_sqes+0x8610/0x8610 [ 1716.591792] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.592205] ? wait_for_completion_io+0x270/0x270 [ 1716.592622] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.593019] ? vfs_write+0x354/0xb10 [ 1716.593335] ? fput_many+0x2f/0x1a0 [ 1716.593647] ? ksys_write+0x1a9/0x260 [ 1716.593972] ? __ia32_sys_read+0xb0/0xb0 [ 1716.594321] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.594766] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.595205] do_syscall_64+0x33/0x40 [ 1716.595549] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.595986] RIP: 0033:0x7fd7b8236b19 [ 1716.596304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.597842] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.598488] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1716.599088] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1716.599706] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.600309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1716.600912] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1716.620793] FAULT_INJECTION: forcing a failure. [ 1716.620793] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.621963] CPU: 0 PID: 8423 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1716.622088] FAULT_INJECTION: forcing a failure. 05:50:50 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) 05:50:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:50 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000000000000) 05:50:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) 05:50:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:50:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:50:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) 05:50:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) [ 1716.622088] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.622543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.622559] Call Trace: [ 1716.624739] dump_stack+0x107/0x167 [ 1716.625053] should_fail.cold+0x5/0xa [ 1716.625381] ? create_object.isra.0+0x3a/0xa20 [ 1716.625772] should_failslab+0x5/0x20 [ 1716.626100] kmem_cache_alloc+0x5b/0x310 [ 1716.626447] ? mark_held_locks+0x9e/0xe0 [ 1716.626797] create_object.isra.0+0x3a/0xa20 [ 1716.627175] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.627633] kmem_cache_alloc_bulk+0x168/0x320 [ 1716.628026] io_submit_sqes+0x6fe6/0x8610 [ 1716.628401] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.628824] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.629237] ? lock_downgrade+0x6d0/0x6d0 [ 1716.629589] ? find_held_lock+0x2c/0x110 [ 1716.629939] ? io_submit_sqes+0x8610/0x8610 [ 1716.630314] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.630732] ? wait_for_completion_io+0x270/0x270 [ 1716.631145] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.631562] ? vfs_write+0x354/0xb10 [ 1716.631882] ? fput_many+0x2f/0x1a0 [ 1716.632196] ? ksys_write+0x1a9/0x260 [ 1716.632522] ? __ia32_sys_read+0xb0/0xb0 [ 1716.632873] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.633319] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.633764] do_syscall_64+0x33/0x40 [ 1716.634082] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.634518] RIP: 0033:0x7fe1dcd4cb19 [ 1716.634837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.636400] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.637046] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1716.637647] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1716.638248] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.638850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1716.639470] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1716.640155] CPU: 1 PID: 8415 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1716.640825] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.641569] Call Trace: [ 1716.641940] dump_stack+0x107/0x167 [ 1716.642515] should_fail.cold+0x5/0xa [ 1716.642931] ? create_object.isra.0+0x3a/0xa20 [ 1716.643370] should_failslab+0x5/0x20 [ 1716.643796] kmem_cache_alloc+0x5b/0x310 [ 1716.644144] ? mark_held_locks+0x9e/0xe0 [ 1716.644490] create_object.isra.0+0x3a/0xa20 [ 1716.644945] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.645380] kmem_cache_alloc_bulk+0x168/0x320 [ 1716.645914] io_submit_sqes+0x6fe6/0x8610 [ 1716.646290] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.646793] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.647205] ? lock_downgrade+0x6d0/0x6d0 [ 1716.647599] ? find_held_lock+0x2c/0x110 [ 1716.648032] ? io_submit_sqes+0x8610/0x8610 [ 1716.648408] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.648897] ? wait_for_completion_io+0x270/0x270 [ 1716.649311] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.649839] ? vfs_write+0x354/0xb10 [ 1716.650158] ? fput_many+0x2f/0x1a0 [ 1716.650470] ? ksys_write+0x1a9/0x260 [ 1716.650874] ? __ia32_sys_read+0xb0/0xb0 [ 1716.651223] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.651801] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.652294] do_syscall_64+0x33/0x40 [ 1716.652613] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.653127] RIP: 0033:0x7f0159fffb19 [ 1716.653442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.655288] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.656029] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1716.656746] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1716.657402] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.658188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1716.658865] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1716.663765] FAULT_INJECTION: forcing a failure. [ 1716.663765] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.664942] CPU: 1 PID: 8417 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1716.665529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.666383] Call Trace: [ 1716.666638] dump_stack+0x107/0x167 [ 1716.667061] should_fail.cold+0x5/0xa [ 1716.667445] ? create_object.isra.0+0x3a/0xa20 [ 1716.667972] should_failslab+0x5/0x20 [ 1716.668304] kmem_cache_alloc+0x5b/0x310 [ 1716.668650] create_object.isra.0+0x3a/0xa20 [ 1716.669111] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.669542] __kmalloc+0x16e/0x390 [ 1716.669981] io_timeout_prep+0x693/0x8b0 [ 1716.670342] io_submit_sqes+0x54d8/0x8610 [ 1716.670795] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.671218] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.671651] ? lock_downgrade+0x6d0/0x6d0 [ 1716.672091] ? find_held_lock+0x2c/0x110 [ 1716.672451] ? io_submit_sqes+0x8610/0x8610 [ 1716.672901] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.674664] ? wait_for_completion_io+0x270/0x270 [ 1716.675170] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.675591] ? vfs_write+0x354/0xb10 [ 1716.675995] ? fput_many+0x2f/0x1a0 [ 1716.679002] ? ksys_write+0x1a9/0x260 [ 1716.679354] ? __ia32_sys_read+0xb0/0xb0 [ 1716.679797] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.680252] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.680775] do_syscall_64+0x33/0x40 [ 1716.681108] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.681538] RIP: 0033:0x7f30a2e99b19 [ 1716.682003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.683644] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.684382] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1716.685076] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1716.685807] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.686418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1716.687101] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1716.710678] FAULT_INJECTION: forcing a failure. [ 1716.710678] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.713910] CPU: 1 PID: 8419 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1716.714494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.716245] Call Trace: [ 1716.716475] dump_stack+0x107/0x167 [ 1716.717833] should_fail.cold+0x5/0xa [ 1716.718163] ? create_object.isra.0+0x3a/0xa20 [ 1716.718559] should_failslab+0x5/0x20 [ 1716.719980] kmem_cache_alloc+0x5b/0x310 [ 1716.720335] create_object.isra.0+0x3a/0xa20 [ 1716.721761] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.722213] __kmalloc+0x16e/0x390 [ 1716.722518] io_timeout_prep+0x693/0x8b0 [ 1716.723937] io_submit_sqes+0x54d8/0x8610 [ 1716.724318] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.725787] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.726213] ? lock_downgrade+0x6d0/0x6d0 [ 1716.726561] ? find_held_lock+0x2c/0x110 [ 1716.727966] ? io_submit_sqes+0x8610/0x8610 [ 1716.728341] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.729803] ? wait_for_completion_io+0x270/0x270 [ 1716.730222] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.730627] ? vfs_write+0x354/0xb10 [ 1716.732003] ? fput_many+0x2f/0x1a0 [ 1716.732323] ? ksys_write+0x1a9/0x260 [ 1716.732659] ? __ia32_sys_read+0xb0/0xb0 [ 1716.734060] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.734508] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.739554] do_syscall_64+0x33/0x40 [ 1716.739892] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.740345] RIP: 0033:0x7f3842280b19 [ 1716.740679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.742287] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.742969] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1716.743625] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1716.744257] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.744889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1716.745521] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1716.750425] FAULT_INJECTION: forcing a failure. [ 1716.750425] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.751615] CPU: 1 PID: 8424 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1716.752221] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.752949] Call Trace: [ 1716.753197] dump_stack+0x107/0x167 [ 1716.753526] should_fail.cold+0x5/0xa [ 1716.753868] ? create_object.isra.0+0x3a/0xa20 [ 1716.754284] should_failslab+0x5/0x20 [ 1716.754624] kmem_cache_alloc+0x5b/0x310 [ 1716.754998] ? mark_held_locks+0x9e/0xe0 [ 1716.755395] create_object.isra.0+0x3a/0xa20 [ 1716.755793] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.756260] kmem_cache_alloc_bulk+0x168/0x320 [ 1716.756676] io_submit_sqes+0x6fe6/0x8610 [ 1716.757055] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1716.757518] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.757964] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.758399] ? lock_downgrade+0x6d0/0x6d0 [ 1716.758771] ? find_held_lock+0x2c/0x110 [ 1716.759141] ? io_submit_sqes+0x8610/0x8610 [ 1716.759553] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.759999] ? wait_for_completion_io+0x270/0x270 [ 1716.760441] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.760873] ? vfs_write+0x354/0xb10 [ 1716.761218] ? fput_many+0x2f/0x1a0 [ 1716.761546] ? ksys_write+0x1a9/0x260 [ 1716.761893] ? __ia32_sys_read+0xb0/0xb0 [ 1716.762264] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.762734] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.763197] do_syscall_64+0x33/0x40 [ 1716.763545] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.764003] RIP: 0033:0x7f285a8beb19 [ 1716.764346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.765958] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.766640] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1716.767297] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1716.767938] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.768578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1716.769214] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:50:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1716.877598] FAULT_INJECTION: forcing a failure. [ 1716.877598] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.878733] CPU: 1 PID: 8430 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1716.879353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.880085] Call Trace: [ 1716.880341] dump_stack+0x107/0x167 [ 1716.880672] should_fail.cold+0x5/0xa [ 1716.881019] ? create_object.isra.0+0x3a/0xa20 [ 1716.881440] should_failslab+0x5/0x20 [ 1716.881784] kmem_cache_alloc+0x5b/0x310 [ 1716.882153] ? mark_held_locks+0x9e/0xe0 [ 1716.882526] create_object.isra.0+0x3a/0xa20 [ 1716.882921] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.883404] kmem_cache_alloc_bulk+0x168/0x320 [ 1716.883823] io_submit_sqes+0x6fe6/0x8610 [ 1716.884204] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1716.884665] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.885116] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.885554] ? lock_downgrade+0x6d0/0x6d0 [ 1716.885925] ? find_held_lock+0x2c/0x110 [ 1716.886296] ? io_submit_sqes+0x8610/0x8610 [ 1716.886694] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.887137] ? wait_for_completion_io+0x270/0x270 [ 1716.887592] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.888009] ? vfs_write+0x354/0xb10 [ 1716.888346] ? fput_many+0x2f/0x1a0 [ 1716.888677] ? ksys_write+0x1a9/0x260 [ 1716.889033] ? __ia32_sys_read+0xb0/0xb0 [ 1716.889408] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.889878] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.890348] do_syscall_64+0x33/0x40 [ 1716.890685] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.891144] RIP: 0033:0x7f285a8beb19 [ 1716.891498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.893109] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.893798] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1716.894442] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1716.895075] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.895724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1716.896364] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:50:51 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) 05:50:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:50:51 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) [ 1717.008354] FAULT_INJECTION: forcing a failure. [ 1717.008354] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.009464] CPU: 0 PID: 8434 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1717.010037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1717.010741] Call Trace: [ 1717.010974] dump_stack+0x107/0x167 [ 1717.011302] should_fail.cold+0x5/0xa [ 1717.011635] ? create_object.isra.0+0x3a/0xa20 [ 1717.012024] should_failslab+0x5/0x20 [ 1717.012360] kmem_cache_alloc+0x5b/0x310 [ 1717.012709] create_object.isra.0+0x3a/0xa20 [ 1717.013088] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1717.013535] kmem_cache_alloc_bulk+0x168/0x320 [ 1717.013929] io_submit_sqes+0x6fe6/0x8610 [ 1717.014313] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.014742] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.015161] ? lock_downgrade+0x6d0/0x6d0 [ 1717.015529] ? find_held_lock+0x2c/0x110 [ 1717.015880] ? io_submit_sqes+0x8610/0x8610 [ 1717.016265] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1717.016691] ? wait_for_completion_io+0x270/0x270 [ 1717.017122] ? rcu_read_lock_any_held+0x75/0xa0 [ 1717.017528] ? vfs_write+0x354/0xb10 [ 1717.017847] ? fput_many+0x2f/0x1a0 [ 1717.018165] ? ksys_write+0x1a9/0x260 [ 1717.018490] ? __ia32_sys_read+0xb0/0xb0 [ 1717.018840] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1717.019305] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1717.019747] do_syscall_64+0x33/0x40 [ 1717.020066] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1717.020501] RIP: 0033:0x7fd7b8236b19 [ 1717.020819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1717.022356] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1717.022995] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1717.023631] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1717.024237] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1717.024835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1717.025447] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1717.062216] FAULT_INJECTION: forcing a failure. [ 1717.062216] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.063307] CPU: 1 PID: 8440 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1717.063909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1717.064629] Call Trace: [ 1717.064877] dump_stack+0x107/0x167 [ 1717.065205] should_fail.cold+0x5/0xa [ 1717.065549] ? create_object.isra.0+0x3a/0xa20 [ 1717.065962] should_failslab+0x5/0x20 [ 1717.066304] kmem_cache_alloc+0x5b/0x310 [ 1717.066668] ? mark_held_locks+0x9e/0xe0 [ 1717.067037] create_object.isra.0+0x3a/0xa20 [ 1717.067459] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1717.067919] kmem_cache_alloc_bulk+0x168/0x320 [ 1717.068338] io_submit_sqes+0x6fe6/0x8610 [ 1717.068737] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.069179] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.069612] ? lock_downgrade+0x6d0/0x6d0 [ 1717.069981] ? find_held_lock+0x2c/0x110 [ 1717.070354] ? io_submit_sqes+0x8610/0x8610 [ 1717.070752] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1717.071185] ? wait_for_completion_io+0x270/0x270 [ 1717.071639] ? rcu_read_lock_any_held+0x75/0xa0 [ 1717.072054] ? vfs_write+0x354/0xb10 [ 1717.072391] ? fput_many+0x2f/0x1a0 [ 1717.072724] ? ksys_write+0x1a9/0x260 [ 1717.073073] ? __ia32_sys_read+0xb0/0xb0 [ 1717.073436] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1717.073901] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1717.074363] do_syscall_64+0x33/0x40 [ 1717.074701] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1717.075171] RIP: 0033:0x7fe1dcd4cb19 [ 1717.075532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1717.077139] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1717.077815] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1717.078445] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1717.079068] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1717.079713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1717.080345] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1731.349366] FAULT_INJECTION: forcing a failure. [ 1731.349366] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.350408] CPU: 1 PID: 8446 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1731.350980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.351686] Call Trace: [ 1731.351920] dump_stack+0x107/0x167 [ 1731.352235] should_fail.cold+0x5/0xa [ 1731.352568] ? create_object.isra.0+0x3a/0xa20 [ 1731.352958] should_failslab+0x5/0x20 [ 1731.353285] kmem_cache_alloc+0x5b/0x310 [ 1731.353646] ? mark_held_locks+0x9e/0xe0 [ 1731.354006] create_object.isra.0+0x3a/0xa20 [ 1731.354395] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.354844] kmem_cache_alloc_bulk+0x168/0x320 [ 1731.355254] io_submit_sqes+0x6fe6/0x8610 [ 1731.355632] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1731.356064] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.356490] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.356906] ? lock_downgrade+0x6d0/0x6d0 [ 1731.357261] ? find_held_lock+0x2c/0x110 [ 1731.357614] ? io_submit_sqes+0x8610/0x8610 [ 1731.357991] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.358406] ? wait_for_completion_io+0x270/0x270 [ 1731.358822] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.359219] ? vfs_write+0x354/0xb10 [ 1731.359555] ? fput_many+0x2f/0x1a0 [ 1731.359870] ? ksys_write+0x1a9/0x260 [ 1731.360198] ? __ia32_sys_read+0xb0/0xb0 [ 1731.360547] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.360991] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.361434] do_syscall_64+0x33/0x40 [ 1731.361753] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.362187] RIP: 0033:0x7f285a8beb19 [ 1731.362507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.364065] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.364705] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1731.365298] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1731.365891] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.366484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1731.367077] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1731.380566] FAULT_INJECTION: forcing a failure. [ 1731.380566] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.381520] CPU: 1 PID: 8458 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1731.382090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.382780] Call Trace: [ 1731.383007] dump_stack+0x107/0x167 [ 1731.383319] should_fail.cold+0x5/0xa [ 1731.383660] ? create_object.isra.0+0x3a/0xa20 [ 1731.384051] should_failslab+0x5/0x20 [ 1731.384379] kmem_cache_alloc+0x5b/0x310 [ 1731.384728] ? mark_held_locks+0x9e/0xe0 [ 1731.385080] create_object.isra.0+0x3a/0xa20 [ 1731.385459] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.385896] kmem_cache_alloc_bulk+0x168/0x320 [ 1731.386292] io_submit_sqes+0x6fe6/0x8610 [ 1731.386674] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.387101] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.387531] ? lock_downgrade+0x6d0/0x6d0 [ 1731.387885] ? find_held_lock+0x2c/0x110 [ 1731.388237] ? io_submit_sqes+0x8610/0x8610 [ 1731.388613] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.389028] ? wait_for_completion_io+0x270/0x270 [ 1731.389441] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.389837] ? vfs_write+0x354/0xb10 [ 1731.390158] ? fput_many+0x2f/0x1a0 [ 1731.390471] ? ksys_write+0x1a9/0x260 [ 1731.390799] ? __ia32_sys_read+0xb0/0xb0 [ 1731.391149] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.391611] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.392053] do_syscall_64+0x33/0x40 [ 1731.392373] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.392810] RIP: 0033:0x7fe1dcd4cb19 [ 1731.393129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.394677] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.395324] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1731.395948] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1731.396557] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.397158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.397762] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1731.401658] FAULT_INJECTION: forcing a failure. [ 1731.401658] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.402620] CPU: 1 PID: 8459 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1731.403193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.403896] Call Trace: [ 1731.404124] dump_stack+0x107/0x167 [ 1731.404438] should_fail.cold+0x5/0xa [ 1731.404764] ? io_timeout_prep+0x693/0x8b0 [ 1731.405126] should_failslab+0x5/0x20 [ 1731.405454] __kmalloc+0x72/0x390 [ 1731.405753] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1731.406198] io_timeout_prep+0x693/0x8b0 [ 1731.406557] io_submit_sqes+0x54d8/0x8610 [ 1731.406935] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.407362] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.407792] ? lock_downgrade+0x6d0/0x6d0 [ 1731.408147] ? find_held_lock+0x2c/0x110 [ 1731.408513] ? io_submit_sqes+0x8610/0x8610 [ 1731.408890] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.409307] ? wait_for_completion_io+0x270/0x270 [ 1731.409721] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.410117] ? vfs_write+0x354/0xb10 [ 1731.410437] ? fput_many+0x2f/0x1a0 [ 1731.410751] ? ksys_write+0x1a9/0x260 [ 1731.411086] ? __ia32_sys_read+0xb0/0xb0 [ 1731.411449] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.411896] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.412337] do_syscall_64+0x33/0x40 [ 1731.412660] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.413098] RIP: 0033:0x7f0159fffb19 [ 1731.413418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.414976] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.415639] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1731.416245] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.416867] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.417468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.418069] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1731.425507] FAULT_INJECTION: forcing a failure. [ 1731.425507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1731.426701] CPU: 1 PID: 8456 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1731.427309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.428042] Call Trace: [ 1731.428272] dump_stack+0x107/0x167 [ 1731.428595] should_fail.cold+0x5/0xa [ 1731.428942] _copy_from_user+0x2e/0x1b0 [ 1731.429300] get_timespec64+0x75/0x190 [ 1731.429636] ? put_timespec64+0x130/0x130 [ 1731.430001] ? kasan_unpoison_shadow+0x33/0x50 [ 1731.430414] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.430872] io_timeout_prep+0x3c5/0x8b0 [ 1731.431247] io_submit_sqes+0x54d8/0x8610 [ 1731.431644] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.432075] __do_sys_io_uring_enter+0x6b5/0x18c0 05:51:05 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) 05:51:05 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:05 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) 05:51:05 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) 05:51:05 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 05:51:05 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:51:05 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000) 05:51:05 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1731.432495] ? lock_downgrade+0x6d0/0x6d0 [ 1731.443563] ? find_held_lock+0x2c/0x110 [ 1731.443916] ? io_submit_sqes+0x8610/0x8610 [ 1731.444282] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.444691] ? wait_for_completion_io+0x270/0x270 [ 1731.445097] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.445486] ? vfs_write+0x354/0xb10 [ 1731.445800] ? fput_many+0x2f/0x1a0 [ 1731.446109] ? ksys_write+0x1a9/0x260 [ 1731.446429] ? __ia32_sys_read+0xb0/0xb0 [ 1731.446779] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.447216] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.447667] do_syscall_64+0x33/0x40 [ 1731.447987] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.448423] RIP: 0033:0x7f3842280b19 [ 1731.448741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.450284] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.450925] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1731.451545] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.452144] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.452742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.453340] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1731.455726] FAULT_INJECTION: forcing a failure. [ 1731.455726] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1731.456783] CPU: 1 PID: 8457 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1731.457358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.458051] Call Trace: [ 1731.458278] dump_stack+0x107/0x167 [ 1731.458589] should_fail.cold+0x5/0xa [ 1731.458916] _copy_from_user+0x2e/0x1b0 [ 1731.459258] get_timespec64+0x75/0x190 [ 1731.459608] ? put_timespec64+0x130/0x130 [ 1731.459966] ? kasan_unpoison_shadow+0x33/0x50 [ 1731.460358] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.460794] io_timeout_prep+0x3c5/0x8b0 [ 1731.461148] io_submit_sqes+0x54d8/0x8610 [ 1731.461522] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.461950] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.462364] ? lock_downgrade+0x6d0/0x6d0 [ 1731.462719] ? find_held_lock+0x2c/0x110 [ 1731.463071] ? io_submit_sqes+0x8610/0x8610 [ 1731.463453] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.463872] ? wait_for_completion_io+0x270/0x270 [ 1731.464285] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.464680] ? vfs_write+0x354/0xb10 [ 1731.464999] ? fput_many+0x2f/0x1a0 [ 1731.465313] ? ksys_write+0x1a9/0x260 [ 1731.465639] ? __ia32_sys_read+0xb0/0xb0 [ 1731.465990] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.466436] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.466875] do_syscall_64+0x33/0x40 [ 1731.467195] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.467644] RIP: 0033:0x7f30a2e99b19 [ 1731.467961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.469504] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.470150] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1731.470752] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.471357] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.471975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.472576] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1731.475791] FAULT_INJECTION: forcing a failure. [ 1731.475791] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.476755] CPU: 1 PID: 8460 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1731.477347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.478065] Call Trace: [ 1731.478310] dump_stack+0x107/0x167 [ 1731.478651] should_fail.cold+0x5/0xa 05:51:05 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffff00000000) [ 1731.479002] ? create_object.isra.0+0x3a/0xa20 [ 1731.487519] should_failslab+0x5/0x20 [ 1731.487847] kmem_cache_alloc+0x5b/0x310 [ 1731.488191] ? mark_held_locks+0x9e/0xe0 [ 1731.488540] create_object.isra.0+0x3a/0xa20 [ 1731.488910] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.489342] kmem_cache_alloc_bulk+0x168/0x320 [ 1731.489734] io_submit_sqes+0x6fe6/0x8610 [ 1731.490106] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.490525] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.490945] ? lock_downgrade+0x6d0/0x6d0 [ 1731.491301] ? find_held_lock+0x2c/0x110 [ 1731.491664] ? io_submit_sqes+0x8610/0x8610 [ 1731.492035] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.492445] ? wait_for_completion_io+0x270/0x270 [ 1731.492854] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.493261] ? vfs_write+0x354/0xb10 [ 1731.493576] ? fput_many+0x2f/0x1a0 [ 1731.493886] ? ksys_write+0x1a9/0x260 [ 1731.494210] ? __ia32_sys_read+0xb0/0xb0 [ 1731.494557] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.495004] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.495460] do_syscall_64+0x33/0x40 [ 1731.495777] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.496215] RIP: 0033:0x7fd7b8236b19 [ 1731.496530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.498072] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.498721] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1731.499325] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.499936] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.500546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.501148] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:51:05 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) 05:51:06 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) 05:51:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) [ 1731.810657] FAULT_INJECTION: forcing a failure. [ 1731.810657] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.811776] CPU: 1 PID: 8474 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1731.812354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.813046] Call Trace: [ 1731.813279] dump_stack+0x107/0x167 [ 1731.813591] should_fail.cold+0x5/0xa [ 1731.813920] ? create_object.isra.0+0x3a/0xa20 [ 1731.814312] should_failslab+0x5/0x20 [ 1731.814641] kmem_cache_alloc+0x5b/0x310 [ 1731.814989] ? mark_held_locks+0x9e/0xe0 [ 1731.815346] create_object.isra.0+0x3a/0xa20 [ 1731.815744] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.816193] kmem_cache_alloc_bulk+0x168/0x320 [ 1731.816601] io_submit_sqes+0x6fe6/0x8610 [ 1731.816976] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.817418] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.817833] ? lock_downgrade+0x6d0/0x6d0 [ 1731.818187] ? find_held_lock+0x2c/0x110 [ 1731.818542] ? io_submit_sqes+0x8610/0x8610 [ 1731.818919] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.819332] ? wait_for_completion_io+0x270/0x270 [ 1731.819761] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.820158] ? vfs_write+0x354/0xb10 [ 1731.820482] ? fput_many+0x2f/0x1a0 [ 1731.820803] ? ksys_write+0x1a9/0x260 [ 1731.821143] ? __ia32_sys_read+0xb0/0xb0 [ 1731.821493] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.821938] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.822379] do_syscall_64+0x33/0x40 [ 1731.822699] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.823135] RIP: 0033:0x7f0159fffb19 [ 1731.823469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.825027] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.825678] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1731.826289] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.826899] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.827534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.828142] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1731.835552] FAULT_INJECTION: forcing a failure. [ 1731.835552] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.836638] CPU: 0 PID: 8477 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1731.837216] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.837908] Call Trace: [ 1731.838144] dump_stack+0x107/0x167 [ 1731.838457] should_fail.cold+0x5/0xa [ 1731.838787] ? io_timeout_prep+0x693/0x8b0 [ 1731.839154] should_failslab+0x5/0x20 [ 1731.839499] __kmalloc+0x72/0x390 [ 1731.839802] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1731.840253] io_timeout_prep+0x693/0x8b0 [ 1731.840607] io_submit_sqes+0x54d8/0x8610 [ 1731.840987] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.841433] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.841848] ? lock_downgrade+0x6d0/0x6d0 [ 1731.842210] ? find_held_lock+0x2c/0x110 [ 1731.842568] ? io_submit_sqes+0x8610/0x8610 [ 1731.842957] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.843402] ? wait_for_completion_io+0x270/0x270 [ 1731.843839] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.844246] ? vfs_write+0x354/0xb10 [ 1731.844570] ? fput_many+0x2f/0x1a0 [ 1731.844894] ? ksys_write+0x1a9/0x260 [ 1731.845230] ? __ia32_sys_read+0xb0/0xb0 [ 1731.845519] FAULT_INJECTION: forcing a failure. [ 1731.845519] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.845583] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.846942] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.847406] do_syscall_64+0x33/0x40 [ 1731.847733] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.848177] RIP: 0033:0x7fe1dcd4cb19 [ 1731.848498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.850059] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.850711] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1731.851324] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1731.851938] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.852544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.853149] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1731.853771] CPU: 1 PID: 8480 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1731.854367] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.855061] Call Trace: [ 1731.855289] dump_stack+0x107/0x167 [ 1731.855620] should_fail.cold+0x5/0xa [ 1731.855949] ? io_timeout_prep+0x693/0x8b0 [ 1731.856313] should_failslab+0x5/0x20 [ 1731.856636] __kmalloc+0x72/0x390 [ 1731.856934] ? __hrtimer_init+0x12c/0x270 [ 1731.857291] io_timeout_prep+0x693/0x8b0 [ 1731.857642] io_submit_sqes+0x54d8/0x8610 [ 1731.858017] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.858444] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1731.858857] ? lock_downgrade+0x6d0/0x6d0 [ 1731.859210] ? find_held_lock+0x2c/0x110 [ 1731.859573] ? io_submit_sqes+0x8610/0x8610 [ 1731.859945] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1731.860358] ? wait_for_completion_io+0x270/0x270 [ 1731.860769] ? rcu_read_lock_any_held+0x75/0xa0 [ 1731.861166] ? vfs_write+0x354/0xb10 [ 1731.861490] ? fput_many+0x2f/0x1a0 [ 1731.861803] ? ksys_write+0x1a9/0x260 [ 1731.862130] ? __ia32_sys_read+0xb0/0xb0 [ 1731.862481] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.862928] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.863368] do_syscall_64+0x33/0x40 [ 1731.863698] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.864135] RIP: 0033:0x7f30a2e99b19 [ 1731.864452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.865995] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1731.866640] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1731.867242] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1731.867851] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1731.868450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.869052] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:51:06 executing program 2: perf_event_open(&(0x7f0000000480)={0x3, 0x80, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x200, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) syz_io_uring_complete(r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd=r3, 0x9, 0x0, 0x0, 0x9, 0x1, {0x1}}, 0x80000001) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r6, r9, &(0x7f0000000500)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd_index=0x2}, 0x8000) pread64(r5, 0x0, 0x0, 0x0) sendmsg(r5, &(0x7f0000000440)={&(0x7f0000000180)=@llc={0x1a, 0x310, 0x9, 0x4b, 0x7, 0x7, @multicast}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000000)="a36e446e9e2d9c713730c828a7cce3ad44", 0x11}, {&(0x7f0000000240)="e0ef72085736b2aff2a4c0742f58682f6bb4f70223e90e60f52c1efd28b0e5f6ceef9ccab908f73b481f52e83c57a4cacccf8ad371971db11fb6d262e2dc80805d2142f5d5f3549f878ae98d8637a3a78cf2235e15b3131fd3d8d6a74fef99a25320d9", 0x63}, {&(0x7f0000000300)="9583deadfbe88eb251e50f92c7cd9228eccd75e305c945e110ff226604ece14252e7a9c78edfe09d384ca4b377e1f8aa8ce8502fe4b497552cddd917b2ac8daf38f8ad26a7e6bd6c39b4e9ab9d46968e02e174535d932bc5dcdd3d964fd244ae70fef3e869cf6fef508e4f06fe439b2b53686070d4000fade6", 0x79}, {&(0x7f0000000380)="109023b49073a43cc63c3ab157e630eee6188b5387596fb2", 0x18}, {&(0x7f0000000580)="ee8bc7d3862dbeda2babda72b4b7aeb157bc60c797a9b6ad32b2589709e8ee10085f2d432e9b2a1f81073aae7ef6f9d0a16843acf0053523a2fb6a035ff519029ecd6560dd611a00bbb9aff94a3684bb52ed16213d1ab6090455d9750f329f125bf9ad521e560c126bf8379b6a6b33e28fedc1740038ddc2ae6035b7ff66691004c7a20f2f0c2fddab2af02e15cab10db5f3a6e5fab1522bd94ba13f0bb08ded7630fecac3caa53e7ef8d64a1dbdfaaa1b4900a59d1598d550a85274a0653dcada5c5b81f84e06223719e213acddf5560c9cb493e716bdcdafa58b3dd7f3e75096155579105891865ae6ea2caba393af7e7c98", 0xf3}], 0x5}, 0x4000050) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) 05:51:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1731.997691] FAULT_INJECTION: forcing a failure. [ 1731.997691] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.998895] CPU: 0 PID: 8486 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1731.999490] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.000181] Call Trace: [ 1732.000415] dump_stack+0x107/0x167 [ 1732.000727] should_fail.cold+0x5/0xa [ 1732.001055] ? create_object.isra.0+0x3a/0xa20 [ 1732.001445] should_failslab+0x5/0x20 [ 1732.001772] kmem_cache_alloc+0x5b/0x310 [ 1732.002136] ? mark_held_locks+0x9e/0xe0 [ 1732.002496] create_object.isra.0+0x3a/0xa20 [ 1732.002880] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.003316] kmem_cache_alloc_bulk+0x168/0x320 [ 1732.003732] io_submit_sqes+0x6fe6/0x8610 [ 1732.004110] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.004539] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.004950] ? lock_downgrade+0x6d0/0x6d0 [ 1732.005312] ? find_held_lock+0x2c/0x110 [ 1732.005663] ? io_submit_sqes+0x8610/0x8610 [ 1732.006039] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.006458] ? wait_for_completion_io+0x270/0x270 [ 1732.006872] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.007269] ? vfs_write+0x354/0xb10 [ 1732.007603] ? fput_many+0x2f/0x1a0 [ 1732.007917] ? ksys_write+0x1a9/0x260 [ 1732.008246] ? __ia32_sys_read+0xb0/0xb0 [ 1732.008600] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.009053] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.009494] do_syscall_64+0x33/0x40 [ 1732.009814] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.010252] RIP: 0033:0x7fd7b8236b19 [ 1732.010572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.012152] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.012800] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1732.013419] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1732.014026] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.014635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.015240] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:51:06 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1732.037194] FAULT_INJECTION: forcing a failure. [ 1732.037194] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.038266] CPU: 0 PID: 8488 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1732.038837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.039547] Call Trace: [ 1732.039779] dump_stack+0x107/0x167 [ 1732.040092] should_fail.cold+0x5/0xa [ 1732.040418] ? create_object.isra.0+0x3a/0xa20 [ 1732.040806] should_failslab+0x5/0x20 [ 1732.041131] kmem_cache_alloc+0x5b/0x310 [ 1732.041479] ? mark_held_locks+0x9e/0xe0 [ 1732.041830] create_object.isra.0+0x3a/0xa20 [ 1732.042212] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.042647] kmem_cache_alloc_bulk+0x168/0x320 [ 1732.043044] io_submit_sqes+0x6fe6/0x8610 [ 1732.043412] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1732.043852] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.044288] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.044704] ? lock_downgrade+0x6d0/0x6d0 [ 1732.045061] ? find_held_lock+0x2c/0x110 [ 1732.045420] ? io_submit_sqes+0x8610/0x8610 [ 1732.045801] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.046220] ? wait_for_completion_io+0x270/0x270 [ 1732.046639] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.047039] ? vfs_write+0x354/0xb10 [ 1732.047363] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 1732.047846] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 1732.048426] ? ksys_write+0x1a9/0x260 [ 1732.048829] ? __ia32_sys_read+0xb0/0xb0 [ 1732.049269] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.049825] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.050382] do_syscall_64+0x33/0x40 [ 1732.050781] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.051335] RIP: 0033:0x7f285a8beb19 [ 1732.051678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.053228] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.053874] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1732.054478] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1732.055077] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.055690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1732.056292] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1732.067993] FAULT_INJECTION: forcing a failure. [ 1732.067993] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.069047] CPU: 0 PID: 8490 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1732.069638] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.070365] Call Trace: [ 1732.070624] dump_stack+0x107/0x167 [ 1732.070970] should_fail.cold+0x5/0xa [ 1732.071333] ? create_object.isra.0+0x3a/0xa20 [ 1732.071780] should_failslab+0x5/0x20 [ 1732.072133] kmem_cache_alloc+0x5b/0x310 [ 1732.072484] create_object.isra.0+0x3a/0xa20 [ 1732.072857] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.073302] __kmalloc+0x16e/0x390 [ 1732.073615] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1732.074058] io_timeout_prep+0x693/0x8b0 [ 1732.074411] io_submit_sqes+0x54d8/0x8610 [ 1732.074785] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.075218] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.075648] ? lock_downgrade+0x6d0/0x6d0 [ 1732.076007] ? find_held_lock+0x2c/0x110 [ 1732.076362] ? io_submit_sqes+0x8610/0x8610 [ 1732.076742] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.077157] ? wait_for_completion_io+0x270/0x270 [ 1732.077577] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.077973] ? vfs_write+0x354/0xb10 [ 1732.078292] ? fput_many+0x2f/0x1a0 [ 1732.078612] ? ksys_write+0x1a9/0x260 [ 1732.078950] ? __ia32_sys_read+0xb0/0xb0 [ 1732.079308] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.079767] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.080206] do_syscall_64+0x33/0x40 [ 1732.080523] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.080958] RIP: 0033:0x7f3842280b19 [ 1732.081276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.082818] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.083479] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1732.084084] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1732.084689] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.085291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.085896] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:51:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) 05:51:06 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) 05:51:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) [ 1732.273675] FAULT_INJECTION: forcing a failure. [ 1732.273675] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.274716] CPU: 1 PID: 8498 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1732.275297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.276012] Call Trace: [ 1732.276247] dump_stack+0x107/0x167 [ 1732.276561] should_fail.cold+0x5/0xa [ 1732.276891] ? io_timeout_prep+0x693/0x8b0 [ 1732.277256] should_failslab+0x5/0x20 [ 1732.277594] __kmalloc+0x72/0x390 [ 1732.277900] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1732.278354] io_timeout_prep+0x693/0x8b0 [ 1732.278716] io_submit_sqes+0x54d8/0x8610 [ 1732.279095] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.279542] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.279962] ? lock_downgrade+0x6d0/0x6d0 [ 1732.280320] ? find_held_lock+0x2c/0x110 [ 1732.280678] ? io_submit_sqes+0x8610/0x8610 [ 1732.281057] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.281477] ? wait_for_completion_io+0x270/0x270 [ 1732.281892] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.282291] ? vfs_write+0x354/0xb10 [ 1732.282611] ? fput_many+0x2f/0x1a0 [ 1732.282933] ? ksys_write+0x1a9/0x260 [ 1732.283269] ? __ia32_sys_read+0xb0/0xb0 [ 1732.283640] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.284101] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.284546] do_syscall_64+0x33/0x40 [ 1732.284867] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.285308] RIP: 0033:0x7f0159fffb19 [ 1732.285628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.287201] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.287871] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1732.288481] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1732.289084] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.289693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.290302] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1732.302864] FAULT_INJECTION: forcing a failure. [ 1732.302864] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.304112] CPU: 0 PID: 8501 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1732.304741] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.305486] Call Trace: [ 1732.305747] dump_stack+0x107/0x167 [ 1732.306095] should_fail.cold+0x5/0xa [ 1732.306468] ? create_object.isra.0+0x3a/0xa20 [ 1732.306889] should_failslab+0x5/0x20 [ 1732.307224] kmem_cache_alloc+0x5b/0x310 [ 1732.307258] FAULT_INJECTION: forcing a failure. [ 1732.307258] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.307594] ? mark_held_locks+0x9e/0xe0 [ 1732.307610] create_object.isra.0+0x3a/0xa20 [ 1732.307631] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.309691] kmem_cache_alloc_bulk+0x168/0x320 [ 1732.310090] io_submit_sqes+0x6fe6/0x8610 [ 1732.310475] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.310900] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.311323] ? lock_downgrade+0x6d0/0x6d0 [ 1732.311693] ? find_held_lock+0x2c/0x110 [ 1732.312045] ? io_submit_sqes+0x8610/0x8610 [ 1732.312437] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.312864] ? wait_for_completion_io+0x270/0x270 [ 1732.313302] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.313709] ? vfs_write+0x354/0xb10 [ 1732.314038] ? fput_many+0x2f/0x1a0 [ 1732.314355] ? ksys_write+0x1a9/0x260 [ 1732.314681] ? __ia32_sys_read+0xb0/0xb0 [ 1732.315031] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.315499] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.315943] do_syscall_64+0x33/0x40 [ 1732.316275] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.316709] RIP: 0033:0x7fe1dcd4cb19 [ 1732.317029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.318583] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.319237] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1732.319862] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1732.320474] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.321081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.321689] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1732.322323] CPU: 1 PID: 8503 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1732.322915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.323649] Call Trace: [ 1732.323877] dump_stack+0x107/0x167 [ 1732.324201] should_fail.cold+0x5/0xa [ 1732.324535] ? create_object.isra.0+0x3a/0xa20 [ 1732.324928] should_failslab+0x5/0x20 [ 1732.325255] kmem_cache_alloc+0x5b/0x310 [ 1732.325607] create_object.isra.0+0x3a/0xa20 [ 1732.325991] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.326435] __kmalloc+0x16e/0x390 [ 1732.326743] io_timeout_prep+0x693/0x8b0 [ 1732.327105] io_submit_sqes+0x54d8/0x8610 [ 1732.327502] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.327929] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.328344] ? lock_downgrade+0x6d0/0x6d0 [ 1732.328696] ? find_held_lock+0x2c/0x110 [ 1732.329054] ? io_submit_sqes+0x8610/0x8610 [ 1732.329433] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.329846] ? wait_for_completion_io+0x270/0x270 [ 1732.330272] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.330677] ? vfs_write+0x354/0xb10 [ 1732.330995] ? fput_many+0x2f/0x1a0 [ 1732.331312] ? ksys_write+0x1a9/0x260 [ 1732.331654] ? __ia32_sys_read+0xb0/0xb0 [ 1732.332005] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.332451] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.332892] do_syscall_64+0x33/0x40 [ 1732.333212] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.333646] RIP: 0033:0x7f30a2e99b19 [ 1732.333965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.335549] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.336193] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1732.336793] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1732.337413] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.338015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.338616] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:51:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) [ 1732.447622] FAULT_INJECTION: forcing a failure. [ 1732.447622] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.448711] CPU: 0 PID: 8507 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1732.449285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.449983] Call Trace: [ 1732.450221] dump_stack+0x107/0x167 [ 1732.450541] should_fail.cold+0x5/0xa [ 1732.450873] ? create_object.isra.0+0x3a/0xa20 [ 1732.451266] should_failslab+0x5/0x20 [ 1732.451612] kmem_cache_alloc+0x5b/0x310 [ 1732.451970] ? mark_held_locks+0x9e/0xe0 [ 1732.452329] create_object.isra.0+0x3a/0xa20 [ 1732.452706] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.453148] kmem_cache_alloc_bulk+0x168/0x320 [ 1732.453547] io_submit_sqes+0x6fe6/0x8610 [ 1732.453922] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.454351] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.454764] ? lock_downgrade+0x6d0/0x6d0 [ 1732.455121] ? find_held_lock+0x2c/0x110 [ 1732.455495] ? io_submit_sqes+0x8610/0x8610 [ 1732.455875] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.456295] ? wait_for_completion_io+0x270/0x270 [ 1732.456709] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.457107] ? vfs_write+0x354/0xb10 [ 1732.457426] ? fput_many+0x2f/0x1a0 [ 1732.457740] ? ksys_write+0x1a9/0x260 [ 1732.458067] ? __ia32_sys_read+0xb0/0xb0 [ 1732.458419] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.458866] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.459314] do_syscall_64+0x33/0x40 [ 1732.459657] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.460094] RIP: 0033:0x7fd7b8236b19 [ 1732.460411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.461961] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.462608] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1732.463208] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1732.463826] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.464436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.465034] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:51:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 7) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:51:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) 05:51:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1732.589477] FAULT_INJECTION: forcing a failure. [ 1732.589477] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.590636] CPU: 1 PID: 8511 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1732.591222] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.591939] Call Trace: [ 1732.592176] dump_stack+0x107/0x167 [ 1732.592492] should_fail.cold+0x5/0xa [ 1732.592821] ? create_object.isra.0+0x3a/0xa20 [ 1732.593222] should_failslab+0x5/0x20 [ 1732.593547] kmem_cache_alloc+0x5b/0x310 [ 1732.593898] ? mark_held_locks+0x9e/0xe0 [ 1732.594260] create_object.isra.0+0x3a/0xa20 [ 1732.594638] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.595079] kmem_cache_alloc_bulk+0x168/0x320 [ 1732.595494] io_submit_sqes+0x6fe6/0x8610 [ 1732.595856] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1732.596290] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.596717] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.597136] ? lock_downgrade+0x6d0/0x6d0 [ 1732.597500] ? find_held_lock+0x2c/0x110 [ 1732.597857] ? io_submit_sqes+0x8610/0x8610 [ 1732.598247] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.598674] ? wait_for_completion_io+0x270/0x270 [ 1732.599095] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.599514] ? vfs_write+0x354/0xb10 [ 1732.599836] ? fput_many+0x2f/0x1a0 [ 1732.600151] ? ksys_write+0x1a9/0x260 [ 1732.600478] ? __ia32_sys_read+0xb0/0xb0 [ 1732.600832] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.601281] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.601727] do_syscall_64+0x33/0x40 [ 1732.602054] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.602496] RIP: 0033:0x7f285a8beb19 [ 1732.602817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.604403] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.605053] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1732.605656] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1732.606262] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.606869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1732.607491] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1732.653149] FAULT_INJECTION: forcing a failure. [ 1732.653149] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.654260] CPU: 0 PID: 8515 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1732.654832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.655555] Call Trace: [ 1732.655788] dump_stack+0x107/0x167 [ 1732.656104] should_fail.cold+0x5/0xa [ 1732.656429] ? create_object.isra.0+0x3a/0xa20 [ 1732.656817] should_failslab+0x5/0x20 [ 1732.657144] kmem_cache_alloc+0x5b/0x310 [ 1732.657502] ? mark_held_locks+0x9e/0xe0 [ 1732.657852] create_object.isra.0+0x3a/0xa20 [ 1732.658229] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.658663] kmem_cache_alloc_bulk+0x168/0x320 [ 1732.659069] io_submit_sqes+0x6fe6/0x8610 [ 1732.659464] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.659895] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1732.660313] ? lock_downgrade+0x6d0/0x6d0 [ 1732.660663] ? find_held_lock+0x2c/0x110 [ 1732.661013] ? io_submit_sqes+0x8610/0x8610 [ 1732.661390] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1732.661803] ? wait_for_completion_io+0x270/0x270 [ 1732.662218] ? rcu_read_lock_any_held+0x75/0xa0 [ 1732.662613] ? vfs_write+0x354/0xb10 [ 1732.662930] ? fput_many+0x2f/0x1a0 [ 1732.663241] ? ksys_write+0x1a9/0x260 [ 1732.663587] ? __ia32_sys_read+0xb0/0xb0 [ 1732.663934] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.664378] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.664814] do_syscall_64+0x33/0x40 [ 1732.665131] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.665564] RIP: 0033:0x7f0159fffb19 [ 1732.665880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.667417] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1732.668072] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1732.668669] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1732.669268] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.669867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.670465] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1747.533425] FAULT_INJECTION: forcing a failure. [ 1747.533425] name failslab, interval 1, probability 0, space 0, times 0 [ 1747.534404] CPU: 0 PID: 8529 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1747.534941] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.539903] Call Trace: [ 1747.540135] dump_stack+0x107/0x167 [ 1747.540444] should_fail.cold+0x5/0xa [ 1747.540768] ? create_object.isra.0+0x3a/0xa20 [ 1747.541154] should_failslab+0x5/0x20 [ 1747.541476] kmem_cache_alloc+0x5b/0x310 [ 1747.541820] ? mark_held_locks+0x9e/0xe0 [ 1747.542166] create_object.isra.0+0x3a/0xa20 [ 1747.542539] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1747.542970] kmem_cache_alloc_bulk+0x168/0x320 [ 1747.543362] io_submit_sqes+0x6fe6/0x8610 [ 1747.543729] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1747.544153] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.544573] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.544983] ? lock_downgrade+0x6d0/0x6d0 [ 1747.545332] ? find_held_lock+0x2c/0x110 [ 1747.545681] ? io_submit_sqes+0x8610/0x8610 [ 1747.546053] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1747.546464] ? wait_for_completion_io+0x270/0x270 [ 1747.546874] ? rcu_read_lock_any_held+0x75/0xa0 [ 1747.547265] ? vfs_write+0x354/0xb10 [ 1747.547589] ? fput_many+0x2f/0x1a0 [ 1747.547951] ? ksys_write+0x1a9/0x260 [ 1747.548275] ? __ia32_sys_read+0xb0/0xb0 [ 1747.548621] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.549060] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.549495] do_syscall_64+0x33/0x40 [ 1747.549809] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.550239] RIP: 0033:0x7f285a8beb19 [ 1747.550555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.552104] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1747.552747] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1747.553344] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1747.553942] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1747.554541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 05:51:21 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x5}, 0x40004, 0x0, 0xffffffff}, 0xffffffffffffffff, 0xfffffbfffffffffc, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x810, r4, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) r5 = getpid() perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x2a, 0x33, 0x8, 0x8, 0x0, 0x5516, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x5, 0x1, @perf_bp={&(0x7f0000000180), 0x2}, 0xc000, 0x7fffffff, 0x7fffffff, 0x6, 0x545e, 0x5, 0x2, 0x0, 0x7f}, r5, 0x6, r4, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)={0x0, 0x0, 0x1, 0x0, '\x00', [{0x10001, 0x1, 0x2, 0x1, 0x9, 0xff}, {0x101, 0x7, 0x0, 0x200, 0x5, 0xffffffff}], ['\x00']}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 05:51:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) 05:51:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:51:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47) 05:51:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 8) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:51:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) [ 1747.555139] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1747.579161] FAULT_INJECTION: forcing a failure. [ 1747.579161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1747.581409] CPU: 0 PID: 8535 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1747.582563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.584094] Call Trace: [ 1747.584548] dump_stack+0x107/0x167 [ 1747.585178] should_fail.cold+0x5/0xa [ 1747.585836] _copy_from_user+0x2e/0x1b0 [ 1747.586523] get_timespec64+0x75/0x190 [ 1747.587196] ? put_timespec64+0x130/0x130 [ 1747.588010] ? kasan_unpoison_shadow+0x33/0x50 [ 1747.588786] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1747.589661] io_timeout_prep+0x3c5/0x8b0 [ 1747.590349] io_submit_sqes+0x54d8/0x8610 [ 1747.591067] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.592027] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.592861] ? lock_downgrade+0x6d0/0x6d0 [ 1747.593571] ? find_held_lock+0x2c/0x110 [ 1747.594273] ? io_submit_sqes+0x8610/0x8610 [ 1747.595018] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1747.595725] ? wait_for_completion_io+0x270/0x270 [ 1747.596147] ? rcu_read_lock_any_held+0x75/0xa0 [ 1747.596550] ? vfs_write+0x354/0xb10 [ 1747.596879] ? fput_many+0x2f/0x1a0 [ 1747.597195] ? ksys_write+0x1a9/0x260 [ 1747.597526] ? __ia32_sys_read+0xb0/0xb0 [ 1747.597889] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.598347] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.598795] do_syscall_64+0x33/0x40 [ 1747.599120] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.599573] RIP: 0033:0x7f30a2e99b19 [ 1747.599931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.601464] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1747.602104] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1747.602700] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1747.603297] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1747.604459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1747.605666] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1747.609522] FAULT_INJECTION: forcing a failure. [ 1747.609522] name failslab, interval 1, probability 0, space 0, times 0 [ 1747.610596] CPU: 1 PID: 8527 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1747.611274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.611991] Call Trace: [ 1747.612206] dump_stack+0x107/0x167 [ 1747.612499] should_fail.cold+0x5/0xa [ 1747.612803] ? create_object.isra.0+0x3a/0xa20 [ 1747.613168] should_failslab+0x5/0x20 [ 1747.613473] kmem_cache_alloc+0x5b/0x310 [ 1747.613803] create_object.isra.0+0x3a/0xa20 [ 1747.614156] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1747.614563] __kmalloc+0x16e/0x390 [ 1747.614854] io_timeout_prep+0x693/0x8b0 [ 1747.615185] io_submit_sqes+0x54d8/0x8610 [ 1747.615487] FAULT_INJECTION: forcing a failure. [ 1747.615487] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1747.615536] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.616909] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.617299] ? lock_downgrade+0x6d0/0x6d0 [ 1747.617628] ? find_held_lock+0x2c/0x110 [ 1747.617956] ? io_submit_sqes+0x8610/0x8610 [ 1747.618307] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1747.618694] ? wait_for_completion_io+0x270/0x270 [ 1747.619080] ? rcu_read_lock_any_held+0x75/0xa0 [ 1747.619448] ? vfs_write+0x354/0xb10 [ 1747.619767] ? fput_many+0x2f/0x1a0 [ 1747.620061] ? ksys_write+0x1a9/0x260 [ 1747.620368] ? __ia32_sys_read+0xb0/0xb0 [ 1747.620697] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.621116] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.621529] do_syscall_64+0x33/0x40 [ 1747.621828] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.622236] RIP: 0033:0x7f0159fffb19 [ 1747.622535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.628008] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1747.628607] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1747.629166] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1747.629725] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1747.630284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1747.630843] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1747.631422] CPU: 0 PID: 8537 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1747.632019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.632708] Call Trace: [ 1747.632934] dump_stack+0x107/0x167 [ 1747.633245] should_fail.cold+0x5/0xa [ 1747.633574] _copy_from_user+0x2e/0x1b0 [ 1747.633915] get_timespec64+0x75/0x190 [ 1747.634247] ? put_timespec64+0x130/0x130 [ 1747.634495] FAULT_INJECTION: forcing a failure. [ 1747.634495] name failslab, interval 1, probability 0, space 0, times 0 [ 1747.634602] ? kasan_unpoison_shadow+0x33/0x50 [ 1747.635851] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1747.636281] io_timeout_prep+0x3c5/0x8b0 [ 1747.636630] io_submit_sqes+0x54d8/0x8610 [ 1747.637000] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.637419] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.637827] ? lock_downgrade+0x6d0/0x6d0 [ 1747.638177] ? find_held_lock+0x2c/0x110 [ 1747.638524] ? io_submit_sqes+0x8610/0x8610 [ 1747.638894] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1747.639304] ? wait_for_completion_io+0x270/0x270 [ 1747.639730] ? rcu_read_lock_any_held+0x75/0xa0 [ 1747.640123] ? vfs_write+0x354/0xb10 [ 1747.640440] ? fput_many+0x2f/0x1a0 [ 1747.640751] ? ksys_write+0x1a9/0x260 [ 1747.641076] ? __ia32_sys_read+0xb0/0xb0 [ 1747.641425] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.641872] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.642311] do_syscall_64+0x33/0x40 [ 1747.642628] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.643059] RIP: 0033:0x7fe1dcd4cb19 [ 1747.643375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.644913] RSP: 002b:00007fe1da2c2188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1747.645554] RAX: ffffffffffffffda RBX: 00007fe1dce5ff60 RCX: 00007fe1dcd4cb19 [ 1747.646151] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1747.646747] RBP: 00007fe1da2c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1747.647344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1747.647961] R13: 00007ffefbef4e9f R14: 00007fe1da2c2300 R15: 0000000000022000 [ 1747.648578] CPU: 1 PID: 8539 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1747.649122] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.649771] Call Trace: [ 1747.649985] dump_stack+0x107/0x167 [ 1747.650278] should_fail.cold+0x5/0xa [ 1747.650584] ? create_object.isra.0+0x3a/0xa20 [ 1747.650948] should_failslab+0x5/0x20 [ 1747.651253] kmem_cache_alloc+0x5b/0x310 [ 1747.651593] create_object.isra.0+0x3a/0xa20 [ 1747.651949] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1747.652357] __kmalloc+0x16e/0x390 [ 1747.652648] io_timeout_prep+0x693/0x8b0 [ 1747.652978] io_submit_sqes+0x54d8/0x8610 [ 1747.653331] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.653728] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.654116] ? lock_downgrade+0x6d0/0x6d0 [ 1747.654446] ? find_held_lock+0x2c/0x110 [ 1747.654774] ? io_submit_sqes+0x8610/0x8610 [ 1747.655126] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1747.655382] FAULT_INJECTION: forcing a failure. [ 1747.655382] name failslab, interval 1, probability 0, space 0, times 0 [ 1747.655515] ? wait_for_completion_io+0x270/0x270 [ 1747.656824] ? rcu_read_lock_any_held+0x75/0xa0 [ 1747.657193] ? vfs_write+0x354/0xb10 [ 1747.657489] ? fput_many+0x2f/0x1a0 [ 1747.657779] ? ksys_write+0x1a9/0x260 [ 1747.658082] ? __ia32_sys_read+0xb0/0xb0 [ 1747.658406] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.658818] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.659227] do_syscall_64+0x33/0x40 [ 1747.659522] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.659947] RIP: 0033:0x7f3842280b19 [ 1747.660244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.661666] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1747.662262] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1747.662818] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1747.663375] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1747.663946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1747.664506] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1747.665087] CPU: 0 PID: 8540 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1747.665671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.666368] Call Trace: [ 1747.666594] dump_stack+0x107/0x167 [ 1747.666906] should_fail.cold+0x5/0xa [ 1747.667231] ? create_object.isra.0+0x3a/0xa20 [ 1747.667634] should_failslab+0x5/0x20 [ 1747.667958] kmem_cache_alloc+0x5b/0x310 [ 1747.668304] ? mark_held_locks+0x9e/0xe0 [ 1747.668658] create_object.isra.0+0x3a/0xa20 [ 1747.669031] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1747.669466] kmem_cache_alloc_bulk+0x168/0x320 [ 1747.669859] io_submit_sqes+0x6fe6/0x8610 [ 1747.670232] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.670654] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1747.671066] ? lock_downgrade+0x6d0/0x6d0 [ 1747.671418] ? find_held_lock+0x2c/0x110 [ 1747.671784] ? io_submit_sqes+0x8610/0x8610 [ 1747.672158] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1747.672569] ? wait_for_completion_io+0x270/0x270 [ 1747.672980] ? rcu_read_lock_any_held+0x75/0xa0 [ 1747.673379] ? vfs_write+0x354/0xb10 [ 1747.673696] ? fput_many+0x2f/0x1a0 [ 1747.674006] ? ksys_write+0x1a9/0x260 [ 1747.674331] ? __ia32_sys_read+0xb0/0xb0 [ 1747.674680] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.675122] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.675569] do_syscall_64+0x33/0x40 [ 1747.675892] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.676328] RIP: 0033:0x7fd7b8236b19 [ 1747.676645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.678175] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1747.678820] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1747.679424] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1747.680042] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1747.680641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1747.681242] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:51:22 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) 05:51:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r3) r4 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r1, r7, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r4, 0x0, &(0x7f0000000300)="bb6e921e7727b0ca090eb8f7ca61570154e1f19dfb58e7a2c585fb73c9010fb4977c4d25f6e0feacd8369f3140d83cebeef53c58d776cb6cc9a09b872996cbf71c7e90dd58b5935edf1d64d02cebd0f4d43ce0f5fcc1d298945d434f75884dd5d59308ff5c3e65d4e02305fbeff299484d0ef6f90125ec8dc070da97865dff09a471cff780aa5dde9fec83dba772a26382b33cb6eecc6714076265c77db73eb09136ebfb58d5340194c3688abff8cade08de59552ce67478ef8bc07bb173a0fb5176f903c236e605e46c18e322bf71d6fab383ee", 0x15b, 0x20000000}, 0x20009) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 05:51:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 9) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1761.799469] FAULT_INJECTION: forcing a failure. [ 1761.799469] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.801754] CPU: 0 PID: 8555 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1761.802929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1761.804596] Call Trace: [ 1761.805076] dump_stack+0x107/0x167 [ 1761.805732] should_fail.cold+0x5/0xa [ 1761.806417] ? io_timeout_prep+0x693/0x8b0 [ 1761.807176] should_failslab+0x5/0x20 [ 1761.807797] __kmalloc+0x72/0x390 [ 1761.808092] ? __hrtimer_init+0x12c/0x270 [ 1761.808442] io_timeout_prep+0x693/0x8b0 [ 1761.808788] io_submit_sqes+0x54d8/0x8610 [ 1761.809157] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.809575] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.809983] ? lock_downgrade+0x6d0/0x6d0 [ 1761.810331] ? find_held_lock+0x2c/0x110 [ 1761.810677] ? io_submit_sqes+0x8610/0x8610 [ 1761.811048] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1761.811455] ? wait_for_completion_io+0x270/0x270 [ 1761.811925] ? rcu_read_lock_any_held+0x75/0xa0 [ 1761.812317] ? vfs_write+0x354/0xb10 [ 1761.812632] ? fput_many+0x2f/0x1a0 [ 1761.812940] ? ksys_write+0x1a9/0x260 [ 1761.813263] ? __ia32_sys_read+0xb0/0xb0 [ 1761.813608] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1761.814048] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1761.814483] do_syscall_64+0x33/0x40 [ 1761.814799] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1761.815229] RIP: 0033:0x7f30a2e99b19 [ 1761.815544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1761.819572] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1761.820280] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1761.820882] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1761.821487] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1761.822098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1761.822710] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:51:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48) 05:51:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:51:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) [ 1761.832649] FAULT_INJECTION: forcing a failure. [ 1761.832649] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.835152] CPU: 0 PID: 8558 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1761.836629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1761.838037] Call Trace: [ 1761.838477] dump_stack+0x107/0x167 [ 1761.839092] should_fail.cold+0x5/0xa [ 1761.839764] ? create_object.isra.0+0x3a/0xa20 [ 1761.840572] should_failslab+0x5/0x20 [ 1761.841233] kmem_cache_alloc+0x5b/0x310 [ 1761.841935] ? mark_held_locks+0x9e/0xe0 [ 1761.842654] create_object.isra.0+0x3a/0xa20 [ 1761.843430] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1761.844489] kmem_cache_alloc_bulk+0x168/0x320 [ 1761.845270] io_submit_sqes+0x6fe6/0x8610 [ 1761.845972] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1761.846815] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.847661] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.848418] FAULT_INJECTION: forcing a failure. [ 1761.848418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1761.848734] ? lock_downgrade+0x6d0/0x6d0 [ 1761.848745] ? find_held_lock+0x2c/0x110 [ 1761.848763] ? io_submit_sqes+0x8610/0x8610 [ 1761.852312] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1761.853136] ? wait_for_completion_io+0x270/0x270 [ 1761.853952] ? rcu_read_lock_any_held+0x75/0xa0 [ 1761.854741] ? vfs_write+0x354/0xb10 [ 1761.855382] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 1761.856311] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 1761.857255] ? ksys_write+0x1a9/0x260 [ 1761.857918] ? __ia32_sys_read+0xb0/0xb0 [ 1761.858628] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1761.859541] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1761.860642] do_syscall_64+0x33/0x40 [ 1761.861289] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1761.862158] RIP: 0033:0x7f285a8beb19 [ 1761.862785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1761.866592] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1761.867816] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1761.868418] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1761.869018] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1761.869616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1761.870214] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1761.870842] CPU: 1 PID: 8561 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1761.871493] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1761.872313] Call Trace: [ 1761.872545] dump_stack+0x107/0x167 [ 1761.872902] should_fail.cold+0x5/0xa [ 1761.873279] _copy_from_user+0x2e/0x1b0 [ 1761.873622] get_timespec64+0x75/0x190 [ 1761.874023] ? put_timespec64+0x130/0x130 [ 1761.875329] ? kasan_unpoison_shadow+0x33/0x50 [ 1761.875744] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1761.876185] io_timeout_prep+0x3c5/0x8b0 [ 1761.876608] io_submit_sqes+0x54d8/0x8610 [ 1761.877002] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.877435] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.877456] FAULT_INJECTION: forcing a failure. [ 1761.877456] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.877894] ? lock_downgrade+0x6d0/0x6d0 [ 1761.877911] ? find_held_lock+0x2c/0x110 [ 1761.879525] ? io_submit_sqes+0x8610/0x8610 [ 1761.879973] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1761.880441] ? wait_for_completion_io+0x270/0x270 [ 1761.880865] ? rcu_read_lock_any_held+0x75/0xa0 [ 1761.881313] ? vfs_write+0x354/0xb10 [ 1761.881628] ? fput_many+0x2f/0x1a0 [ 1761.881950] ? ksys_write+0x1a9/0x260 [ 1761.882348] ? __ia32_sys_read+0xb0/0xb0 [ 1761.882692] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1761.883196] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1761.883629] do_syscall_64+0x33/0x40 [ 1761.883976] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1761.884460] RIP: 0033:0x7f0159fffb19 [ 1761.884775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1761.886432] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1761.887126] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1761.887727] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1761.888376] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1761.888966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1761.889619] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1761.890320] CPU: 0 PID: 8566 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1761.890915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1761.891610] Call Trace: [ 1761.891850] dump_stack+0x107/0x167 [ 1761.892164] should_fail.cold+0x5/0xa [ 1761.892489] ? create_object.isra.0+0x3a/0xa20 [ 1761.892879] should_failslab+0x5/0x20 [ 1761.893230] kmem_cache_alloc+0x5b/0x310 [ 1761.893591] ? mark_held_locks+0x9e/0xe0 [ 1761.893952] create_object.isra.0+0x3a/0xa20 [ 1761.894328] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1761.894762] kmem_cache_alloc_bulk+0x168/0x320 [ 1761.895155] io_submit_sqes+0x6fe6/0x8610 [ 1761.895527] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.895968] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.896383] ? lock_downgrade+0x6d0/0x6d0 [ 1761.896737] ? find_held_lock+0x2c/0x110 [ 1761.897088] ? io_submit_sqes+0x8610/0x8610 [ 1761.897464] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1761.897880] ? wait_for_completion_io+0x270/0x270 [ 1761.898299] ? rcu_read_lock_any_held+0x75/0xa0 [ 1761.898695] ? vfs_write+0x354/0xb10 [ 1761.899015] ? fput_many+0x2f/0x1a0 [ 1761.899328] ? ksys_write+0x1a9/0x260 [ 1761.899656] ? __ia32_sys_read+0xb0/0xb0 [ 1761.900027] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1761.900475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1761.900914] do_syscall_64+0x33/0x40 [ 1761.901234] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1761.901670] RIP: 0033:0x7fd7b8236b19 [ 1761.901990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1761.903530] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1761.904195] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1761.904797] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1761.905414] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1761.906037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1761.906652] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1761.919440] FAULT_INJECTION: forcing a failure. [ 1761.919440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1761.920759] CPU: 1 PID: 8563 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1761.921423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1761.922233] Call Trace: [ 1761.922501] dump_stack+0x107/0x167 [ 1761.922868] should_fail.cold+0x5/0xa [ 1761.923305] _copy_from_user+0x2e/0x1b0 [ 1761.923695] get_timespec64+0x75/0x190 [ 1761.924110] ? put_timespec64+0x130/0x130 [ 1761.924474] ? kasan_unpoison_shadow+0x33/0x50 [ 1761.924867] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1761.925384] io_timeout_prep+0x3c5/0x8b0 [ 1761.925753] io_submit_sqes+0x54d8/0x8610 [ 1761.926206] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.926645] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1761.927154] ? lock_downgrade+0x6d0/0x6d0 [ 1761.927506] ? find_held_lock+0x2c/0x110 [ 1761.927881] ? io_submit_sqes+0x8610/0x8610 [ 1761.928325] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1761.928734] ? wait_for_completion_io+0x270/0x270 [ 1761.929213] ? rcu_read_lock_any_held+0x75/0xa0 [ 1761.929613] ? vfs_write+0x354/0xb10 [ 1761.929928] ? fput_many+0x2f/0x1a0 [ 1761.930314] ? ksys_write+0x1a9/0x260 [ 1761.930639] ? __ia32_sys_read+0xb0/0xb0 [ 1761.930987] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1761.931526] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1761.931984] do_syscall_64+0x33/0x40 [ 1761.932375] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1761.932819] RIP: 0033:0x7f3842280b19 [ 1761.933190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1761.934822] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1761.935546] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1761.936230] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1761.936849] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1761.937513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1761.938191] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:51:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 05:51:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1762.280747] FAULT_INJECTION: forcing a failure. [ 1762.280747] name failslab, interval 1, probability 0, space 0, times 0 [ 1762.281785] CPU: 0 PID: 8580 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1762.282356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1762.283046] Call Trace: [ 1762.283287] dump_stack+0x107/0x167 [ 1762.283598] should_fail.cold+0x5/0xa [ 1762.283944] ? create_object.isra.0+0x3a/0xa20 [ 1762.284341] should_failslab+0x5/0x20 [ 1762.284665] kmem_cache_alloc+0x5b/0x310 [ 1762.285014] create_object.isra.0+0x3a/0xa20 [ 1762.285389] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1762.285821] __kmalloc+0x16e/0x390 [ 1762.286134] io_timeout_prep+0x693/0x8b0 [ 1762.286488] io_submit_sqes+0x54d8/0x8610 [ 1762.286860] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1762.287280] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1762.287702] ? lock_downgrade+0x6d0/0x6d0 [ 1762.288063] ? find_held_lock+0x2c/0x110 [ 1762.288411] ? io_submit_sqes+0x8610/0x8610 [ 1762.288786] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1762.289197] ? wait_for_completion_io+0x270/0x270 [ 1762.289607] ? rcu_read_lock_any_held+0x75/0xa0 [ 1762.289999] ? vfs_write+0x354/0xb10 [ 1762.290322] ? fput_many+0x2f/0x1a0 [ 1762.290637] ? ksys_write+0x1a9/0x260 [ 1762.290961] ? __ia32_sys_read+0xb0/0xb0 [ 1762.291318] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1762.291773] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1762.292216] do_syscall_64+0x33/0x40 [ 1762.292535] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1762.292966] RIP: 0033:0x7f30a2e99b19 [ 1762.293282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1762.294815] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1762.295474] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1762.296092] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1762.296690] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1762.297288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1762.297884] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1762.318589] FAULT_INJECTION: forcing a failure. [ 1762.318589] name failslab, interval 1, probability 0, space 0, times 0 [ 1762.319772] CPU: 0 PID: 8584 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1762.320351] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1762.321042] Call Trace: [ 1762.321269] dump_stack+0x107/0x167 [ 1762.321580] should_fail.cold+0x5/0xa [ 1762.321905] ? create_object.isra.0+0x3a/0xa20 [ 1762.322296] should_failslab+0x5/0x20 [ 1762.322618] kmem_cache_alloc+0x5b/0x310 [ 1762.322963] ? mark_held_locks+0x9e/0xe0 [ 1762.323321] create_object.isra.0+0x3a/0xa20 [ 1762.323703] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1762.324154] kmem_cache_alloc_bulk+0x168/0x320 [ 1762.324547] io_submit_sqes+0x6fe6/0x8610 [ 1762.324902] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1762.325329] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1762.325759] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1762.326173] ? lock_downgrade+0x6d0/0x6d0 [ 1762.326526] ? find_held_lock+0x2c/0x110 [ 1762.326877] ? io_submit_sqes+0x8610/0x8610 [ 1762.327250] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1762.327664] ? wait_for_completion_io+0x270/0x270 [ 1762.328094] ? rcu_read_lock_any_held+0x75/0xa0 [ 1762.328490] ? vfs_write+0x354/0xb10 [ 1762.328808] ? fput_many+0x2f/0x1a0 [ 1762.329122] ? ksys_write+0x1a9/0x260 [ 1762.329447] ? __ia32_sys_read+0xb0/0xb0 [ 1762.329808] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1762.330261] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1762.330701] do_syscall_64+0x33/0x40 [ 1762.331026] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1762.331461] RIP: 0033:0x7f285a8beb19 [ 1762.331798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1762.333339] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1762.333979] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1762.334576] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1762.335176] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1762.335786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1762.336384] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:51:50 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) 05:51:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1776.196905] FAULT_INJECTION: forcing a failure. [ 1776.196905] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.197917] CPU: 1 PID: 8599 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1776.198500] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.199187] Call Trace: [ 1776.199427] dump_stack+0x107/0x167 [ 1776.199739] should_fail.cold+0x5/0xa [ 1776.200085] ? io_timeout_prep+0x693/0x8b0 [ 1776.200465] should_failslab+0x5/0x20 [ 1776.200789] __kmalloc+0x72/0x390 [ 1776.201087] ? __hrtimer_init+0x12c/0x270 [ 1776.201451] io_timeout_prep+0x693/0x8b0 [ 1776.201802] io_submit_sqes+0x54d8/0x8610 [ 1776.202175] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.202607] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.203020] ? lock_downgrade+0x6d0/0x6d0 [ 1776.203372] ? find_held_lock+0x2c/0x110 [ 1776.203731] ? io_submit_sqes+0x8610/0x8610 [ 1776.204129] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.204551] ? wait_for_completion_io+0x270/0x270 [ 1776.204967] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.205809] ? vfs_write+0x354/0xb10 [ 1776.206126] ? fput_many+0x2f/0x1a0 [ 1776.206436] ? ksys_write+0x1a9/0x260 [ 1776.207858] ? __ia32_sys_read+0xb0/0xb0 [ 1776.208211] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.208654] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.209105] do_syscall_64+0x33/0x40 [ 1776.209424] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.209865] RIP: 0033:0x7f0159fffb19 [ 1776.210184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 05:51:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49) 05:51:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) 05:51:50 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x3}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x1}, 0x0) creat(0x0, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000000), 0x8001, 0x10d000) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT={0x12, 0x3, 0x0, r3, 0x0, &(0x7f0000000180)='./file0\x00', 0x104, 0x200040, 0x12345}, 0xfffffffa) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1776.211735] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.213332] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1776.213927] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.214550] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.215166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.215763] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1776.221930] FAULT_INJECTION: forcing a failure. [ 1776.221930] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1776.223158] CPU: 0 PID: 8600 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1776.223738] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.224460] Call Trace: [ 1776.224695] dump_stack+0x107/0x167 [ 1776.225016] should_fail.cold+0x5/0xa [ 1776.225356] _copy_from_user+0x2e/0x1b0 [ 1776.225706] get_timespec64+0x75/0x190 [ 1776.226046] ? put_timespec64+0x130/0x130 [ 1776.226418] ? kasan_unpoison_shadow+0x33/0x50 [ 1776.226828] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1776.227290] io_timeout_prep+0x3c5/0x8b0 [ 1776.227650] io_submit_sqes+0x54d8/0x8610 [ 1776.228053] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.228482] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.228902] ? lock_downgrade+0x6d0/0x6d0 [ 1776.229270] ? find_held_lock+0x2c/0x110 [ 1776.229628] FAULT_INJECTION: forcing a failure. [ 1776.229628] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.229640] ? io_submit_sqes+0x8610/0x8610 [ 1776.229663] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.231373] ? wait_for_completion_io+0x270/0x270 [ 1776.231792] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.232222] ? vfs_write+0x354/0xb10 [ 1776.232545] ? fput_many+0x2f/0x1a0 [ 1776.232861] ? ksys_write+0x1a9/0x260 [ 1776.233200] ? __ia32_sys_read+0xb0/0xb0 [ 1776.233554] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.234007] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.234459] do_syscall_64+0x33/0x40 [ 1776.234781] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.235229] RIP: 0033:0x7f30a2e99b19 [ 1776.235551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.237138] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.237790] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1776.238413] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.239024] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.239638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.240270] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1776.240899] CPU: 1 PID: 8603 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1776.241505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.242202] Call Trace: [ 1776.243505] dump_stack+0x107/0x167 [ 1776.243841] should_fail.cold+0x5/0xa [ 1776.244178] ? create_object.isra.0+0x3a/0xa20 [ 1776.244589] should_failslab+0x5/0x20 [ 1776.244912] kmem_cache_alloc+0x5b/0x310 [ 1776.245268] ? mark_held_locks+0x9e/0xe0 [ 1776.245641] create_object.isra.0+0x3a/0xa20 [ 1776.246027] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1776.246481] kmem_cache_alloc_bulk+0x168/0x320 [ 1776.246903] io_submit_sqes+0x6fe6/0x8610 [ 1776.247288] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.247728] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.247742] FAULT_INJECTION: forcing a failure. [ 1776.247742] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.249106] ? lock_downgrade+0x6d0/0x6d0 [ 1776.249458] ? find_held_lock+0x2c/0x110 [ 1776.249808] ? io_submit_sqes+0x8610/0x8610 [ 1776.251267] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.251678] ? wait_for_completion_io+0x270/0x270 [ 1776.252125] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.252520] ? vfs_write+0x354/0xb10 [ 1776.252835] ? fput_many+0x2f/0x1a0 [ 1776.253161] ? ksys_write+0x1a9/0x260 [ 1776.253485] ? __ia32_sys_read+0xb0/0xb0 [ 1776.253834] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.254296] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.254733] do_syscall_64+0x33/0x40 [ 1776.255054] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.255502] RIP: 0033:0x7fd7b8236b19 [ 1776.255823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.258458] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.259105] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1776.259712] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.260333] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.260941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.261556] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1776.262188] CPU: 0 PID: 8604 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1776.262786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.263490] Call Trace: [ 1776.263718] dump_stack+0x107/0x167 [ 1776.264052] should_fail.cold+0x5/0xa [ 1776.264381] ? io_timeout_prep+0x693/0x8b0 [ 1776.264746] should_failslab+0x5/0x20 [ 1776.265076] __kmalloc+0x72/0x390 [ 1776.265383] ? __hrtimer_init+0x12c/0x270 [ 1776.265752] io_timeout_prep+0x693/0x8b0 [ 1776.266114] io_submit_sqes+0x54d8/0x8610 [ 1776.266492] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.266920] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.267336] ? lock_downgrade+0x6d0/0x6d0 [ 1776.267692] ? find_held_lock+0x2c/0x110 [ 1776.268066] ? io_submit_sqes+0x8610/0x8610 [ 1776.268446] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.268868] ? wait_for_completion_io+0x270/0x270 [ 1776.269289] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.269696] ? vfs_write+0x354/0xb10 [ 1776.270028] ? fput_many+0x2f/0x1a0 [ 1776.270349] ? ksys_write+0x1a9/0x260 [ 1776.270684] ? __ia32_sys_read+0xb0/0xb0 [ 1776.271043] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.271494] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.271954] do_syscall_64+0x33/0x40 [ 1776.272275] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.272718] RIP: 0033:0x7f3842280b19 [ 1776.273048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.274609] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.275256] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1776.275881] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.276491] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.277091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.277697] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1776.284210] FAULT_INJECTION: forcing a failure. [ 1776.284210] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.285241] CPU: 1 PID: 8591 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1776.285834] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.286571] Call Trace: [ 1776.286827] dump_stack+0x107/0x167 [ 1776.287188] should_fail.cold+0x5/0xa [ 1776.287549] ? create_object.isra.0+0x3a/0xa20 [ 1776.287987] should_failslab+0x5/0x20 [ 1776.288329] kmem_cache_alloc+0x5b/0x310 [ 1776.288688] create_object.isra.0+0x3a/0xa20 [ 1776.289065] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1776.289514] __kmalloc+0x16e/0x390 [ 1776.289823] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1776.290292] io_timeout_prep+0x693/0x8b0 [ 1776.290655] io_submit_sqes+0x54d8/0x8610 [ 1776.291045] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.291483] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.291920] ? lock_downgrade+0x6d0/0x6d0 [ 1776.292296] ? find_held_lock+0x2c/0x110 [ 1776.292646] ? io_submit_sqes+0x8610/0x8610 [ 1776.293020] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.293450] ? wait_for_completion_io+0x270/0x270 [ 1776.293861] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.294266] ? vfs_write+0x354/0xb10 [ 1776.294598] ? fput_many+0x2f/0x1a0 [ 1776.294913] ? ksys_write+0x1a9/0x260 [ 1776.295249] ? __ia32_sys_read+0xb0/0xb0 [ 1776.295611] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.296079] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.296534] do_syscall_64+0x33/0x40 [ 1776.296854] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.297293] RIP: 0033:0x7f285a8beb19 [ 1776.297625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.299189] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.299847] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1776.300460] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1776.301075] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.301688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.302302] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:51:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:51:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 05:51:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 05:51:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50) 05:51:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4, 0x0, 0x0, 0x0) 05:51:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) 05:51:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1776.658119] FAULT_INJECTION: forcing a failure. [ 1776.658119] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.659196] CPU: 0 PID: 8620 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1776.659769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.660488] Call Trace: [ 1776.660726] dump_stack+0x107/0x167 [ 1776.661042] should_fail.cold+0x5/0xa [ 1776.661372] ? create_object.isra.0+0x3a/0xa20 [ 1776.661766] should_failslab+0x5/0x20 [ 1776.662097] kmem_cache_alloc+0x5b/0x310 [ 1776.662450] create_object.isra.0+0x3a/0xa20 [ 1776.662827] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1776.663262] __kmalloc+0x16e/0x390 [ 1776.663576] io_timeout_prep+0x693/0x8b0 [ 1776.663947] io_submit_sqes+0x54d8/0x8610 [ 1776.664327] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.664751] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.665170] ? lock_downgrade+0x6d0/0x6d0 [ 1776.665522] ? find_held_lock+0x2c/0x110 [ 1776.665882] ? io_submit_sqes+0x8610/0x8610 [ 1776.666270] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.666691] ? wait_for_completion_io+0x270/0x270 [ 1776.667106] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.667501] ? vfs_write+0x354/0xb10 [ 1776.667843] ? fput_many+0x2f/0x1a0 [ 1776.668146] FAULT_INJECTION: forcing a failure. [ 1776.668146] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.668189] ? ksys_write+0x1a9/0x260 [ 1776.669480] ? __ia32_sys_read+0xb0/0xb0 [ 1776.669829] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.670282] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.670723] do_syscall_64+0x33/0x40 [ 1776.671045] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.671485] RIP: 0033:0x7f0159fffb19 [ 1776.671805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.673379] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.674025] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1776.674627] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.675231] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.675833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.676451] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1776.677081] CPU: 1 PID: 8623 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1776.677662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.678364] Call Trace: [ 1776.678599] dump_stack+0x107/0x167 [ 1776.678917] should_fail.cold+0x5/0xa [ 1776.679262] ? io_timeout_prep+0x693/0x8b0 [ 1776.679625] should_failslab+0x5/0x20 [ 1776.679971] __kmalloc+0x72/0x390 [ 1776.680283] ? __hrtimer_init+0x12c/0x270 [ 1776.680638] io_timeout_prep+0x693/0x8b0 [ 1776.680988] io_submit_sqes+0x54d8/0x8610 [ 1776.681374] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.681807] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.682248] ? lock_downgrade+0x6d0/0x6d0 [ 1776.682600] ? find_held_lock+0x2c/0x110 [ 1776.682948] ? io_submit_sqes+0x8610/0x8610 [ 1776.683336] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.683749] ? wait_for_completion_io+0x270/0x270 [ 1776.684178] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.684586] ? vfs_write+0x354/0xb10 [ 1776.684906] ? fput_many+0x2f/0x1a0 [ 1776.685216] ? ksys_write+0x1a9/0x260 [ 1776.685553] ? __ia32_sys_read+0xb0/0xb0 [ 1776.685908] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.686349] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.686800] do_syscall_64+0x33/0x40 [ 1776.687118] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.687564] RIP: 0033:0x7f30a2e99b19 [ 1776.687892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.689435] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.690088] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1776.690711] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.691307] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.691929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.692526] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1776.707428] FAULT_INJECTION: forcing a failure. [ 1776.707428] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.708494] CPU: 0 PID: 8624 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1776.709069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.709759] Call Trace: [ 1776.709989] dump_stack+0x107/0x167 [ 1776.710303] should_fail.cold+0x5/0xa [ 1776.710637] ? create_object.isra.0+0x3a/0xa20 [ 1776.711037] should_failslab+0x5/0x20 [ 1776.711368] kmem_cache_alloc+0x5b/0x310 [ 1776.711716] create_object.isra.0+0x3a/0xa20 [ 1776.712106] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1776.712538] __kmalloc+0x16e/0x390 [ 1776.712847] io_timeout_prep+0x693/0x8b0 [ 1776.713199] io_submit_sqes+0x54d8/0x8610 [ 1776.713572] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.713994] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.714406] ? lock_downgrade+0x6d0/0x6d0 [ 1776.714755] ? find_held_lock+0x2c/0x110 [ 1776.715106] ? io_submit_sqes+0x8610/0x8610 [ 1776.715479] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.715901] ? wait_for_completion_io+0x270/0x270 [ 1776.716321] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.716715] ? vfs_write+0x354/0xb10 [ 1776.717033] ? fput_many+0x2f/0x1a0 [ 1776.717345] ? ksys_write+0x1a9/0x260 [ 1776.717670] ? __ia32_sys_read+0xb0/0xb0 [ 1776.718021] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.718468] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.718908] do_syscall_64+0x33/0x40 [ 1776.719232] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.719667] RIP: 0033:0x7f3842280b19 [ 1776.720000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.721540] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.722187] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1776.722786] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.723387] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.724004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.724605] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:51:51 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) [ 1776.781230] FAULT_INJECTION: forcing a failure. [ 1776.781230] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.782259] CPU: 1 PID: 8626 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1776.782836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.783534] Call Trace: [ 1776.783767] dump_stack+0x107/0x167 [ 1776.784091] should_fail.cold+0x5/0xa [ 1776.784430] ? create_object.isra.0+0x3a/0xa20 [ 1776.784817] should_failslab+0x5/0x20 [ 1776.785149] kmem_cache_alloc+0x5b/0x310 [ 1776.785511] ? mark_held_locks+0x9e/0xe0 [ 1776.785859] create_object.isra.0+0x3a/0xa20 [ 1776.786237] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1776.786692] kmem_cache_alloc_bulk+0x168/0x320 [ 1776.787107] io_submit_sqes+0x6fe6/0x8610 [ 1776.787509] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.787943] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1776.788359] ? lock_downgrade+0x6d0/0x6d0 [ 1776.788732] ? find_held_lock+0x2c/0x110 [ 1776.789085] ? io_submit_sqes+0x8610/0x8610 [ 1776.789470] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1776.789888] ? wait_for_completion_io+0x270/0x270 [ 1776.790305] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.790718] ? vfs_write+0x354/0xb10 [ 1776.791038] ? fput_many+0x2f/0x1a0 [ 1776.791353] ? ksys_write+0x1a9/0x260 [ 1776.791702] ? __ia32_sys_read+0xb0/0xb0 [ 1776.792067] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.792511] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.792972] do_syscall_64+0x33/0x40 [ 1776.793293] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.793741] RIP: 0033:0x7fd7b8236b19 [ 1776.794066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.795626] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1776.796297] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1776.796907] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1776.797515] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.798128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1776.798732] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:52:05 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) 05:52:05 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:52:05 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 05:52:05 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8, 0x0, 0x0, 0x0) 05:52:05 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x2f, 0xf8, 0x6b, 0x5, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, 0x10, 0x20, 0xffffffe3, 0xeb5b}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000240)={'syztnl1\x00', r5, 0x7, 0x8000, 0x7f, 0x9, {{0x11, 0x4, 0x0, 0x7, 0x44, 0x64, 0x0, 0x6, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, {[@timestamp={0x44, 0x28, 0x38, 0x0, 0x1, [0x7, 0x9, 0x0, 0x4585, 0x2e, 0x800, 0x3, 0x4, 0xfffffffd]}, @generic={0x173bbae2bad9d064, 0x2}, @generic={0x82, 0x5, "0e67a0"}, @noop]}}}}}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1791.401953] FAULT_INJECTION: forcing a failure. [ 1791.401953] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.402956] CPU: 0 PID: 8636 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1791.403531] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.404257] Call Trace: [ 1791.404491] dump_stack+0x107/0x167 [ 1791.404803] should_fail.cold+0x5/0xa [ 1791.405128] ? io_timeout_prep+0x693/0x8b0 [ 1791.405486] ? io_timeout_prep+0x693/0x8b0 [ 1791.405853] should_failslab+0x5/0x20 [ 1791.406179] __kmalloc+0x72/0x390 [ 1791.406474] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1791.406915] io_timeout_prep+0x693/0x8b0 [ 1791.407265] io_submit_sqes+0x54d8/0x8610 [ 1791.407640] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.408103] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.408520] ? lock_downgrade+0x6d0/0x6d0 [ 1791.408877] ? find_held_lock+0x2c/0x110 [ 1791.409226] ? io_submit_sqes+0x8610/0x8610 [ 1791.409598] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.410010] ? wait_for_completion_io+0x270/0x270 [ 1791.410419] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.410813] ? vfs_write+0x354/0xb10 [ 1791.411130] ? fput_many+0x2f/0x1a0 [ 1791.411441] ? ksys_write+0x1a9/0x260 [ 1791.411765] ? __ia32_sys_read+0xb0/0xb0 [ 1791.412151] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.412596] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.413034] do_syscall_64+0x33/0x40 [ 1791.413352] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.413786] RIP: 0033:0x7fd7b8236b19 [ 1791.414104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.415635] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.416317] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1791.416915] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.417510] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.418106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.418702] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 05:52:05 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:52:05 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) 05:52:05 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51) [ 1791.458564] FAULT_INJECTION: forcing a failure. [ 1791.458564] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1791.459659] CPU: 1 PID: 8646 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1791.460303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.461040] Call Trace: [ 1791.461297] dump_stack+0x107/0x167 [ 1791.461635] should_fail.cold+0x5/0xa [ 1791.462012] _copy_from_user+0x2e/0x1b0 [ 1791.462361] get_timespec64+0x75/0x190 [ 1791.462694] ? put_timespec64+0x130/0x130 [ 1791.463068] ? kasan_unpoison_shadow+0x33/0x50 [ 1791.463462] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1791.463902] io_timeout_prep+0x3c5/0x8b0 [ 1791.464306] io_submit_sqes+0x54d8/0x8610 [ 1791.464680] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.465115] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.465532] ? lock_downgrade+0x6d0/0x6d0 [ 1791.465882] ? find_held_lock+0x2c/0x110 [ 1791.466248] ? io_submit_sqes+0x8610/0x8610 [ 1791.466624] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.467037] ? wait_for_completion_io+0x270/0x270 [ 1791.467621] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.468029] ? vfs_write+0x354/0xb10 [ 1791.468369] ? fput_many+0x2f/0x1a0 [ 1791.468688] ? ksys_write+0x1a9/0x260 [ 1791.469013] ? __ia32_sys_read+0xb0/0xb0 [ 1791.469375] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.469825] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.470268] do_syscall_64+0x33/0x40 [ 1791.470596] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.471041] RIP: 0033:0x7f0159fffb19 [ 1791.471361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.472935] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.473596] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1791.474204] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.474811] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.475418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.476048] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1791.482659] FAULT_INJECTION: forcing a failure. [ 1791.482659] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1791.483739] CPU: 1 PID: 8644 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1791.484357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.485074] Call Trace: [ 1791.485339] dump_stack+0x107/0x167 [ 1791.485675] should_fail.cold+0x5/0xa [ 1791.486045] _copy_from_user+0x2e/0x1b0 [ 1791.486436] get_timespec64+0x75/0x190 [ 1791.486767] ? put_timespec64+0x130/0x130 [ 1791.487126] ? kasan_unpoison_shadow+0x33/0x50 [ 1791.487531] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1791.487968] io_timeout_prep+0x3c5/0x8b0 [ 1791.488347] io_submit_sqes+0x54d8/0x8610 [ 1791.488721] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.489147] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.489576] ? lock_downgrade+0x6d0/0x6d0 [ 1791.489926] ? find_held_lock+0x2c/0x110 [ 1791.490280] ? io_submit_sqes+0x8610/0x8610 [ 1791.490672] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.491088] ? wait_for_completion_io+0x270/0x270 [ 1791.491519] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.491926] ? vfs_write+0x354/0xb10 [ 1791.492272] ? fput_many+0x2f/0x1a0 [ 1791.492594] ? ksys_write+0x1a9/0x260 [ 1791.492926] ? __ia32_sys_read+0xb0/0xb0 [ 1791.493281] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.493736] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.494189] do_syscall_64+0x33/0x40 [ 1791.494505] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.494955] RIP: 0033:0x7f285a8beb19 [ 1791.495279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.496863] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.497511] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1791.498133] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1791.498731] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.499349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.499978] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1791.509862] FAULT_INJECTION: forcing a failure. [ 1791.509862] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.511136] CPU: 1 PID: 8650 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1791.511902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.512637] Call Trace: [ 1791.512865] dump_stack+0x107/0x167 [ 1791.513181] should_fail.cold+0x5/0xa [ 1791.513503] ? create_object.isra.0+0x3a/0xa20 [ 1791.513904] should_failslab+0x5/0x20 [ 1791.514234] kmem_cache_alloc+0x5b/0x310 [ 1791.514592] create_object.isra.0+0x3a/0xa20 [ 1791.514977] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1791.515421] __kmalloc+0x16e/0x390 [ 1791.515739] io_timeout_prep+0x693/0x8b0 [ 1791.516110] io_submit_sqes+0x54d8/0x8610 [ 1791.516484] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.516922] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.517341] ? lock_downgrade+0x6d0/0x6d0 [ 1791.517697] ? find_held_lock+0x2c/0x110 [ 1791.518059] ? io_submit_sqes+0x8610/0x8610 [ 1791.518435] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.518863] ? wait_for_completion_io+0x270/0x270 [ 1791.519279] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.519673] ? vfs_write+0x354/0xb10 [ 1791.520008] ? fput_many+0x2f/0x1a0 [ 1791.520331] ? ksys_write+0x1a9/0x260 [ 1791.520656] ? __ia32_sys_read+0xb0/0xb0 [ 1791.521015] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.521515] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.521949] do_syscall_64+0x33/0x40 [ 1791.522288] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.522726] RIP: 0033:0x7f30a2e99b19 [ 1791.523042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.524632] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.525289] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1791.525896] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.526511] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.527126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.527734] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1791.530538] FAULT_INJECTION: forcing a failure. [ 1791.530538] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1791.531622] CPU: 1 PID: 8652 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1791.532222] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.532943] Call Trace: [ 1791.533178] dump_stack+0x107/0x167 [ 1791.533490] should_fail.cold+0x5/0xa [ 1791.533840] _copy_from_user+0x2e/0x1b0 [ 1791.534189] get_timespec64+0x75/0x190 [ 1791.534524] ? put_timespec64+0x130/0x130 [ 1791.534907] ? kasan_unpoison_shadow+0x33/0x50 [ 1791.535306] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1791.535743] io_timeout_prep+0x3c5/0x8b0 [ 1791.536134] io_submit_sqes+0x54d8/0x8610 [ 1791.536509] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.536948] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.537362] ? lock_downgrade+0x6d0/0x6d0 [ 1791.537713] ? find_held_lock+0x2c/0x110 [ 1791.538085] ? io_submit_sqes+0x8610/0x8610 [ 1791.538476] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.538900] ? wait_for_completion_io+0x270/0x270 [ 1791.539329] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.539725] ? vfs_write+0x354/0xb10 [ 1791.540073] ? fput_many+0x2f/0x1a0 [ 1791.540392] ? ksys_write+0x1a9/0x260 [ 1791.540719] ? __ia32_sys_read+0xb0/0xb0 [ 1791.541081] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.541534] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.541973] do_syscall_64+0x33/0x40 [ 1791.542315] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.542756] RIP: 0033:0x7f3842280b19 [ 1791.543076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.544685] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.545334] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1791.545945] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.546559] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.547178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.547789] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:52:05 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 05:52:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) 05:52:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 05:52:06 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1791.800996] FAULT_INJECTION: forcing a failure. [ 1791.800996] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.802393] CPU: 1 PID: 8662 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1791.803005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.803725] Call Trace: [ 1791.803994] dump_stack+0x107/0x167 [ 1791.804339] should_fail.cold+0x5/0xa [ 1791.804693] ? create_object.isra.0+0x3a/0xa20 [ 1791.805115] should_failslab+0x5/0x20 [ 1791.805449] kmem_cache_alloc+0x5b/0x310 [ 1791.805800] create_object.isra.0+0x3a/0xa20 [ 1791.806189] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1791.806629] __kmalloc+0x16e/0x390 [ 1791.806933] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1791.807396] io_timeout_prep+0x693/0x8b0 [ 1791.807749] io_submit_sqes+0x54d8/0x8610 [ 1791.808148] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.808578] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.808991] ? lock_downgrade+0x6d0/0x6d0 [ 1791.809357] ? find_held_lock+0x2c/0x110 [ 1791.809714] ? io_submit_sqes+0x8610/0x8610 [ 1791.810107] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.810534] ? wait_for_completion_io+0x270/0x270 [ 1791.810957] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.811372] ? vfs_write+0x354/0xb10 [ 1791.811693] ? fput_many+0x2f/0x1a0 [ 1791.812016] ? ksys_write+0x1a9/0x260 [ 1791.812359] ? __ia32_sys_read+0xb0/0xb0 [ 1791.812718] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.813164] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.813615] do_syscall_64+0x33/0x40 [ 1791.813938] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.814389] RIP: 0033:0x7fd7b8236b19 [ 1791.814711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.816285] RSP: 002b:00007fd7b57ac188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.816950] RAX: ffffffffffffffda RBX: 00007fd7b8349f60 RCX: 00007fd7b8236b19 [ 1791.817565] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.818171] RBP: 00007fd7b57ac1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.818788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.819391] R13: 00007ffd3b4ccd2f R14: 00007fd7b57ac300 R15: 0000000000022000 [ 1791.848779] FAULT_INJECTION: forcing a failure. [ 1791.848779] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.849952] CPU: 0 PID: 8665 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1791.850535] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.851234] Call Trace: [ 1791.851467] dump_stack+0x107/0x167 [ 1791.851780] should_fail.cold+0x5/0xa [ 1791.852137] should_failslab+0x5/0x20 [ 1791.852467] kmem_cache_alloc_bulk+0x4b/0x320 [ 1791.852854] io_submit_sqes+0x6fe6/0x8610 [ 1791.853212] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1791.853644] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.854070] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.854484] ? lock_downgrade+0x6d0/0x6d0 [ 1791.854836] ? find_held_lock+0x2c/0x110 [ 1791.855187] ? io_submit_sqes+0x8610/0x8610 [ 1791.855564] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.855987] ? wait_for_completion_io+0x270/0x270 [ 1791.856408] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.856808] ? vfs_write+0x354/0xb10 [ 1791.857136] ? fput_many+0x2f/0x1a0 [ 1791.857453] ? ksys_write+0x1a9/0x260 [ 1791.857782] ? __ia32_sys_read+0xb0/0xb0 [ 1791.858145] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.858588] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.859031] do_syscall_64+0x33/0x40 [ 1791.859354] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.859787] RIP: 0033:0x7fdd7f524b19 [ 1791.860123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.861678] RSP: 002b:00007fdd7ca9a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.862332] RAX: ffffffffffffffda RBX: 00007fdd7f637f60 RCX: 00007fdd7f524b19 [ 1791.862933] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.863543] RBP: 00007fdd7ca9a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.864168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1791.864772] R13: 00007ffc3c31ba7f R14: 00007fdd7ca9a300 R15: 0000000000022000 05:52:06 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) 05:52:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52) [ 1791.929473] FAULT_INJECTION: forcing a failure. [ 1791.929473] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.930496] CPU: 0 PID: 8669 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1791.931071] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.931764] Call Trace: [ 1791.932010] dump_stack+0x107/0x167 [ 1791.932351] should_fail.cold+0x5/0xa [ 1791.932720] ? io_timeout_prep+0x693/0x8b0 [ 1791.933137] should_failslab+0x5/0x20 [ 1791.933483] __kmalloc+0x72/0x390 [ 1791.933801] ? __hrtimer_init+0x12c/0x270 [ 1791.934195] io_timeout_prep+0x693/0x8b0 [ 1791.934547] io_submit_sqes+0x54d8/0x8610 [ 1791.934967] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.935400] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.935845] ? lock_downgrade+0x6d0/0x6d0 [ 1791.936231] ? find_held_lock+0x2c/0x110 [ 1791.936582] ? io_submit_sqes+0x8610/0x8610 [ 1791.936956] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.937373] ? wait_for_completion_io+0x270/0x270 [ 1791.937786] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.938185] ? vfs_write+0x354/0xb10 [ 1791.938506] ? fput_many+0x2f/0x1a0 [ 1791.938824] ? ksys_write+0x1a9/0x260 [ 1791.939153] ? __ia32_sys_read+0xb0/0xb0 [ 1791.939510] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.939966] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.940424] do_syscall_64+0x33/0x40 [ 1791.940752] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.941197] RIP: 0033:0x7f0159fffb19 [ 1791.941529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.943123] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.943790] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1791.944415] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.945018] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1791.945627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.946255] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:52:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1791.982853] FAULT_INJECTION: forcing a failure. [ 1791.982853] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1791.983900] CPU: 1 PID: 8670 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1791.984510] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.985235] Call Trace: [ 1791.985488] dump_stack+0x107/0x167 [ 1791.985834] should_fail.cold+0x5/0xa [ 1791.986204] _copy_from_user+0x2e/0x1b0 [ 1791.986565] get_timespec64+0x75/0x190 [ 1791.986899] ? put_timespec64+0x130/0x130 [ 1791.987265] ? kasan_unpoison_shadow+0x33/0x50 [ 1791.987653] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1791.988112] io_timeout_prep+0x3c5/0x8b0 [ 1791.988464] io_submit_sqes+0x54d8/0x8610 [ 1791.988838] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.989274] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1791.989694] ? lock_downgrade+0x6d0/0x6d0 [ 1791.990048] ? find_held_lock+0x2c/0x110 [ 1791.990414] ? io_submit_sqes+0x8610/0x8610 [ 1791.990788] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1791.991218] ? wait_for_completion_io+0x270/0x270 [ 1791.991632] ? rcu_read_lock_any_held+0x75/0xa0 [ 1791.992045] ? vfs_write+0x354/0xb10 [ 1791.992387] ? fput_many+0x2f/0x1a0 [ 1791.992699] ? ksys_write+0x1a9/0x260 [ 1791.993024] ? __ia32_sys_read+0xb0/0xb0 [ 1791.993385] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.993840] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.994289] do_syscall_64+0x33/0x40 [ 1791.994627] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.995076] RIP: 0033:0x7f30a2e99b19 [ 1791.995353] FAULT_INJECTION: forcing a failure. [ 1791.995353] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.995403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.997919] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1791.998570] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1791.999187] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1791.999802] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1792.000424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1792.001042] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1792.001668] CPU: 0 PID: 8673 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1792.002262] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1792.002955] Call Trace: [ 1792.003188] dump_stack+0x107/0x167 [ 1792.003503] should_fail.cold+0x5/0xa 05:52:06 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1792.003830] ? io_timeout_prep+0x693/0x8b0 [ 1792.004223] should_failslab+0x5/0x20 [ 1792.004555] __kmalloc+0x72/0x390 [ 1792.004860] ? __hrtimer_init+0x12c/0x270 [ 1792.005346] io_timeout_prep+0x693/0x8b0 [ 1792.005699] io_submit_sqes+0x54d8/0x8610 [ 1792.006079] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.006510] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.006926] ? lock_downgrade+0x6d0/0x6d0 [ 1792.007296] ? find_held_lock+0x2c/0x110 [ 1792.007657] ? io_submit_sqes+0x8610/0x8610 [ 1792.008063] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1792.008487] ? wait_for_completion_io+0x270/0x270 [ 1792.008898] ? rcu_read_lock_any_held+0x75/0xa0 [ 1792.009294] ? vfs_write+0x354/0xb10 [ 1792.009612] ? fput_many+0x2f/0x1a0 [ 1792.009923] ? ksys_write+0x1a9/0x260 [ 1792.010248] ? __ia32_sys_read+0xb0/0xb0 [ 1792.010596] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1792.011039] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1792.011477] do_syscall_64+0x33/0x40 [ 1792.011799] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1792.012246] RIP: 0033:0x7f285a8beb19 [ 1792.012563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1792.014103] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1792.014744] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1792.015350] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1792.015950] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1792.016570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1792.017181] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:52:06 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0) [ 1792.077209] FAULT_INJECTION: forcing a failure. [ 1792.077209] name failslab, interval 1, probability 0, space 0, times 0 [ 1792.078260] CPU: 0 PID: 8677 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1792.078835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1792.079531] Call Trace: [ 1792.079762] dump_stack+0x107/0x167 [ 1792.080094] should_fail.cold+0x5/0xa [ 1792.080429] ? io_timeout_prep+0x693/0x8b0 [ 1792.080792] should_failslab+0x5/0x20 [ 1792.081128] __kmalloc+0x72/0x390 [ 1792.081428] ? __hrtimer_init+0x12c/0x270 [ 1792.081786] io_timeout_prep+0x693/0x8b0 [ 1792.082141] io_submit_sqes+0x54d8/0x8610 [ 1792.082523] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.082948] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.083371] ? lock_downgrade+0x6d0/0x6d0 [ 1792.083724] ? find_held_lock+0x2c/0x110 [ 1792.084102] ? io_submit_sqes+0x8610/0x8610 [ 1792.084478] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1792.084899] ? wait_for_completion_io+0x270/0x270 [ 1792.085318] ? rcu_read_lock_any_held+0x75/0xa0 [ 1792.085716] ? vfs_write+0x354/0xb10 [ 1792.086036] ? fput_many+0x2f/0x1a0 [ 1792.086350] ? ksys_write+0x1a9/0x260 [ 1792.086676] ? __ia32_sys_read+0xb0/0xb0 [ 1792.087040] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1792.087488] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1792.087936] do_syscall_64+0x33/0x40 [ 1792.088277] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1792.088714] RIP: 0033:0x7f3842280b19 [ 1792.089040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1792.090581] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1792.091232] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1792.091833] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1792.092456] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1792.093057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1792.093665] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:52:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53) 05:52:06 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1792.260959] FAULT_INJECTION: forcing a failure. [ 1792.260959] name failslab, interval 1, probability 0, space 0, times 0 [ 1792.262050] CPU: 1 PID: 8684 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1792.262624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1792.263335] Call Trace: [ 1792.263567] dump_stack+0x107/0x167 [ 1792.263878] should_fail.cold+0x5/0xa [ 1792.264236] ? create_object.isra.0+0x3a/0xa20 [ 1792.264629] should_failslab+0x5/0x20 [ 1792.264957] kmem_cache_alloc+0x5b/0x310 [ 1792.265334] create_object.isra.0+0x3a/0xa20 [ 1792.265715] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1792.266174] __kmalloc+0x16e/0x390 [ 1792.266498] io_timeout_prep+0x693/0x8b0 [ 1792.266855] io_submit_sqes+0x54d8/0x8610 [ 1792.267246] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.267675] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.268112] ? lock_downgrade+0x6d0/0x6d0 [ 1792.268478] ? find_held_lock+0x2c/0x110 [ 1792.268836] ? io_submit_sqes+0x8610/0x8610 [ 1792.269225] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1792.269659] ? wait_for_completion_io+0x270/0x270 [ 1792.270081] ? rcu_read_lock_any_held+0x75/0xa0 [ 1792.270494] ? vfs_write+0x354/0xb10 [ 1792.270826] ? fput_many+0x2f/0x1a0 [ 1792.271149] ? ksys_write+0x1a9/0x260 [ 1792.271492] ? __ia32_sys_read+0xb0/0xb0 [ 1792.271848] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1792.272316] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1792.272769] do_syscall_64+0x33/0x40 [ 1792.273095] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1792.273540] RIP: 0033:0x7f0159fffb19 [ 1792.273861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1792.275442] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1792.276122] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1792.276736] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1792.277343] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1792.277962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1792.278578] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:52:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) [ 1792.341258] FAULT_INJECTION: forcing a failure. [ 1792.341258] name failslab, interval 1, probability 0, space 0, times 0 [ 1792.342411] CPU: 1 PID: 8688 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1792.342990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1792.343692] Call Trace: [ 1792.343931] dump_stack+0x107/0x167 [ 1792.344279] should_fail.cold+0x5/0xa [ 1792.344605] ? create_object.isra.0+0x3a/0xa20 [ 1792.345001] should_failslab+0x5/0x20 [ 1792.345343] kmem_cache_alloc+0x5b/0x310 [ 1792.345694] create_object.isra.0+0x3a/0xa20 [ 1792.346077] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1792.346526] kmem_cache_alloc_bulk+0x168/0x320 [ 1792.346918] io_submit_sqes+0x6fe6/0x8610 [ 1792.347275] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1792.347713] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.348160] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.348593] ? lock_downgrade+0x6d0/0x6d0 [ 1792.348943] ? find_held_lock+0x2c/0x110 [ 1792.349302] ? io_submit_sqes+0x8610/0x8610 [ 1792.349693] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1792.350109] ? wait_for_completion_io+0x270/0x270 [ 1792.350541] ? rcu_read_lock_any_held+0x75/0xa0 [ 1792.350943] ? vfs_write+0x354/0xb10 [ 1792.351268] ? fput_many+0x2f/0x1a0 [ 1792.351593] ? ksys_write+0x1a9/0x260 [ 1792.351918] ? __ia32_sys_read+0xb0/0xb0 [ 1792.352286] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1792.352749] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1792.353188] do_syscall_64+0x33/0x40 [ 1792.353506] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1792.353963] RIP: 0033:0x7fdd7f524b19 [ 1792.354296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1792.355879] RSP: 002b:00007fdd7ca9a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1792.356546] RAX: ffffffffffffffda RBX: 00007fdd7f637f60 RCX: 00007fdd7f524b19 [ 1792.357160] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1792.357762] RBP: 00007fdd7ca9a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1792.358384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1792.358995] R13: 00007ffc3c31ba7f R14: 00007fdd7ca9a300 R15: 0000000000022000 05:52:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1792.440577] FAULT_INJECTION: forcing a failure. [ 1792.440577] name failslab, interval 1, probability 0, space 0, times 0 [ 1792.441732] CPU: 1 PID: 8691 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1792.442335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1792.443026] Call Trace: [ 1792.443267] dump_stack+0x107/0x167 [ 1792.443589] should_fail.cold+0x5/0xa [ 1792.443930] ? create_object.isra.0+0x3a/0xa20 [ 1792.444422] should_failslab+0x5/0x20 [ 1792.444746] kmem_cache_alloc+0x5b/0x310 [ 1792.445103] create_object.isra.0+0x3a/0xa20 [ 1792.445502] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1792.445939] __kmalloc+0x16e/0x390 [ 1792.446251] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1792.446779] io_timeout_prep+0x693/0x8b0 [ 1792.447193] io_submit_sqes+0x54d8/0x8610 [ 1792.448205] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.449074] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1792.449906] ? lock_downgrade+0x6d0/0x6d0 [ 1792.450611] ? find_held_lock+0x2c/0x110 [ 1792.451312] ? io_submit_sqes+0x8610/0x8610 [ 1792.452238] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1792.453220] ? wait_for_completion_io+0x270/0x270 [ 1792.454295] ? rcu_read_lock_any_held+0x75/0xa0 [ 1792.455317] ? vfs_write+0x354/0xb10 [ 1792.456156] ? fput_many+0x2f/0x1a0 [ 1792.456960] ? ksys_write+0x1a9/0x260 [ 1792.457800] ? __ia32_sys_read+0xb0/0xb0 [ 1792.458703] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1792.459855] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1792.461000] do_syscall_64+0x33/0x40 [ 1792.461821] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1792.462945] RIP: 0033:0x7f285a8beb19 [ 1792.463766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1792.467833] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1792.469514] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1792.471078] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1792.472656] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1792.474228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1792.475781] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:52:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54) 05:52:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) 05:52:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3) 05:52:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:52:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) 05:52:21 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x8}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x4088c3, 0x0) setsockopt$packet_int(r4, 0x107, 0x10, &(0x7f0000000180)=0x3, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) syz_io_uring_complete(r5) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r7, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:52:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0) [ 1806.787166] FAULT_INJECTION: forcing a failure. [ 1806.787166] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1806.788217] CPU: 1 PID: 8707 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1806.788793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1806.789484] Call Trace: [ 1806.789722] dump_stack+0x107/0x167 [ 1806.790036] should_fail.cold+0x5/0xa [ 1806.790367] _copy_from_user+0x2e/0x1b0 [ 1806.790713] get_timespec64+0x75/0x190 [ 1806.791049] ? put_timespec64+0x130/0x130 [ 1806.791407] ? kasan_unpoison_shadow+0x33/0x50 [ 1806.791797] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1806.792253] io_timeout_prep+0x3c5/0x8b0 [ 1806.792606] io_submit_sqes+0x54d8/0x8610 [ 1806.792981] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.793405] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.793821] ? lock_downgrade+0x6d0/0x6d0 [ 1806.794174] ? find_held_lock+0x2c/0x110 [ 1806.794525] ? io_submit_sqes+0x8610/0x8610 [ 1806.794903] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1806.795320] ? wait_for_completion_io+0x270/0x270 [ 1806.795736] ? rcu_read_lock_any_held+0x75/0xa0 [ 1806.796144] ? vfs_write+0x354/0xb10 [ 1806.796484] ? fput_many+0x2f/0x1a0 [ 1806.796814] ? ksys_write+0x1a9/0x260 [ 1806.797160] ? __ia32_sys_read+0xb0/0xb0 [ 1806.797520] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1806.797966] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1806.798407] do_syscall_64+0x33/0x40 [ 1806.798727] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1806.799163] RIP: 0033:0x7f285a8beb19 [ 1806.799484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1806.805701] FAULT_INJECTION: forcing a failure. [ 1806.805701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1806.817034] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1806.817049] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1806.817057] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1806.817064] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1806.817072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1806.817079] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1806.819833] FAULT_INJECTION: forcing a failure. [ 1806.819833] name failslab, interval 1, probability 0, space 0, times 0 [ 1806.819845] CPU: 1 PID: 8714 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1806.819852] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1806.819856] Call Trace: [ 1806.819867] dump_stack+0x107/0x167 [ 1806.819881] should_fail.cold+0x5/0xa [ 1806.819894] ? create_object.isra.0+0x3a/0xa20 [ 1806.819908] should_failslab+0x5/0x20 [ 1806.819920] kmem_cache_alloc+0x5b/0x310 [ 1806.819937] create_object.isra.0+0x3a/0xa20 [ 1806.819949] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1806.819964] __kmalloc+0x16e/0x390 [ 1806.819984] io_timeout_prep+0x693/0x8b0 [ 1806.820001] io_submit_sqes+0x54d8/0x8610 [ 1806.820034] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.820046] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.820067] ? io_submit_sqes+0x8610/0x8610 [ 1806.820081] ? recalibrate_cpu_khz+0x10/0x10 [ 1806.820101] ? ktime_get+0x158/0x1f0 [ 1806.820118] ? setup_APIC_eilvt+0x2f0/0x2f0 [ 1806.820131] ? clockevents_program_event+0x131/0x360 [ 1806.820147] ? tick_program_event+0xa8/0x140 [ 1806.820160] ? hrtimer_interrupt+0x771/0x9b0 [ 1806.820183] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1806.820195] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1806.820209] do_syscall_64+0x33/0x40 [ 1806.820221] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1806.820229] RIP: 0033:0x7f3842280b19 [ 1806.820240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1806.820248] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1806.820261] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1806.820268] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1806.820276] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1806.820283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1806.820290] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1806.849046] CPU: 0 PID: 8703 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1806.849614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1806.850306] Call Trace: [ 1806.850530] dump_stack+0x107/0x167 [ 1806.850839] should_fail.cold+0x5/0xa [ 1806.851166] _copy_from_user+0x2e/0x1b0 [ 1806.851506] get_timespec64+0x75/0x190 [ 1806.851835] ? put_timespec64+0x130/0x130 [ 1806.852199] ? kasan_unpoison_shadow+0x33/0x50 [ 1806.852584] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1806.853019] io_timeout_prep+0x3c5/0x8b0 [ 1806.853368] io_submit_sqes+0x54d8/0x8610 [ 1806.853738] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.854157] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.854565] ? lock_downgrade+0x6d0/0x6d0 [ 1806.854913] ? find_held_lock+0x2c/0x110 [ 1806.855260] ? io_submit_sqes+0x8610/0x8610 [ 1806.855630] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1806.856044] ? wait_for_completion_io+0x270/0x270 [ 1806.856465] ? rcu_read_lock_any_held+0x75/0xa0 [ 1806.856854] ? vfs_write+0x354/0xb10 [ 1806.857170] ? fput_many+0x2f/0x1a0 [ 1806.857485] ? ksys_write+0x1a9/0x260 [ 1806.857807] ? __ia32_sys_read+0xb0/0xb0 [ 1806.858153] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1806.858593] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1806.859032] do_syscall_64+0x33/0x40 [ 1806.859347] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1806.859775] RIP: 0033:0x7f0159fffb19 [ 1806.860090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1806.861616] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1806.862251] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1806.862848] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1806.863440] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1806.864039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1806.864655] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:52:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:21 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x4000010, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1806.877832] FAULT_INJECTION: forcing a failure. [ 1806.877832] name failslab, interval 1, probability 0, space 0, times 0 [ 1806.878936] CPU: 0 PID: 8710 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1806.879513] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1806.880226] Call Trace: [ 1806.880454] dump_stack+0x107/0x167 [ 1806.880761] should_fail.cold+0x5/0xa [ 1806.881088] ? io_timeout_prep+0x693/0x8b0 [ 1806.881445] should_failslab+0x5/0x20 [ 1806.881768] __kmalloc+0x72/0x390 [ 1806.882063] ? __hrtimer_init+0x12c/0x270 [ 1806.882416] io_timeout_prep+0x693/0x8b0 [ 1806.882778] io_submit_sqes+0x54d8/0x8610 [ 1806.883143] ? __do_sys_io_uring_enter+0x1db/0x18c0 [ 1806.883567] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.883999] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1806.884423] ? lock_downgrade+0x6d0/0x6d0 [ 1806.884770] ? find_held_lock+0x2c/0x110 [ 1806.885117] ? io_submit_sqes+0x8610/0x8610 [ 1806.885486] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1806.885894] ? wait_for_completion_io+0x270/0x270 [ 1806.886302] ? rcu_read_lock_any_held+0x75/0xa0 [ 1806.886691] ? vfs_write+0x354/0xb10 [ 1806.887006] ? fput_many+0x2f/0x1a0 [ 1806.887315] ? ksys_write+0x1a9/0x260 [ 1806.887636] ? __ia32_sys_read+0xb0/0xb0 [ 1806.887981] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1806.888434] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1806.888872] do_syscall_64+0x33/0x40 [ 1806.889187] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1806.889617] RIP: 0033:0x7f30a2e99b19 [ 1806.889932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1806.891456] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1806.892098] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1806.892697] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1806.893294] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1806.893890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1806.894485] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:52:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0) [ 1806.944204] FAULT_INJECTION: forcing a failure. [ 1806.944204] name failslab, interval 1, probability 0, space 0, times 0 [ 1806.945210] CPU: 0 PID: 8711 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1806.945780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1806.946476] Call Trace: [ 1806.946708] dump_stack+0x107/0x167 [ 1806.947021] should_fail.cold+0x5/0xa [ 1806.947349] ? create_object.isra.0+0x3a/0xa20 [ 1806.947738] should_failslab+0x5/0x20 [ 1806.948065] kmem_cache_alloc+0x5b/0x310 [ 1806.948427] create_object.isra.0+0x3a/0xa20 [ 1806.948807] kmemleak_alloc_percpu+0xa0/0x100 [ 1806.949194] pcpu_alloc+0x4e2/0x1240 [ 1806.949523] __percpu_counter_init+0x10d/0x2d0 [ 1806.949914] io_uring_alloc_task_context+0xcc/0x6a0 [ 1806.950337] ? io_import_iovec+0x1120/0x1120 [ 1806.950711] ? find_held_lock+0x2c/0x110 [ 1806.951064] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1806.951474] __io_uring_add_tctx_node+0x2c6/0x520 [ 1806.951881] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1806.952345] __do_sys_io_uring_enter+0x1489/0x18c0 [ 1806.952763] ? lock_downgrade+0x6d0/0x6d0 [ 1806.953113] ? find_held_lock+0x2c/0x110 [ 1806.953460] ? io_submit_sqes+0x8610/0x8610 [ 1806.953830] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1806.954246] ? wait_for_completion_io+0x270/0x270 [ 1806.954657] ? rcu_read_lock_any_held+0x75/0xa0 [ 1806.955049] ? vfs_write+0x354/0xb10 [ 1806.955366] ? fput_many+0x2f/0x1a0 [ 1806.955677] ? ksys_write+0x1a9/0x260 [ 1806.956001] ? __ia32_sys_read+0xb0/0xb0 [ 1806.956361] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1806.956803] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1806.957245] do_syscall_64+0x33/0x40 [ 1806.957561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1806.957992] RIP: 0033:0x7fdd7f524b19 [ 1806.958310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1806.959839] RSP: 002b:00007fdd7ca9a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1806.960495] RAX: ffffffffffffffda RBX: 00007fdd7f637f60 RCX: 00007fdd7f524b19 [ 1806.961090] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1806.961680] RBP: 00007fdd7ca9a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1806.962272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1806.962864] R13: 00007ffc3c31ba7f R14: 00007fdd7ca9a300 R15: 0000000000022000 05:52:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1807.143698] FAULT_INJECTION: forcing a failure. [ 1807.143698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1807.144785] CPU: 1 PID: 8731 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1807.145356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1807.146046] Call Trace: [ 1807.146279] dump_stack+0x107/0x167 [ 1807.146591] should_fail.cold+0x5/0xa [ 1807.146922] _copy_from_user+0x2e/0x1b0 [ 1807.147266] get_timespec64+0x75/0x190 [ 1807.147600] ? put_timespec64+0x130/0x130 [ 1807.147958] ? kasan_unpoison_shadow+0x33/0x50 [ 1807.148365] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1807.148815] io_timeout_prep+0x3c5/0x8b0 [ 1807.149168] io_submit_sqes+0x54d8/0x8610 [ 1807.149543] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1807.149968] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1807.150383] ? lock_downgrade+0x6d0/0x6d0 [ 1807.150736] ? find_held_lock+0x2c/0x110 [ 1807.151087] ? io_submit_sqes+0x8610/0x8610 [ 1807.151464] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1807.151879] ? wait_for_completion_io+0x270/0x270 [ 1807.152305] ? rcu_read_lock_any_held+0x75/0xa0 [ 1807.152700] ? vfs_write+0x354/0xb10 [ 1807.153018] ? fput_many+0x2f/0x1a0 [ 1807.153331] ? ksys_write+0x1a9/0x260 [ 1807.153658] ? __ia32_sys_read+0xb0/0xb0 [ 1807.154008] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1807.154452] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1807.154892] do_syscall_64+0x33/0x40 [ 1807.155212] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1807.155648] RIP: 0033:0x7f3842280b19 [ 1807.155966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1807.157522] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1807.158168] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1807.158768] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1807.159371] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1807.159974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1807.160586] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:52:35 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) 05:52:35 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55) 05:52:35 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:52:35 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:35 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000000, 0x0, 0x0, 0x0) 05:52:35 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) fchmodat(r3, &(0x7f0000000000)='./file0\x00', 0x132) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:35 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:52:35 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 4) [ 1821.474640] FAULT_INJECTION: forcing a failure. [ 1821.474640] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.475633] CPU: 0 PID: 8745 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1821.476201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.476894] Call Trace: [ 1821.477125] dump_stack+0x107/0x167 [ 1821.477435] should_fail.cold+0x5/0xa [ 1821.477761] ? create_object.isra.0+0x3a/0xa20 [ 1821.478148] should_failslab+0x5/0x20 [ 1821.478473] kmem_cache_alloc+0x5b/0x310 [ 1821.478821] create_object.isra.0+0x3a/0xa20 [ 1821.479193] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1821.479623] __kmalloc+0x16e/0x390 [ 1821.479932] io_timeout_prep+0x693/0x8b0 [ 1821.480291] io_submit_sqes+0x54d8/0x8610 [ 1821.480667] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.481089] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.481510] ? lock_downgrade+0x6d0/0x6d0 [ 1821.481870] ? find_held_lock+0x2c/0x110 [ 1821.482230] ? io_submit_sqes+0x8610/0x8610 [ 1821.482615] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1821.483038] ? wait_for_completion_io+0x270/0x270 [ 1821.483460] ? rcu_read_lock_any_held+0x75/0xa0 [ 1821.483861] ? vfs_write+0x354/0xb10 [ 1821.484178] ? fput_many+0x2f/0x1a0 [ 1821.484500] ? ksys_write+0x1a9/0x260 [ 1821.484825] ? __ia32_sys_read+0xb0/0xb0 [ 1821.485174] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.485618] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.486058] do_syscall_64+0x33/0x40 [ 1821.486376] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.486810] RIP: 0033:0x7f30a2e99b19 [ 1821.487129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.488686] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1821.489328] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1821.489927] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1821.490526] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.491122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.491721] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1821.494420] FAULT_INJECTION: forcing a failure. [ 1821.494420] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.495377] CPU: 0 PID: 8750 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1821.495947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.496654] Call Trace: [ 1821.496880] dump_stack+0x107/0x167 [ 1821.497191] should_fail.cold+0x5/0xa [ 1821.497516] ? io_timeout_prep+0x693/0x8b0 [ 1821.497878] should_failslab+0x5/0x20 [ 1821.498203] __kmalloc+0x72/0x390 [ 1821.498502] ? __hrtimer_init+0x12c/0x270 [ 1821.498859] io_timeout_prep+0x693/0x8b0 [ 1821.499211] io_submit_sqes+0x54d8/0x8610 [ 1821.499586] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.500010] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.500437] ? lock_downgrade+0x6d0/0x6d0 [ 1821.500789] ? find_held_lock+0x2c/0x110 [ 1821.501139] ? io_submit_sqes+0x8610/0x8610 [ 1821.501525] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1821.501951] ? wait_for_completion_io+0x270/0x270 [ 1821.502374] ? rcu_read_lock_any_held+0x75/0xa0 [ 1821.502776] ? vfs_write+0x354/0xb10 [ 1821.503103] ? fput_many+0x2f/0x1a0 [ 1821.503415] ? ksys_write+0x1a9/0x260 [ 1821.503741] ? __ia32_sys_read+0xb0/0xb0 [ 1821.504089] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.504548] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.504984] do_syscall_64+0x33/0x40 [ 1821.505308] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.505749] RIP: 0033:0x7f0159fffb19 [ 1821.506075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.507643] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1821.508308] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1821.508910] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1821.509510] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.510109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.510713] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1821.529682] FAULT_INJECTION: forcing a failure. [ 1821.529682] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.530732] CPU: 0 PID: 8751 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1821.531353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.532099] Call Trace: [ 1821.532367] dump_stack+0x107/0x167 [ 1821.532711] should_fail.cold+0x5/0xa [ 1821.533070] ? io_timeout_prep+0x693/0x8b0 [ 1821.533461] should_failslab+0x5/0x20 [ 1821.533811] __kmalloc+0x72/0x390 [ 1821.534145] ? __hrtimer_init+0x12c/0x270 [ 1821.534534] io_timeout_prep+0x693/0x8b0 [ 1821.534917] io_submit_sqes+0x54d8/0x8610 [ 1821.535338] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.535798] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.536264] ? lock_downgrade+0x6d0/0x6d0 [ 1821.536654] ? find_held_lock+0x2c/0x110 [ 1821.537039] ? io_submit_sqes+0x8610/0x8610 [ 1821.537455] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1821.537904] ? wait_for_completion_io+0x270/0x270 [ 1821.538357] ? rcu_read_lock_any_held+0x75/0xa0 [ 1821.538787] ? vfs_write+0x354/0xb10 [ 1821.539137] ? fput_many+0x2f/0x1a0 [ 1821.539494] ? ksys_write+0x1a9/0x260 [ 1821.539850] ? __ia32_sys_read+0xb0/0xb0 [ 1821.540239] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.540736] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.541217] do_syscall_64+0x33/0x40 [ 1821.541565] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.542039] RIP: 0033:0x7f285a8beb19 [ 1821.542388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.544054] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1821.544729] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1821.545321] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1821.545917] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.546508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.547101] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1821.553290] FAULT_INJECTION: forcing a failure. [ 1821.553290] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.554371] CPU: 1 PID: 8754 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1821.554987] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.555732] Call Trace: [ 1821.555980] dump_stack+0x107/0x167 [ 1821.556335] should_fail.cold+0x5/0xa [ 1821.556691] ? io_timeout_prep+0x693/0x8b0 [ 1821.557082] should_failslab+0x5/0x20 [ 1821.557436] __kmalloc+0x72/0x390 [ 1821.557761] ? __hrtimer_init+0x12c/0x270 [ 1821.558154] io_timeout_prep+0x693/0x8b0 [ 1821.558539] io_submit_sqes+0x54d8/0x8610 [ 1821.558955] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.559415] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.559866] ? lock_downgrade+0x6d0/0x6d0 [ 1821.560260] ? find_held_lock+0x2c/0x110 [ 1821.560651] ? io_submit_sqes+0x8610/0x8610 [ 1821.561060] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1821.561512] ? wait_for_completion_io+0x270/0x270 [ 1821.561960] ? rcu_read_lock_any_held+0x75/0xa0 [ 1821.562391] ? vfs_write+0x354/0xb10 [ 1821.562740] ? fput_many+0x2f/0x1a0 [ 1821.563083] ? ksys_write+0x1a9/0x260 [ 1821.563442] ? __ia32_sys_read+0xb0/0xb0 [ 1821.563823] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.564329] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.564814] do_syscall_64+0x33/0x40 [ 1821.565163] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.565634] RIP: 0033:0x7f3842280b19 [ 1821.565981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.567635] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1821.568342] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1821.568992] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1821.569642] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.570291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.570944] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1821.658338] FAULT_INJECTION: forcing a failure. [ 1821.658338] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.659536] CPU: 1 PID: 8752 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1821.660156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.660916] Call Trace: [ 1821.661173] dump_stack+0x107/0x167 [ 1821.661515] should_fail.cold+0x5/0xa [ 1821.661871] ? create_object.isra.0+0x3a/0xa20 [ 1821.662297] should_failslab+0x5/0x20 [ 1821.662651] kmem_cache_alloc+0x5b/0x310 [ 1821.663038] create_object.isra.0+0x3a/0xa20 [ 1821.663455] kmemleak_alloc_percpu+0xa0/0x100 [ 1821.663873] pcpu_alloc+0x4e2/0x1240 [ 1821.664244] __percpu_counter_init+0x10d/0x2d0 [ 1821.664681] io_uring_alloc_task_context+0xcc/0x6a0 [ 1821.665143] ? io_import_iovec+0x1120/0x1120 [ 1821.665554] ? find_held_lock+0x2c/0x110 [ 1821.665940] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1821.666391] __io_uring_add_tctx_node+0x2c6/0x520 [ 1821.666841] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1821.667338] __do_sys_io_uring_enter+0x1489/0x18c0 [ 1821.667797] ? lock_downgrade+0x6d0/0x6d0 [ 1821.668180] ? find_held_lock+0x2c/0x110 [ 1821.668585] ? io_submit_sqes+0x8610/0x8610 [ 1821.668995] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1821.669445] ? wait_for_completion_io+0x270/0x270 [ 1821.669895] ? rcu_read_lock_any_held+0x75/0xa0 [ 1821.670325] ? vfs_write+0x354/0xb10 [ 1821.670666] ? fput_many+0x2f/0x1a0 [ 1821.671002] ? ksys_write+0x1a9/0x260 [ 1821.671360] ? __ia32_sys_read+0xb0/0xb0 [ 1821.671747] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.672237] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.672723] do_syscall_64+0x33/0x40 [ 1821.673070] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.673542] RIP: 0033:0x7fdd7f524b19 [ 1821.673890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.675545] RSP: 002b:00007fdd7ca9a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1821.676250] RAX: ffffffffffffffda RBX: 00007fdd7f637f60 RCX: 00007fdd7f524b19 [ 1821.676907] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1821.677557] RBP: 00007fdd7ca9a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.678206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1821.678853] R13: 00007ffc3c31ba7f R14: 00007fdd7ca9a300 R15: 0000000000022000 05:52:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56) 05:52:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4, 0x0, 0x0, 0x0) [ 1821.914862] FAULT_INJECTION: forcing a failure. [ 1821.914862] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.915960] CPU: 0 PID: 8766 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1821.916580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1821.917323] Call Trace: [ 1821.917578] dump_stack+0x107/0x167 [ 1821.917914] should_fail.cold+0x5/0xa [ 1821.918265] ? create_object.isra.0+0x3a/0xa20 [ 1821.918687] should_failslab+0x5/0x20 [ 1821.919039] kmem_cache_alloc+0x5b/0x310 [ 1821.919422] create_object.isra.0+0x3a/0xa20 [ 1821.919833] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1821.920340] __kmalloc+0x16e/0x390 [ 1821.920685] io_timeout_prep+0x693/0x8b0 [ 1821.921079] io_submit_sqes+0x54d8/0x8610 [ 1821.921491] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.921947] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1821.922401] ? lock_downgrade+0x6d0/0x6d0 [ 1821.922784] ? find_held_lock+0x2c/0x110 [ 1821.923167] ? io_submit_sqes+0x8610/0x8610 [ 1821.923568] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1821.924016] ? wait_for_completion_io+0x270/0x270 [ 1821.924481] ? rcu_read_lock_any_held+0x75/0xa0 [ 1821.924911] ? vfs_write+0x354/0xb10 [ 1821.925261] ? fput_many+0x2f/0x1a0 [ 1821.925604] ? ksys_write+0x1a9/0x260 [ 1821.925962] ? __ia32_sys_read+0xb0/0xb0 [ 1821.926348] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1821.926831] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1821.927312] do_syscall_64+0x33/0x40 [ 1821.927660] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1821.928129] RIP: 0033:0x7f0159fffb19 [ 1821.928497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.930147] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1821.930843] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1821.931493] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1821.932140] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.932809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.933461] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:52:36 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x10, r3, 0x8000000) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r5 = fcntl$dupfd(r0, 0x0, r3) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000001, 0x11, r5, 0x0) 05:52:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) 05:52:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8000000, 0x0, 0x0, 0x0) [ 1822.078463] FAULT_INJECTION: forcing a failure. [ 1822.078463] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1822.079587] CPU: 0 PID: 8775 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1822.080200] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1822.080955] Call Trace: [ 1822.081218] dump_stack+0x107/0x167 [ 1822.081557] should_fail.cold+0x5/0xa [ 1822.081923] _copy_from_user+0x2e/0x1b0 [ 1822.082307] get_timespec64+0x75/0x190 [ 1822.082675] ? put_timespec64+0x130/0x130 [ 1822.083065] ? kasan_unpoison_shadow+0x33/0x50 [ 1822.083477] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1822.083944] io_timeout_prep+0x3c5/0x8b0 [ 1822.084328] io_submit_sqes+0x54d8/0x8610 [ 1822.084751] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.085213] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.085681] ? lock_downgrade+0x6d0/0x6d0 [ 1822.086067] ? find_held_lock+0x2c/0x110 [ 1822.086450] ? io_submit_sqes+0x8610/0x8610 [ 1822.086858] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1822.087304] ? wait_for_completion_io+0x270/0x270 [ 1822.087739] ? rcu_read_lock_any_held+0x75/0xa0 [ 1822.088174] ? vfs_write+0x354/0xb10 [ 1822.088541] ? fput_many+0x2f/0x1a0 [ 1822.088880] ? ksys_write+0x1a9/0x260 [ 1822.089239] ? __ia32_sys_read+0xb0/0xb0 [ 1822.089625] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1822.090109] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1822.090589] do_syscall_64+0x33/0x40 [ 1822.090938] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1822.091398] RIP: 0033:0x7f30a2e99b19 [ 1822.091743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1822.093410] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1822.094108] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1822.094755] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1822.095395] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1822.096055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1822.096718] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:52:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:52:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:52:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5) [ 1822.319973] FAULT_INJECTION: forcing a failure. [ 1822.319973] name failslab, interval 1, probability 0, space 0, times 0 [ 1822.321243] CPU: 1 PID: 8780 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1822.321856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1822.322589] Call Trace: [ 1822.322842] dump_stack+0x107/0x167 [ 1822.323181] should_fail.cold+0x5/0xa [ 1822.323532] ? create_object.isra.0+0x3a/0xa20 [ 1822.323954] should_failslab+0x5/0x20 [ 1822.324324] kmem_cache_alloc+0x5b/0x310 [ 1822.324709] create_object.isra.0+0x3a/0xa20 [ 1822.325106] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1822.325573] __kmalloc+0x16e/0x390 [ 1822.325914] io_timeout_prep+0x693/0x8b0 [ 1822.326301] io_submit_sqes+0x54d8/0x8610 [ 1822.326715] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.327181] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.327634] ? lock_downgrade+0x6d0/0x6d0 [ 1822.328013] ? find_held_lock+0x2c/0x110 [ 1822.328415] ? io_submit_sqes+0x8610/0x8610 [ 1822.328823] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1822.329274] ? wait_for_completion_io+0x270/0x270 [ 1822.329722] ? rcu_read_lock_any_held+0x75/0xa0 [ 1822.330152] ? vfs_write+0x354/0xb10 [ 1822.330502] ? fput_many+0x2f/0x1a0 [ 1822.330936] ? ksys_write+0x1a9/0x260 [ 1822.331290] ? __ia32_sys_read+0xb0/0xb0 [ 1822.331670] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1822.332150] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1822.332645] do_syscall_64+0x33/0x40 [ 1822.332996] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1822.333466] RIP: 0033:0x7f3842280b19 [ 1822.333811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1822.335448] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1822.336140] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1822.336802] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1822.337443] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1822.338092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1822.338734] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1822.358447] FAULT_INJECTION: forcing a failure. [ 1822.358447] name failslab, interval 1, probability 0, space 0, times 0 [ 1822.359672] CPU: 1 PID: 8781 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1822.360301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1822.361040] Call Trace: [ 1822.361291] dump_stack+0x107/0x167 [ 1822.361629] should_fail.cold+0x5/0xa [ 1822.361980] ? create_object.isra.0+0x3a/0xa20 [ 1822.362402] should_failslab+0x5/0x20 [ 1822.362754] kmem_cache_alloc+0x5b/0x310 [ 1822.363143] create_object.isra.0+0x3a/0xa20 [ 1822.363546] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1822.364013] __kmalloc+0x16e/0x390 [ 1822.364369] io_timeout_prep+0x693/0x8b0 [ 1822.364752] io_submit_sqes+0x54d8/0x8610 [ 1822.365166] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.365624] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.366071] ? lock_downgrade+0x6d0/0x6d0 [ 1822.366452] ? find_held_lock+0x2c/0x110 [ 1822.366831] ? io_submit_sqes+0x8610/0x8610 [ 1822.367239] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1822.367690] ? wait_for_completion_io+0x270/0x270 [ 1822.368141] ? rcu_read_lock_any_held+0x75/0xa0 [ 1822.368590] ? vfs_write+0x354/0xb10 [ 1822.368943] ? fput_many+0x2f/0x1a0 [ 1822.369286] ? ksys_write+0x1a9/0x260 [ 1822.369643] ? __ia32_sys_read+0xb0/0xb0 [ 1822.370031] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1822.370514] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1822.370987] do_syscall_64+0x33/0x40 [ 1822.371336] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1822.371803] RIP: 0033:0x7f285a8beb19 [ 1822.372151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1822.373809] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1822.374511] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1822.375165] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1822.375812] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1822.376478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1822.377132] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1822.411305] FAULT_INJECTION: forcing a failure. [ 1822.411305] name failslab, interval 1, probability 0, space 0, times 0 [ 1822.412412] CPU: 0 PID: 8783 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1822.413032] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1822.413775] Call Trace: [ 1822.414030] dump_stack+0x107/0x167 [ 1822.414376] should_fail.cold+0x5/0xa [ 1822.414732] ? create_object.isra.0+0x3a/0xa20 [ 1822.415157] should_failslab+0x5/0x20 [ 1822.415514] kmem_cache_alloc+0x5b/0x310 [ 1822.415894] ? mark_held_locks+0x9e/0xe0 [ 1822.416287] create_object.isra.0+0x3a/0xa20 [ 1822.416671] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1822.417107] kmem_cache_alloc_bulk+0x168/0x320 [ 1822.417507] io_submit_sqes+0x6fe6/0x8610 [ 1822.417863] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1822.418294] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.418717] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1822.419134] ? lock_downgrade+0x6d0/0x6d0 [ 1822.419485] ? find_held_lock+0x2c/0x110 [ 1822.419837] ? io_submit_sqes+0x8610/0x8610 [ 1822.420216] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1822.420644] ? wait_for_completion_io+0x270/0x270 [ 1822.421059] ? rcu_read_lock_any_held+0x75/0xa0 [ 1822.421465] ? vfs_write+0x354/0xb10 [ 1822.421784] ? fput_many+0x2f/0x1a0 [ 1822.422096] ? ksys_write+0x1a9/0x260 [ 1822.422425] ? __ia32_sys_read+0xb0/0xb0 [ 1822.422775] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1822.423221] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1822.423663] do_syscall_64+0x33/0x40 [ 1822.423980] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1822.424434] RIP: 0033:0x7fdd7f524b19 [ 1822.424753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1822.426341] RSP: 002b:00007fdd7ca9a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1822.427029] RAX: ffffffffffffffda RBX: 00007fdd7f637f60 RCX: 00007fdd7f524b19 [ 1822.427677] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1822.428348] RBP: 00007fdd7ca9a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1822.429002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1822.429654] R13: 00007ffc3c31ba7f R14: 00007fdd7ca9a300 R15: 0000000000022000 05:52:51 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57) 05:52:51 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 6) 05:52:51 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1837.463062] FAULT_INJECTION: forcing a failure. [ 1837.463062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1837.464117] CPU: 1 PID: 8799 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1837.464768] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1837.465651] Call Trace: [ 1837.465911] dump_stack+0x107/0x167 [ 1837.466254] should_fail.cold+0x5/0xa [ 1837.466616] _copy_from_user+0x2e/0x1b0 [ 1837.467049] get_timespec64+0x75/0x190 [ 1837.467415] ? put_timespec64+0x130/0x130 [ 1837.467831] ? kasan_unpoison_shadow+0x33/0x50 [ 1837.468261] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1837.468758] io_timeout_prep+0x3c5/0x8b0 [ 1837.469181] io_submit_sqes+0x54d8/0x8610 [ 1837.469593] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.470122] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.470577] ? lock_downgrade+0x6d0/0x6d0 [ 1837.471528] ? find_held_lock+0x2c/0x110 [ 1837.472526] ? io_submit_sqes+0x8610/0x8610 [ 1837.473380] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1837.474325] ? wait_for_completion_io+0x270/0x270 [ 1837.475251] ? rcu_read_lock_any_held+0x75/0xa0 [ 1837.476146] ? vfs_write+0x354/0xb10 [ 1837.476637] ? fput_many+0x2f/0x1a0 [ 1837.476950] ? ksys_write+0x1a9/0x260 [ 1837.477272] ? __ia32_sys_read+0xb0/0xb0 [ 1837.477620] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1837.478061] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1837.478495] do_syscall_64+0x33/0x40 [ 1837.478811] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1837.479240] RIP: 0033:0x7f285a8beb19 [ 1837.479556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1837.481134] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1837.481775] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1837.482370] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1837.482965] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1837.483559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 05:52:51 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8, 0x0, 0x0, 0x0) 05:52:51 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xd, 0x10, r3, 0x10000000) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) getsockopt$IP_SET_OP_GET_BYINDEX(r3, 0x1, 0x53, &(0x7f0000000000)={0x7, 0x7, 0x3}, &(0x7f0000000180)=0x28) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:51 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 05:52:51 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) 05:52:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1837.484153] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1837.492853] FAULT_INJECTION: forcing a failure. [ 1837.492853] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1837.493936] CPU: 0 PID: 8804 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1837.494512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1837.495194] Call Trace: [ 1837.495419] dump_stack+0x107/0x167 [ 1837.495727] should_fail.cold+0x5/0xa [ 1837.496051] _copy_from_user+0x2e/0x1b0 [ 1837.496398] get_timespec64+0x75/0x190 [ 1837.496735] ? put_timespec64+0x130/0x130 [ 1837.497087] ? kasan_unpoison_shadow+0x33/0x50 [ 1837.497473] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1837.497902] io_timeout_prep+0x3c5/0x8b0 [ 1837.498250] io_submit_sqes+0x54d8/0x8610 [ 1837.498620] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.499040] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.499448] ? lock_downgrade+0x6d0/0x6d0 [ 1837.499795] ? find_held_lock+0x2c/0x110 [ 1837.500141] ? io_submit_sqes+0x8610/0x8610 [ 1837.500528] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1837.500940] ? wait_for_completion_io+0x270/0x270 [ 1837.501347] ? rcu_read_lock_any_held+0x75/0xa0 [ 1837.501737] ? vfs_write+0x354/0xb10 [ 1837.502053] ? fput_many+0x2f/0x1a0 [ 1837.502362] ? ksys_write+0x1a9/0x260 [ 1837.502686] ? __ia32_sys_read+0xb0/0xb0 [ 1837.503034] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1837.503474] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1837.503908] do_syscall_64+0x33/0x40 [ 1837.504223] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1837.504672] RIP: 0033:0x7f3842280b19 [ 1837.504989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1837.506522] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1837.507162] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1837.507759] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1837.508356] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1837.508975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1837.509573] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1837.520073] FAULT_INJECTION: forcing a failure. [ 1837.520073] name failslab, interval 1, probability 0, space 0, times 0 [ 1837.521071] CPU: 0 PID: 8806 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1837.521641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1837.522333] Call Trace: [ 1837.522560] dump_stack+0x107/0x167 [ 1837.522871] should_fail.cold+0x5/0xa [ 1837.523196] ? io_timeout_prep+0x693/0x8b0 [ 1837.523558] should_failslab+0x5/0x20 [ 1837.523882] __kmalloc+0x72/0x390 [ 1837.524178] ? __hrtimer_init+0x12c/0x270 [ 1837.524549] io_timeout_prep+0x693/0x8b0 [ 1837.524900] io_submit_sqes+0x54d8/0x8610 [ 1837.525271] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.525693] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.526105] ? lock_downgrade+0x6d0/0x6d0 [ 1837.526457] ? find_held_lock+0x2c/0x110 [ 1837.526807] ? io_submit_sqes+0x8610/0x8610 [ 1837.527181] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1837.527594] ? wait_for_completion_io+0x270/0x270 [ 1837.528006] ? rcu_read_lock_any_held+0x75/0xa0 [ 1837.528410] ? vfs_write+0x354/0xb10 [ 1837.528768] ? fput_many+0x2f/0x1a0 [ 1837.529084] ? ksys_write+0x1a9/0x260 [ 1837.529411] ? __ia32_sys_read+0xb0/0xb0 [ 1837.529762] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1837.530209] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1837.530649] do_syscall_64+0x33/0x40 [ 1837.530967] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1837.531400] RIP: 0033:0x7f30a2e99b19 [ 1837.531718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1837.533271] RSP: 002b:00007f30a03ee188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1837.533916] RAX: ffffffffffffffda RBX: 00007f30a2fad020 RCX: 00007f30a2e99b19 [ 1837.534517] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1837.535118] RBP: 00007f30a03ee1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1837.535719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1837.536319] R13: 00007ffcb9e7c18f R14: 00007f30a03ee300 R15: 0000000000022000 [ 1837.547552] FAULT_INJECTION: forcing a failure. [ 1837.547552] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1837.548683] CPU: 0 PID: 8797 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1837.549302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1837.550047] Call Trace: [ 1837.550297] dump_stack+0x107/0x167 [ 1837.550638] should_fail.cold+0x5/0xa [ 1837.551001] _copy_from_user+0x2e/0x1b0 [ 1837.551382] get_timespec64+0x75/0x190 [ 1837.551751] ? put_timespec64+0x130/0x130 [ 1837.552145] ? kasan_unpoison_shadow+0x33/0x50 [ 1837.552594] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1837.553071] io_timeout_prep+0x3c5/0x8b0 [ 1837.553450] io_submit_sqes+0x54d8/0x8610 [ 1837.553865] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.554329] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1837.554784] ? lock_downgrade+0x6d0/0x6d0 [ 1837.555171] ? find_held_lock+0x2c/0x110 [ 1837.555561] ? io_submit_sqes+0x8610/0x8610 [ 1837.555961] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1837.556418] ? wait_for_completion_io+0x270/0x270 [ 1837.556868] ? rcu_read_lock_any_held+0x75/0xa0 [ 1837.557295] ? vfs_write+0x354/0xb10 [ 1837.557643] ? fput_many+0x2f/0x1a0 [ 1837.557983] ? ksys_write+0x1a9/0x260 [ 1837.558340] ? __ia32_sys_read+0xb0/0xb0 [ 1837.558722] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1837.559203] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1837.559682] do_syscall_64+0x33/0x40 [ 1837.560027] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1837.560519] RIP: 0033:0x7f0159fffb19 [ 1837.560870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1837.562515] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1837.563198] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1837.563839] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1837.564512] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1837.565159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1837.565805] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:52:51 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r3, 0x0, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r3, &(0x7f0000000000)={0x430100, 0x0, 0x1}, &(0x7f0000000180)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r4}}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:52 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:52:52 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 05:52:52 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:52:52 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) 05:52:52 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0) [ 1838.047227] FAULT_INJECTION: forcing a failure. [ 1838.047227] name failslab, interval 1, probability 0, space 0, times 0 [ 1838.048337] CPU: 1 PID: 8831 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1838.048968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1838.049703] Call Trace: [ 1838.049953] dump_stack+0x107/0x167 [ 1838.050290] should_fail.cold+0x5/0xa [ 1838.050643] ? io_timeout_prep+0x693/0x8b0 [ 1838.051032] should_failslab+0x5/0x20 [ 1838.051384] __kmalloc+0x72/0x390 [ 1838.051719] ? __hrtimer_init+0x12c/0x270 [ 1838.052091] io_timeout_prep+0x693/0x8b0 [ 1838.052467] io_submit_sqes+0x54d8/0x8610 [ 1838.052884] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1838.053347] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1838.053787] ? lock_downgrade+0x6d0/0x6d0 [ 1838.054161] ? find_held_lock+0x2c/0x110 [ 1838.054537] ? io_submit_sqes+0x8610/0x8610 [ 1838.054947] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1838.055398] ? wait_for_completion_io+0x270/0x270 [ 1838.055850] ? rcu_read_lock_any_held+0x75/0xa0 [ 1838.056283] ? vfs_write+0x354/0xb10 [ 1838.056649] ? fput_many+0x2f/0x1a0 [ 1838.056990] ? ksys_write+0x1a9/0x260 [ 1838.057349] ? __ia32_sys_read+0xb0/0xb0 [ 1838.057732] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1838.058214] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1838.058693] do_syscall_64+0x33/0x40 [ 1838.059041] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1838.059513] RIP: 0033:0x7f285a8beb19 [ 1838.059857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.061516] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1838.062209] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1838.062856] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1838.063509] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.064154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.064817] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1838.086809] FAULT_INJECTION: forcing a failure. [ 1838.086809] name failslab, interval 1, probability 0, space 0, times 0 [ 1838.087949] CPU: 1 PID: 8832 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1838.088670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1838.089410] Call Trace: [ 1838.089663] dump_stack+0x107/0x167 [ 1838.090001] should_fail.cold+0x5/0xa [ 1838.090357] ? create_object.isra.0+0x3a/0xa20 [ 1838.090781] should_failslab+0x5/0x20 [ 1838.091134] kmem_cache_alloc+0x5b/0x310 [ 1838.091518] create_object.isra.0+0x3a/0xa20 [ 1838.091921] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1838.092395] __kmalloc+0x16e/0x390 [ 1838.092777] io_timeout_prep+0x693/0x8b0 [ 1838.093156] io_submit_sqes+0x54d8/0x8610 [ 1838.093565] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1838.094021] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1838.094471] ? lock_downgrade+0x6d0/0x6d0 [ 1838.094851] ? find_held_lock+0x2c/0x110 [ 1838.095233] ? io_submit_sqes+0x8610/0x8610 [ 1838.095640] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1838.096097] ? wait_for_completion_io+0x270/0x270 [ 1838.096583] ? rcu_read_lock_any_held+0x75/0xa0 [ 1838.097008] ? vfs_write+0x354/0xb10 [ 1838.097355] ? fput_many+0x2f/0x1a0 [ 1838.097693] ? ksys_write+0x1a9/0x260 [ 1838.098054] ? __ia32_sys_read+0xb0/0xb0 [ 1838.098435] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1838.098916] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1838.099392] do_syscall_64+0x33/0x40 [ 1838.099739] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1838.100209] RIP: 0033:0x7f30a2e99b19 [ 1838.100622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.102263] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1838.102961] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1838.103605] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1838.104263] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.105002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.105649] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1852.150223] FAULT_INJECTION: forcing a failure. [ 1852.150223] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.151205] CPU: 0 PID: 8850 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1852.151776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.152468] Call Trace: [ 1852.152755] dump_stack+0x107/0x167 [ 1852.153069] should_fail.cold+0x5/0xa [ 1852.153397] ? io_timeout_prep+0x693/0x8b0 [ 1852.153759] should_failslab+0x5/0x20 [ 1852.154086] __kmalloc+0x72/0x390 [ 1852.154391] ? __hrtimer_init+0x12c/0x270 [ 1852.154749] io_timeout_prep+0x693/0x8b0 [ 1852.155101] io_submit_sqes+0x54d8/0x8610 [ 1852.155474] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.155899] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.156313] ? lock_downgrade+0x6d0/0x6d0 [ 1852.156838] ? find_held_lock+0x2c/0x110 [ 1852.157760] ? io_submit_sqes+0x8610/0x8610 [ 1852.158701] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1852.159743] ? wait_for_completion_io+0x270/0x270 [ 1852.160661] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.161058] ? vfs_write+0x354/0xb10 [ 1852.161383] ? fput_many+0x2f/0x1a0 [ 1852.161698] ? ksys_write+0x1a9/0x260 [ 1852.162025] ? __ia32_sys_read+0xb0/0xb0 [ 1852.162374] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1852.162818] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1852.163264] do_syscall_64+0x33/0x40 [ 1852.163582] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.164016] RIP: 0033:0x7f3842280b19 [ 1852.164336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.165897] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1852.166541] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1852.167143] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1852.167748] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 05:53:06 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = syz_open_dev$hiddev(&(0x7f0000000000), 0x7, 0x4001) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0x70, 0x0, &(0x7f0000000300)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/4096, 0x1000, 0x2, 0x4}, @flat=@weak_binder={0x77622a85, 0x2355d18b41ed3390, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}}, @acquire={0x40046305, 0x2}, @exit_looper, @register_looper, @enter_looper, @enter_looper, @increfs_done], 0xe9, 0x0, &(0x7f0000000380)="0accbc1a29a1194a33edbae45c6ff3b88c210f2e6f639ffad2c207675aa4988db35ce46a23136183494824bcfe708065972af7876233f8b84e0c6d90e59f0be94235181938f551e80967df07cdc069c7a93a668feb85ba495fbd26d4e3172c2ddf8aa1ff65c81b257661af30418622b446fada9fc0fbb7a0d7618a9b82838d714430475bab786b59a184c2d9e192a55d03f1e744d0defdb6e0efb7168dd8bf1628ab21c91307d5947524f82e4393dbdd55c56383a7363adb6cc9d0d623200644671c5a773cbec09164215a2fb05660f0ef37da5938f3713c04d4b0d775fd949e006b9fbbf48f9a6fb6"}) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:53:06 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:53:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 1852.168349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.168994] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:53:06 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8, 0x0, 0x0) 05:53:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:53:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0) 05:53:06 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) 05:53:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58) [ 1852.179520] FAULT_INJECTION: forcing a failure. [ 1852.179520] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.181751] CPU: 0 PID: 8853 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1852.183134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.184822] Call Trace: [ 1852.185359] dump_stack+0x107/0x167 [ 1852.186113] should_fail.cold+0x5/0xa [ 1852.186877] ? create_object.isra.0+0x3a/0xa20 [ 1852.187813] should_failslab+0x5/0x20 [ 1852.188623] kmem_cache_alloc+0x5b/0x310 [ 1852.189478] create_object.isra.0+0x3a/0xa20 [ 1852.189844] FAULT_INJECTION: forcing a failure. [ 1852.189844] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1852.190308] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1852.190329] __kmalloc+0x16e/0x390 [ 1852.190351] io_timeout_prep+0x693/0x8b0 [ 1852.190378] io_submit_sqes+0x54d8/0x8610 [ 1852.194647] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.195562] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.196431] ? lock_downgrade+0x6d0/0x6d0 [ 1852.197231] ? find_held_lock+0x2c/0x110 [ 1852.197963] ? io_submit_sqes+0x8610/0x8610 [ 1852.198766] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1852.199648] ? wait_for_completion_io+0x270/0x270 [ 1852.200514] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.201406] ? vfs_write+0x354/0xb10 [ 1852.202086] ? fput_many+0x2f/0x1a0 [ 1852.202750] ? ksys_write+0x1a9/0x260 [ 1852.203443] ? __ia32_sys_read+0xb0/0xb0 [ 1852.204159] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1852.205186] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1852.206118] do_syscall_64+0x33/0x40 [ 1852.206785] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.207719] RIP: 0033:0x7f285a8beb19 [ 1852.208392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.211754] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1852.213165] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1852.214458] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1852.215745] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.217152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.218367] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1852.219598] CPU: 1 PID: 8860 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1852.220353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.221247] Call Trace: [ 1852.221543] dump_stack+0x107/0x167 [ 1852.221948] should_fail.cold+0x5/0xa [ 1852.222375] _copy_from_user+0x2e/0x1b0 [ 1852.222812] get_timespec64+0x75/0x190 [ 1852.223235] ? put_timespec64+0x130/0x130 [ 1852.223690] ? kasan_unpoison_shadow+0x33/0x50 [ 1852.224195] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1852.228757] io_timeout_prep+0x3c5/0x8b0 [ 1852.229180] io_submit_sqes+0x54d8/0x8610 [ 1852.229644] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.230145] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.230640] ? lock_downgrade+0x6d0/0x6d0 [ 1852.231055] ? find_held_lock+0x2c/0x110 [ 1852.231467] ? io_submit_sqes+0x8610/0x8610 [ 1852.231928] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1852.232432] ? wait_for_completion_io+0x270/0x270 [ 1852.232898] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.233327] ? vfs_write+0x354/0xb10 [ 1852.233673] ? fput_many+0x2f/0x1a0 [ 1852.234013] ? ksys_write+0x1a9/0x260 [ 1852.234358] ? __ia32_sys_read+0xb0/0xb0 [ 1852.234738] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1852.235216] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1852.235689] do_syscall_64+0x33/0x40 [ 1852.236032] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.236503] RIP: 0033:0x7f30a2e99b19 [ 1852.236857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.238483] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1852.239171] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1852.239810] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1852.240452] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.241103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.241744] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1852.251924] FAULT_INJECTION: forcing a failure. [ 1852.251924] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.253761] CPU: 0 PID: 8855 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1852.255495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.257559] Call Trace: [ 1852.258084] dump_stack+0x107/0x167 [ 1852.258845] should_fail.cold+0x5/0xa [ 1852.259607] ? io_timeout_prep+0x693/0x8b0 [ 1852.260467] should_failslab+0x5/0x20 [ 1852.261470] __kmalloc+0x72/0x390 [ 1852.262364] ? __hrtimer_init+0x12c/0x270 [ 1852.263438] io_timeout_prep+0x693/0x8b0 [ 1852.264455] io_submit_sqes+0x54d8/0x8610 [ 1852.264934] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.265473] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.265947] ? lock_downgrade+0x6d0/0x6d0 [ 1852.266371] ? find_held_lock+0x2c/0x110 [ 1852.266781] ? io_submit_sqes+0x8610/0x8610 [ 1852.267215] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1852.267708] ? wait_for_completion_io+0x270/0x270 [ 1852.268182] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.268669] ? vfs_write+0x354/0xb10 [ 1852.269048] ? fput_many+0x2f/0x1a0 [ 1852.269389] ? ksys_write+0x1a9/0x260 [ 1852.269786] ? __ia32_sys_read+0xb0/0xb0 [ 1852.270170] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1852.270685] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1852.271153] do_syscall_64+0x33/0x40 [ 1852.271500] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.271993] RIP: 0033:0x7f0159fffb19 [ 1852.272339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.274035] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1852.274783] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1852.275483] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1852.276173] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.276861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.277572] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:53:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0) 05:53:06 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r4 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_ASYNC_CANCEL={0xe, 0x5, 0x0, 0x0, 0x0, 0x12345}, 0xd3) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) io_uring_enter(r6, 0x5b09, 0xe35f, 0x3, &(0x7f0000000180)={[0x80000000]}, 0x8) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x10a) 05:53:07 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 05:53:07 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:53:07 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4, 0x0, 0x0, 0x0) 05:53:07 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) 05:53:07 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1852.848319] FAULT_INJECTION: forcing a failure. [ 1852.848319] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.849555] CPU: 1 PID: 8883 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1852.850160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.850915] Call Trace: [ 1852.851169] dump_stack+0x107/0x167 [ 1852.851510] should_fail.cold+0x5/0xa [ 1852.851871] should_failslab+0x5/0x20 [ 1852.852234] kmem_cache_alloc_bulk+0x4b/0x320 [ 1852.852673] io_submit_sqes+0x6fe6/0x8610 [ 1852.853084] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.853551] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.854006] ? lock_downgrade+0x6d0/0x6d0 [ 1852.854391] ? find_held_lock+0x2c/0x110 [ 1852.854775] ? io_submit_sqes+0x8610/0x8610 [ 1852.855177] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1852.855635] ? wait_for_completion_io+0x270/0x270 [ 1852.856085] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.856532] ? vfs_write+0x354/0xb10 [ 1852.856890] ? fput_many+0x2f/0x1a0 [ 1852.857233] ? ksys_write+0x1a9/0x260 [ 1852.857592] ? __ia32_sys_read+0xb0/0xb0 [ 1852.857971] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1852.858450] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1852.858928] do_syscall_64+0x33/0x40 [ 1852.859274] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.859743] RIP: 0033:0x7f30a2e99b19 [ 1852.860092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.861756] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1852.862456] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1852.863111] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1852.863752] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.864400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.865061] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1852.873915] FAULT_INJECTION: forcing a failure. [ 1852.873915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1852.875157] CPU: 1 PID: 8884 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1852.875774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.876532] Call Trace: [ 1852.876784] dump_stack+0x107/0x167 [ 1852.877127] should_fail.cold+0x5/0xa [ 1852.877482] _copy_from_user+0x2e/0x1b0 [ 1852.877857] get_timespec64+0x75/0x190 [ 1852.878221] ? put_timespec64+0x130/0x130 [ 1852.878603] ? kasan_unpoison_shadow+0x33/0x50 [ 1852.879038] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1852.879513] io_timeout_prep+0x3c5/0x8b0 [ 1852.879907] io_submit_sqes+0x54d8/0x8610 [ 1852.880323] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.880797] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.881243] ? lock_downgrade+0x6d0/0x6d0 [ 1852.881620] ? find_held_lock+0x2c/0x110 [ 1852.881999] ? io_submit_sqes+0x8610/0x8610 [ 1852.882399] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1852.882841] ? wait_for_completion_io+0x270/0x270 [ 1852.883286] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.883715] ? vfs_write+0x354/0xb10 [ 1852.884064] ? fput_many+0x2f/0x1a0 [ 1852.884408] ? ksys_write+0x1a9/0x260 [ 1852.884776] ? __ia32_sys_read+0xb0/0xb0 [ 1852.885158] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1852.885631] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1852.886097] do_syscall_64+0x33/0x40 [ 1852.886436] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.886901] RIP: 0033:0x7f285a8beb19 [ 1852.887249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.888920] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1852.889618] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1852.890257] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1852.890906] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.891543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.892199] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1852.922961] FAULT_INJECTION: forcing a failure. [ 1852.922961] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.924178] CPU: 1 PID: 8886 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1852.924886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.925683] Call Trace: [ 1852.925934] dump_stack+0x107/0x167 [ 1852.926272] should_fail.cold+0x5/0xa [ 1852.926617] ? create_object.isra.0+0x3a/0xa20 [ 1852.927036] should_failslab+0x5/0x20 [ 1852.927394] kmem_cache_alloc+0x5b/0x310 [ 1852.927775] create_object.isra.0+0x3a/0xa20 [ 1852.928175] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1852.928666] __kmalloc+0x16e/0x390 [ 1852.929006] io_timeout_prep+0x693/0x8b0 [ 1852.929426] io_submit_sqes+0x54d8/0x8610 [ 1852.929890] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.930361] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1852.930809] ? lock_downgrade+0x6d0/0x6d0 [ 1852.931187] ? find_held_lock+0x2c/0x110 [ 1852.931598] ? io_submit_sqes+0x8610/0x8610 [ 1852.932056] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1852.932570] ? wait_for_completion_io+0x270/0x270 [ 1852.933075] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.933535] ? vfs_write+0x354/0xb10 [ 1852.933886] ? fput_many+0x2f/0x1a0 [ 1852.934228] ? ksys_write+0x1a9/0x260 [ 1852.934583] ? __ia32_sys_read+0xb0/0xb0 [ 1852.934968] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1852.935442] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1852.935926] do_syscall_64+0x33/0x40 [ 1852.936274] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.936760] RIP: 0033:0x7f3842280b19 [ 1852.937100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.938757] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1852.939444] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1852.940128] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1852.940781] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.941429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.942099] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1867.033211] FAULT_INJECTION: forcing a failure. [ 1867.033211] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.034236] CPU: 1 PID: 8898 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1867.034807] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.035496] Call Trace: [ 1867.035730] dump_stack+0x107/0x167 [ 1867.036043] should_fail.cold+0x5/0xa [ 1867.036371] ? io_timeout_prep+0x693/0x8b0 [ 1867.036748] should_failslab+0x5/0x20 [ 1867.037076] __kmalloc+0x72/0x390 [ 1867.037378] ? __hrtimer_init+0x12c/0x270 [ 1867.037747] io_timeout_prep+0x693/0x8b0 [ 1867.038112] io_submit_sqes+0x54d8/0x8610 [ 1867.038502] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.038936] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.039354] ? lock_downgrade+0x6d0/0x6d0 [ 1867.039707] ? find_held_lock+0x2c/0x110 [ 1867.040058] ? io_submit_sqes+0x8610/0x8610 [ 1867.040434] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.040874] ? wait_for_completion_io+0x270/0x270 [ 1867.041292] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.041686] ? vfs_write+0x354/0xb10 [ 1867.042003] ? fput_many+0x2f/0x1a0 [ 1867.042312] ? ksys_write+0x1a9/0x260 [ 1867.042635] ? __ia32_sys_read+0xb0/0xb0 [ 1867.042981] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.043422] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.043858] do_syscall_64+0x33/0x40 [ 1867.044173] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.044604] RIP: 0033:0x7f285a8beb19 [ 1867.044943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.046474] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.047113] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1867.047715] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1867.048310] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.048923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.049520] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1867.053849] FAULT_INJECTION: forcing a failure. [ 1867.053849] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.054846] CPU: 1 PID: 8913 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1867.055421] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.056110] Call Trace: [ 1867.056335] dump_stack+0x107/0x167 [ 1867.056646] should_fail.cold+0x5/0xa [ 1867.056993] ? create_object.isra.0+0x3a/0xa20 [ 1867.057383] should_failslab+0x5/0x20 [ 1867.057703] kmem_cache_alloc+0x5b/0x310 [ 1867.058052] create_object.isra.0+0x3a/0xa20 [ 1867.058422] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.058853] kmem_cache_alloc_bulk+0x168/0x320 [ 1867.059241] io_submit_sqes+0x6fe6/0x8610 [ 1867.059617] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.060035] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.060449] ? lock_downgrade+0x6d0/0x6d0 [ 1867.060824] ? find_held_lock+0x2c/0x110 [ 1867.061172] ? io_submit_sqes+0x8610/0x8610 [ 1867.061549] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.061960] ? wait_for_completion_io+0x270/0x270 [ 1867.062368] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.062758] ? vfs_write+0x354/0xb10 [ 1867.063072] ? fput_many+0x2f/0x1a0 [ 1867.063387] ? ksys_write+0x1a9/0x260 [ 1867.063709] ? __ia32_sys_read+0xb0/0xb0 [ 1867.064056] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.064503] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.064956] do_syscall_64+0x33/0x40 [ 1867.065271] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.065703] RIP: 0033:0x7f30a2e99b19 [ 1867.065909] FAULT_INJECTION: forcing a failure. [ 1867.065909] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1867.066016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.066023] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.069175] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1867.069774] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1867.070375] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.070973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.071574] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1867.072816] CPU: 0 PID: 8904 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1867.073409] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.074107] Call Trace: [ 1867.074346] dump_stack+0x107/0x167 [ 1867.074661] should_fail.cold+0x5/0xa [ 1867.074992] _copy_from_user+0x2e/0x1b0 [ 1867.075338] get_timespec64+0x75/0x190 [ 1867.075673] ? put_timespec64+0x130/0x130 [ 1867.076029] ? kasan_unpoison_shadow+0x33/0x50 [ 1867.076422] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.076874] io_timeout_prep+0x3c5/0x8b0 [ 1867.077228] io_submit_sqes+0x54d8/0x8610 [ 1867.077604] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.078030] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.078446] ? lock_downgrade+0x6d0/0x6d0 [ 1867.078806] ? find_held_lock+0x2c/0x110 [ 1867.079160] ? io_submit_sqes+0x8610/0x8610 [ 1867.079535] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.079950] ? wait_for_completion_io+0x270/0x270 [ 1867.080364] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.080782] ? vfs_write+0x354/0xb10 [ 1867.081101] ? fput_many+0x2f/0x1a0 [ 1867.081414] ? ksys_write+0x1a9/0x260 [ 1867.081741] ? __ia32_sys_read+0xb0/0xb0 [ 1867.082091] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.082537] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.082975] do_syscall_64+0x33/0x40 [ 1867.083294] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.083726] RIP: 0033:0x7f3842280b19 [ 1867.084043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.085614] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.086256] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1867.086851] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1867.087449] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.088045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.088643] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1867.091536] FAULT_INJECTION: forcing a failure. [ 1867.091536] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.093239] CPU: 0 PID: 8900 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1867.093813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.094507] Call Trace: [ 1867.094740] dump_stack+0x107/0x167 [ 1867.095060] should_fail.cold+0x5/0xa [ 1867.095393] ? create_object.isra.0+0x3a/0xa20 [ 1867.095791] should_failslab+0x5/0x20 [ 1867.096121] kmem_cache_alloc+0x5b/0x310 [ 1867.096471] create_object.isra.0+0x3a/0xa20 [ 1867.097074] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.097965] __kmalloc+0x16e/0x390 [ 1867.098575] io_timeout_prep+0x693/0x8b0 [ 1867.099270] io_submit_sqes+0x54d8/0x8610 [ 1867.099998] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.100947] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.102031] ? lock_downgrade+0x6d0/0x6d0 [ 1867.102959] ? find_held_lock+0x2c/0x110 [ 1867.103862] ? io_submit_sqes+0x8610/0x8610 [ 1867.104751] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.105166] ? wait_for_completion_io+0x270/0x270 [ 1867.105583] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.105977] ? vfs_write+0x354/0xb10 [ 1867.106294] ? fput_many+0x2f/0x1a0 [ 1867.106606] ? ksys_write+0x1a9/0x260 [ 1867.106932] ? __ia32_sys_read+0xb0/0xb0 [ 1867.107283] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.107733] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.108171] do_syscall_64+0x33/0x40 [ 1867.108488] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.108974] RIP: 0033:0x7f0159fffb19 [ 1867.109292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.110833] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.111475] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1867.112074] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1867.112705] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.114026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.115316] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:53:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0) 05:53:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:53:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:53:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0) 05:53:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59) 05:53:21 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x9, 0xf6, 0xff, 0x8, 0x0, 0x3, 0x82040, 0x5, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x4, @perf_bp={&(0x7f0000000180), 0x5}, 0x0, 0x3f, 0x3, 0x5, 0x4, 0x7, 0xf42, 0x0, 0xfffffffe, 0x0, 0x5}, 0xffffffffffffffff, 0x7, r0, 0x8) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r4 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) ioctl$HIDIOCGPHYS(r4, 0x80404812, &(0x7f0000000000)) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:53:21 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8, 0x0, 0x0, 0x0) 05:53:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) 05:53:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0) 05:53:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0) 05:53:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000000, 0x0, 0x0) 05:53:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000000, 0x0, 0x0, 0x0) 05:53:21 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) 05:53:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:53:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60) [ 1867.536969] FAULT_INJECTION: forcing a failure. [ 1867.536969] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.538128] CPU: 1 PID: 8934 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1867.538700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.539394] Call Trace: [ 1867.539628] dump_stack+0x107/0x167 [ 1867.539942] should_fail.cold+0x5/0xa [ 1867.540273] ? create_object.isra.0+0x3a/0xa20 [ 1867.540711] should_failslab+0x5/0x20 [ 1867.541046] kmem_cache_alloc+0x5b/0x310 [ 1867.541404] ? mark_held_locks+0x9e/0xe0 [ 1867.541765] create_object.isra.0+0x3a/0xa20 [ 1867.542149] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.542598] kmem_cache_alloc_bulk+0x168/0x320 [ 1867.543004] io_submit_sqes+0x6fe6/0x8610 [ 1867.543378] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.543805] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.544219] ? lock_downgrade+0x6d0/0x6d0 [ 1867.544572] ? find_held_lock+0x2c/0x110 [ 1867.544936] ? io_submit_sqes+0x8610/0x8610 [ 1867.545323] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.545749] ? wait_for_completion_io+0x270/0x270 [ 1867.546173] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.546578] ? vfs_write+0x354/0xb10 [ 1867.546907] ? fput_many+0x2f/0x1a0 [ 1867.547228] ? ksys_write+0x1a9/0x260 [ 1867.547564] ? __ia32_sys_read+0xb0/0xb0 [ 1867.547924] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.548382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.552858] do_syscall_64+0x33/0x40 [ 1867.553177] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.553608] RIP: 0033:0x7f30a2e99b19 [ 1867.553923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.555452] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.555628] FAULT_INJECTION: forcing a failure. [ 1867.555628] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.556089] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1867.556097] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1867.556105] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.556119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.559459] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1867.560085] CPU: 0 PID: 8940 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1867.560668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.561380] Call Trace: [ 1867.561606] dump_stack+0x107/0x167 [ 1867.561917] should_fail.cold+0x5/0xa [ 1867.562241] ? io_timeout_prep+0x693/0x8b0 [ 1867.562601] should_failslab+0x5/0x20 [ 1867.562922] __kmalloc+0x72/0x390 [ 1867.563218] ? __hrtimer_init+0x12c/0x270 [ 1867.563573] io_timeout_prep+0x693/0x8b0 [ 1867.563922] io_submit_sqes+0x54d8/0x8610 05:53:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1867.564304] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.564743] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.565155] ? lock_downgrade+0x6d0/0x6d0 [ 1867.572905] ? find_held_lock+0x2c/0x110 [ 1867.573254] ? io_submit_sqes+0x8610/0x8610 [ 1867.573624] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.574033] ? wait_for_completion_io+0x270/0x270 [ 1867.574441] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.574831] ? vfs_write+0x354/0xb10 [ 1867.575147] ? fput_many+0x2f/0x1a0 [ 1867.575456] ? ksys_write+0x1a9/0x260 [ 1867.575780] ? __ia32_sys_read+0xb0/0xb0 [ 1867.576126] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.576567] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.577021] do_syscall_64+0x33/0x40 [ 1867.577337] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.577766] RIP: 0033:0x7f3842280b19 [ 1867.578082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.579617] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.580254] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1867.580878] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1867.581473] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.582065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.582659] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1867.608676] FAULT_INJECTION: forcing a failure. [ 1867.608676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1867.609689] CPU: 1 PID: 8943 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1867.610263] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.610956] Call Trace: [ 1867.611188] dump_stack+0x107/0x167 [ 1867.611501] should_fail.cold+0x5/0xa [ 1867.611832] _copy_from_user+0x2e/0x1b0 [ 1867.612179] get_timespec64+0x75/0x190 [ 1867.612515] ? put_timespec64+0x130/0x130 [ 1867.613569] FAULT_INJECTION: forcing a failure. [ 1867.613569] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.616896] ? kasan_unpoison_shadow+0x33/0x50 [ 1867.616911] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.616926] io_timeout_prep+0x3c5/0x8b0 [ 1867.616944] io_submit_sqes+0x54d8/0x8610 [ 1867.616977] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.616989] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.617005] ? lock_downgrade+0x6d0/0x6d0 [ 1867.617015] ? find_held_lock+0x2c/0x110 [ 1867.617031] ? io_submit_sqes+0x8610/0x8610 [ 1867.617051] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.617067] ? wait_for_completion_io+0x270/0x270 [ 1867.617081] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.617092] ? vfs_write+0x354/0xb10 [ 1867.617105] ? fput_many+0x2f/0x1a0 [ 1867.617118] ? ksys_write+0x1a9/0x260 [ 1867.617130] ? __ia32_sys_read+0xb0/0xb0 [ 1867.617145] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.617157] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.617172] do_syscall_64+0x33/0x40 [ 1867.617183] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.617192] RIP: 0033:0x7f0159fffb19 [ 1867.617204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.617210] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.617224] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1867.617231] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1867.617238] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.617246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.617254] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1867.634901] CPU: 0 PID: 8944 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1867.635468] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.636156] Call Trace: [ 1867.636381] dump_stack+0x107/0x167 05:53:21 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000000)=[r4], 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r4, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x40}}, './file0\x00'}) [ 1867.640720] should_fail.cold+0x5/0xa [ 1867.641049] ? create_object.isra.0+0x3a/0xa20 [ 1867.648899] should_failslab+0x5/0x20 [ 1867.649224] kmem_cache_alloc+0x5b/0x310 [ 1867.649584] create_object.isra.0+0x3a/0xa20 [ 1867.649968] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.650407] __kmalloc+0x16e/0x390 [ 1867.650714] io_timeout_prep+0x693/0x8b0 [ 1867.651066] io_submit_sqes+0x54d8/0x8610 [ 1867.651438] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.651860] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.652272] ? lock_downgrade+0x6d0/0x6d0 [ 1867.652621] ? find_held_lock+0x2c/0x110 [ 1867.652985] ? io_submit_sqes+0x8610/0x8610 [ 1867.653359] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.653771] ? wait_for_completion_io+0x270/0x270 [ 1867.654180] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.654578] ? vfs_write+0x354/0xb10 [ 1867.654895] ? fput_many+0x2f/0x1a0 [ 1867.655205] ? ksys_write+0x1a9/0x260 [ 1867.655529] ? __ia32_sys_read+0xb0/0xb0 [ 1867.655876] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.656319] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.656779] do_syscall_64+0x33/0x40 [ 1867.657097] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.657528] RIP: 0033:0x7f285a8beb19 [ 1867.657843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.659376] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.660021] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1867.660619] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1867.661231] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.661830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.662433] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:53:22 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8000000, 0x0, 0x0) 05:53:22 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 05:53:22 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) [ 1867.873181] FAULT_INJECTION: forcing a failure. [ 1867.873181] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.874338] CPU: 0 PID: 8958 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1867.874910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.875600] Call Trace: [ 1867.875832] dump_stack+0x107/0x167 [ 1867.876143] should_fail.cold+0x5/0xa [ 1867.876473] should_failslab+0x5/0x20 [ 1867.876819] kmem_cache_alloc_bulk+0x4b/0x320 [ 1867.877205] io_submit_sqes+0x6fe6/0x8610 [ 1867.877577] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.878003] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.878415] ? lock_downgrade+0x6d0/0x6d0 [ 1867.878766] ? find_held_lock+0x2c/0x110 [ 1867.879115] ? io_submit_sqes+0x8610/0x8610 [ 1867.879488] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.879899] ? wait_for_completion_io+0x270/0x270 [ 1867.880309] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.884737] ? vfs_write+0x354/0xb10 [ 1867.885055] ? fput_many+0x2f/0x1a0 [ 1867.885366] ? ksys_write+0x1a9/0x260 [ 1867.885688] ? __ia32_sys_read+0xb0/0xb0 [ 1867.886035] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.886475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.886914] do_syscall_64+0x33/0x40 [ 1867.887227] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.887656] RIP: 0033:0x7f30a2e99b19 [ 1867.887970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.889511] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.890149] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1867.890744] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1867.891341] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.891936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.892531] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1881.874263] FAULT_INJECTION: forcing a failure. [ 1881.874263] name failslab, interval 1, probability 0, space 0, times 0 [ 1881.875255] CPU: 0 PID: 8974 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1881.875825] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.876518] Call Trace: [ 1881.876751] dump_stack+0x107/0x167 [ 1881.877423] should_fail.cold+0x5/0xa [ 1881.878123] ? io_timeout_prep+0x693/0x8b0 [ 1881.878887] should_failslab+0x5/0x20 [ 1881.879569] __kmalloc+0x72/0x390 [ 1881.880191] ? __hrtimer_init+0x12c/0x270 [ 1881.880959] io_timeout_prep+0x693/0x8b0 [ 1881.881652] io_submit_sqes+0x54d8/0x8610 [ 1881.882127] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.882550] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.882967] ? lock_downgrade+0x6d0/0x6d0 [ 1881.883324] ? find_held_lock+0x2c/0x110 [ 1881.883675] ? io_submit_sqes+0x8610/0x8610 [ 1881.884049] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1881.884463] ? wait_for_completion_io+0x270/0x270 [ 1881.884887] ? rcu_read_lock_any_held+0x75/0xa0 [ 1881.885282] ? vfs_write+0x354/0xb10 [ 1881.885602] ? fput_many+0x2f/0x1a0 [ 1881.885914] ? ksys_write+0x1a9/0x260 [ 1881.886246] ? __ia32_sys_read+0xb0/0xb0 [ 1881.886597] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.887041] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.887482] do_syscall_64+0x33/0x40 [ 1881.887801] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.888233] RIP: 0033:0x7f0159fffb19 [ 1881.888549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.890115] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1881.890758] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1881.891357] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1881.891993] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.892719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1881.893442] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1881.904153] FAULT_INJECTION: forcing a failure. [ 1881.904153] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1881.905174] CPU: 0 PID: 8970 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1881.905750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.906711] Call Trace: [ 1881.906981] dump_stack+0x107/0x167 [ 1881.907350] should_fail.cold+0x5/0xa [ 1881.907726] _copy_from_user+0x2e/0x1b0 [ 1881.908136] get_timespec64+0x75/0x190 [ 1881.908540] ? put_timespec64+0x130/0x130 [ 1881.908985] ? kasan_unpoison_shadow+0x33/0x50 [ 1881.909425] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1881.909921] io_timeout_prep+0x3c5/0x8b0 [ 1881.910319] io_submit_sqes+0x54d8/0x8610 [ 1881.910722] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.911145] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.911575] ? lock_downgrade+0x6d0/0x6d0 [ 1881.911924] ? find_held_lock+0x2c/0x110 [ 1881.912271] ? io_submit_sqes+0x8610/0x8610 [ 1881.912642] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1881.913092] ? wait_for_completion_io+0x270/0x270 [ 1881.913514] ? rcu_read_lock_any_held+0x75/0xa0 [ 1881.913908] ? vfs_write+0x354/0xb10 [ 1881.914238] ? fput_many+0x2f/0x1a0 [ 1881.914558] ? ksys_write+0x1a9/0x260 [ 1881.914892] ? __ia32_sys_read+0xb0/0xb0 [ 1881.915258] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.915813] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.916340] do_syscall_64+0x33/0x40 [ 1881.916439] FAULT_INJECTION: forcing a failure. [ 1881.916439] name failslab, interval 1, probability 0, space 0, times 0 [ 1881.916727] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.916742] RIP: 0033:0x7f285a8beb19 [ 1881.919211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.921099] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1881.921889] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1881.922573] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1881.923299] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.924014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1881.924736] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:53:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8000000, 0x0, 0x0, 0x0) 05:53:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0) 05:53:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) 05:53:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:53:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 05:53:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61) 05:53:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:53:36 executing program 2: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x40080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x18c01, 0x0, 0x1}, 0x0, 0xc, r0, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r4 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x6e0, &(0x7f0000000180)={0x0, 0x2cfc, 0x8, 0x1, 0x344, 0x0, r4}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000240)=0x0) syz_io_uring_submit(r2, r6, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0xa, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x1}, 0x80) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000380)={0x0, 0x2595, 0x4, 0x0, 0x1af}, &(0x7f00000a0000)=nil, &(0x7f0000ec0000/0x1000)=nil, &(0x7f0000000440), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) r9 = syz_io_uring_setup(0x3ca0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r12}}, 0x10000) syz_io_uring_submit(0x0, r8, &(0x7f0000000340)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r12}}, 0x7) [ 1881.925409] CPU: 1 PID: 8978 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1881.929346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.930053] Call Trace: [ 1881.930289] dump_stack+0x107/0x167 [ 1881.930612] should_fail.cold+0x5/0xa [ 1881.930945] ? create_object.isra.0+0x3a/0xa20 [ 1881.931345] should_failslab+0x5/0x20 [ 1881.931671] kmem_cache_alloc+0x5b/0x310 [ 1881.932022] create_object.isra.0+0x3a/0xa20 [ 1881.932403] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1881.932901] __kmalloc+0x16e/0x390 [ 1881.933219] io_timeout_prep+0x693/0x8b0 [ 1881.933570] io_submit_sqes+0x54d8/0x8610 [ 1881.933943] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.934365] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.934777] ? lock_downgrade+0x6d0/0x6d0 [ 1881.935130] ? find_held_lock+0x2c/0x110 [ 1881.935479] ? io_submit_sqes+0x8610/0x8610 [ 1881.935852] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1881.936264] ? wait_for_completion_io+0x270/0x270 [ 1881.936675] ? rcu_read_lock_any_held+0x75/0xa0 [ 1881.937112] ? vfs_write+0x354/0xb10 [ 1881.937431] ? fput_many+0x2f/0x1a0 [ 1881.937741] ? ksys_write+0x1a9/0x260 [ 1881.938069] ? __ia32_sys_read+0xb0/0xb0 [ 1881.938421] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.938869] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.939315] do_syscall_64+0x33/0x40 [ 1881.939632] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.940068] RIP: 0033:0x7f3842280b19 [ 1881.940390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.941963] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1881.942620] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1881.943236] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1881.943840] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.944454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1881.945091] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1881.954843] FAULT_INJECTION: forcing a failure. [ 1881.954843] name failslab, interval 1, probability 0, space 0, times 0 [ 1881.955862] CPU: 0 PID: 8966 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1881.956472] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.957207] Call Trace: [ 1881.957463] dump_stack+0x107/0x167 [ 1881.957806] should_fail.cold+0x5/0xa [ 1881.958165] ? create_object.isra.0+0x3a/0xa20 [ 1881.958570] should_failslab+0x5/0x20 [ 1881.958895] kmem_cache_alloc+0x5b/0x310 [ 1881.959241] ? mark_held_locks+0x9e/0xe0 [ 1881.959589] create_object.isra.0+0x3a/0xa20 [ 1881.959962] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1881.960396] kmem_cache_alloc_bulk+0x168/0x320 [ 1881.960787] io_submit_sqes+0x6fe6/0x8610 [ 1881.961183] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.961606] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.962018] ? lock_downgrade+0x6d0/0x6d0 [ 1881.962370] ? find_held_lock+0x2c/0x110 [ 1881.962728] ? io_submit_sqes+0x8610/0x8610 [ 1881.963107] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1881.963525] ? wait_for_completion_io+0x270/0x270 [ 1881.963937] ? rcu_read_lock_any_held+0x75/0xa0 [ 1881.964332] ? vfs_write+0x354/0xb10 [ 1881.964651] ? fput_many+0x2f/0x1a0 [ 1881.964982] ? ksys_write+0x1a9/0x260 [ 1881.965314] ? __ia32_sys_read+0xb0/0xb0 [ 1881.965680] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.966134] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.966579] do_syscall_64+0x33/0x40 [ 1881.966897] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.967335] RIP: 0033:0x7f30a2e99b19 [ 1881.967655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.969224] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1881.969872] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1881.970481] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1881.971083] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.971693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1881.972296] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:53:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0) 05:53:36 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:53:36 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 05:53:36 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62) 05:53:36 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1882.359257] FAULT_INJECTION: forcing a failure. [ 1882.359257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1882.361354] CPU: 1 PID: 8995 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1882.361931] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1882.362626] Call Trace: [ 1882.362859] dump_stack+0x107/0x167 [ 1882.363179] should_fail.cold+0x5/0xa [ 1882.363511] _copy_from_user+0x2e/0x1b0 [ 1882.363855] get_timespec64+0x75/0x190 [ 1882.364190] ? put_timespec64+0x130/0x130 [ 1882.364549] ? kasan_unpoison_shadow+0x33/0x50 [ 1882.364958] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1882.365405] io_timeout_prep+0x3c5/0x8b0 [ 1882.365758] io_submit_sqes+0x54d8/0x8610 [ 1882.366140] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.366566] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.366983] ? lock_downgrade+0x6d0/0x6d0 [ 1882.367337] ? find_held_lock+0x2c/0x110 [ 1882.367689] ? io_submit_sqes+0x8610/0x8610 [ 1882.368067] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1882.368490] ? wait_for_completion_io+0x270/0x270 [ 1882.368913] ? rcu_read_lock_any_held+0x75/0xa0 [ 1882.369314] ? vfs_write+0x354/0xb10 [ 1882.369635] ? fput_many+0x2f/0x1a0 [ 1882.369948] ? ksys_write+0x1a9/0x260 [ 1882.370279] ? __ia32_sys_read+0xb0/0xb0 [ 1882.370636] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1882.371090] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1882.371533] do_syscall_64+0x33/0x40 [ 1882.371853] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1882.372289] RIP: 0033:0x7f3842280b19 [ 1882.372609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1882.374175] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1882.374823] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1882.375440] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1882.376046] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1882.376652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1882.377267] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1882.395840] FAULT_INJECTION: forcing a failure. [ 1882.395840] name failslab, interval 1, probability 0, space 0, times 0 [ 1882.396851] CPU: 1 PID: 8999 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1882.397430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1882.398123] Call Trace: [ 1882.398352] dump_stack+0x107/0x167 [ 1882.398664] should_fail.cold+0x5/0xa [ 1882.398992] ? create_object.isra.0+0x3a/0xa20 [ 1882.399385] should_failslab+0x5/0x20 [ 1882.399711] kmem_cache_alloc+0x5b/0x310 [ 1882.400066] create_object.isra.0+0x3a/0xa20 [ 1882.400451] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1882.400961] __kmalloc+0x16e/0x390 [ 1882.401585] io_timeout_prep+0x693/0x8b0 [ 1882.402287] io_submit_sqes+0x54d8/0x8610 [ 1882.403182] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.404288] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.405281] ? lock_downgrade+0x6d0/0x6d0 [ 1882.406028] ? find_held_lock+0x2c/0x110 [ 1882.406765] ? io_submit_sqes+0x8610/0x8610 [ 1882.407558] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1882.408417] ? wait_for_completion_io+0x270/0x270 [ 1882.409074] ? rcu_read_lock_any_held+0x75/0xa0 [ 1882.409471] ? vfs_write+0x354/0xb10 [ 1882.409789] ? fput_many+0x2f/0x1a0 [ 1882.410104] ? ksys_write+0x1a9/0x260 [ 1882.410430] ? __ia32_sys_read+0xb0/0xb0 [ 1882.410783] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1882.411227] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1882.411668] do_syscall_64+0x33/0x40 [ 1882.411989] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1882.412421] RIP: 0033:0x7f0159fffb19 [ 1882.412739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1882.415946] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1882.417313] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1882.418598] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1882.419887] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1882.421195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1882.422491] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:53:36 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x100000000000000, 0x0, 0x0) 05:53:36 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0) [ 1882.459011] FAULT_INJECTION: forcing a failure. [ 1882.459011] name failslab, interval 1, probability 0, space 0, times 0 [ 1882.461151] CPU: 1 PID: 9001 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1882.461724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1882.462419] Call Trace: [ 1882.462650] dump_stack+0x107/0x167 [ 1882.462962] should_fail.cold+0x5/0xa [ 1882.463286] ? io_timeout_prep+0x693/0x8b0 [ 1882.463649] ? io_timeout_prep+0x693/0x8b0 [ 1882.464017] should_failslab+0x5/0x20 [ 1882.464346] __kmalloc+0x72/0x390 [ 1882.464644] ? __hrtimer_init+0x12c/0x270 [ 1882.465014] io_timeout_prep+0x693/0x8b0 [ 1882.465363] io_submit_sqes+0x54d8/0x8610 [ 1882.465737] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.466159] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.466570] ? lock_downgrade+0x6d0/0x6d0 [ 1882.466921] ? find_held_lock+0x2c/0x110 [ 1882.467272] ? io_submit_sqes+0x8610/0x8610 [ 1882.467649] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1882.468087] ? wait_for_completion_io+0x270/0x270 [ 1882.468501] ? rcu_read_lock_any_held+0x75/0xa0 [ 1882.468948] ? vfs_write+0x354/0xb10 [ 1882.469277] ? fput_many+0x2f/0x1a0 [ 1882.469591] ? ksys_write+0x1a9/0x260 [ 1882.469916] ? __ia32_sys_read+0xb0/0xb0 [ 1882.470274] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1882.470718] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1882.471159] do_syscall_64+0x33/0x40 [ 1882.471480] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1882.471912] RIP: 0033:0x7f285a8beb19 [ 1882.472232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1882.473849] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1882.474497] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1882.475110] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1882.475712] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1882.476314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1882.477158] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:53:36 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) [ 1882.556553] FAULT_INJECTION: forcing a failure. [ 1882.556553] name failslab, interval 1, probability 0, space 0, times 0 [ 1882.557744] CPU: 1 PID: 9010 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1882.558331] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1882.559091] Call Trace: [ 1882.559328] dump_stack+0x107/0x167 [ 1882.559672] should_fail.cold+0x5/0xa [ 1882.560018] ? create_object.isra.0+0x3a/0xa20 [ 1882.560443] should_failslab+0x5/0x20 [ 1882.560786] kmem_cache_alloc+0x5b/0x310 [ 1882.561224] create_object.isra.0+0x3a/0xa20 [ 1882.561656] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1882.562139] kmem_cache_alloc_bulk+0x168/0x320 [ 1882.562553] io_submit_sqes+0x6fe6/0x8610 [ 1882.562941] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.563367] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1882.563794] ? lock_downgrade+0x6d0/0x6d0 [ 1882.564153] ? find_held_lock+0x2c/0x110 [ 1882.564505] ? io_submit_sqes+0x8610/0x8610 [ 1882.564936] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1882.565358] ? wait_for_completion_io+0x270/0x270 [ 1882.565770] ? rcu_read_lock_any_held+0x75/0xa0 [ 1882.566166] ? vfs_write+0x354/0xb10 [ 1882.566494] ? fput_many+0x2f/0x1a0 [ 1882.566808] ? ksys_write+0x1a9/0x260 [ 1882.567144] ? __ia32_sys_read+0xb0/0xb0 [ 1882.567530] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1882.568016] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1882.568512] do_syscall_64+0x33/0x40 [ 1882.568866] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1882.569309] RIP: 0033:0x7f30a2e99b19 [ 1882.569638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1882.571292] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1882.571964] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1882.572586] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1882.573232] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1882.573840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1882.574454] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:53:50 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0) 05:53:50 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) 05:53:50 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000000000000, 0x0, 0x0) 05:53:50 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0) 05:53:50 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:53:50 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63) 05:53:50 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:53:50 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) fallocate(r0, 0x4, 0x100000001, 0x7) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1896.644442] FAULT_INJECTION: forcing a failure. [ 1896.644442] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1896.645479] CPU: 1 PID: 9021 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1896.646055] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1896.646748] Call Trace: [ 1896.646981] dump_stack+0x107/0x167 [ 1896.647295] should_fail.cold+0x5/0xa [ 1896.647627] _copy_from_user+0x2e/0x1b0 [ 1896.647975] get_timespec64+0x75/0x190 [ 1896.648310] ? put_timespec64+0x130/0x130 [ 1896.648674] ? kasan_unpoison_shadow+0x33/0x50 [ 1896.649093] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1896.649529] io_timeout_prep+0x3c5/0x8b0 [ 1896.649884] io_submit_sqes+0x54d8/0x8610 [ 1896.650260] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.650686] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.651131] ? lock_downgrade+0x6d0/0x6d0 [ 1896.651500] ? find_held_lock+0x2c/0x110 [ 1896.651858] ? io_submit_sqes+0x8610/0x8610 [ 1896.652244] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1896.652667] ? wait_for_completion_io+0x270/0x270 [ 1896.653108] ? rcu_read_lock_any_held+0x75/0xa0 [ 1896.653511] ? vfs_write+0x354/0xb10 [ 1896.653830] ? fput_many+0x2f/0x1a0 [ 1896.654143] ? ksys_write+0x1a9/0x260 [ 1896.654469] ? __ia32_sys_read+0xb0/0xb0 [ 1896.654820] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1896.655267] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1896.655709] do_syscall_64+0x33/0x40 [ 1896.656029] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1896.656466] RIP: 0033:0x7f0159fffb19 [ 1896.656786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1896.658347] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1896.658994] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1896.659614] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1896.660220] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1896.660821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1896.661441] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1896.666893] FAULT_INJECTION: forcing a failure. [ 1896.666893] name failslab, interval 1, probability 0, space 0, times 0 [ 1896.667885] CPU: 1 PID: 9027 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1896.668457] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1896.669164] Call Trace: [ 1896.669440] dump_stack+0x107/0x167 [ 1896.669788] should_fail.cold+0x5/0xa [ 1896.670231] ? create_object.isra.0+0x3a/0xa20 [ 1896.670662] should_failslab+0x5/0x20 [ 1896.671030] kmem_cache_alloc+0x5b/0x310 [ 1896.671437] create_object.isra.0+0x3a/0xa20 [ 1896.671879] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1896.672392] __kmalloc+0x16e/0x390 [ 1896.672762] io_timeout_prep+0x693/0x8b0 [ 1896.673172] io_submit_sqes+0x54d8/0x8610 [ 1896.673584] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.674028] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.674442] ? lock_downgrade+0x6d0/0x6d0 [ 1896.674817] ? find_held_lock+0x2c/0x110 [ 1896.675169] ? io_submit_sqes+0x8610/0x8610 [ 1896.675555] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1896.676000] ? wait_for_completion_io+0x270/0x270 [ 1896.676412] ? rcu_read_lock_any_held+0x75/0xa0 [ 1896.676806] ? vfs_write+0x354/0xb10 [ 1896.677189] ? fput_many+0x2f/0x1a0 [ 1896.677505] ? ksys_write+0x1a9/0x260 [ 1896.677831] ? __ia32_sys_read+0xb0/0xb0 [ 1896.678181] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1896.678636] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1896.679077] do_syscall_64+0x33/0x40 [ 1896.679395] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1896.679831] RIP: 0033:0x7f285a8beb19 [ 1896.680148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1896.681713] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1896.682357] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1896.682959] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1896.683562] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1896.684257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1896.684975] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1896.690932] FAULT_INJECTION: forcing a failure. [ 1896.690932] name failslab, interval 1, probability 0, space 0, times 0 [ 1896.692426] CPU: 1 PID: 9023 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1896.693224] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1896.694008] Call Trace: [ 1896.694268] dump_stack+0x107/0x167 [ 1896.694661] should_fail.cold+0x5/0xa [ 1896.695026] should_failslab+0x5/0x20 [ 1896.695373] kmem_cache_alloc_bulk+0x4b/0x320 [ 1896.695811] io_submit_sqes+0x6fe6/0x8610 [ 1896.696193] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.696520] FAULT_INJECTION: forcing a failure. [ 1896.696520] name failslab, interval 1, probability 0, space 0, times 0 [ 1896.696616] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.696635] ? lock_downgrade+0x6d0/0x6d0 [ 1896.698429] ? find_held_lock+0x2c/0x110 [ 1896.699114] ? io_submit_sqes+0x8610/0x8610 [ 1896.699487] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1896.699954] ? wait_for_completion_io+0x270/0x270 [ 1896.700427] ? rcu_read_lock_any_held+0x75/0xa0 [ 1896.700873] ? vfs_write+0x354/0xb10 [ 1896.701270] ? fput_many+0x2f/0x1a0 [ 1896.701646] ? ksys_write+0x1a9/0x260 [ 1896.702037] ? __ia32_sys_read+0xb0/0xb0 [ 1896.702489] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1896.702985] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1896.703494] do_syscall_64+0x33/0x40 [ 1896.703864] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1896.704392] RIP: 0033:0x7f3842280b19 [ 1896.704755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1896.707394] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1896.709152] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1896.710756] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1896.712343] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1896.713723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1896.714928] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1896.716537] CPU: 0 PID: 9033 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1896.717254] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1896.718104] Call Trace: [ 1896.718382] dump_stack+0x107/0x167 [ 1896.718761] should_fail.cold+0x5/0xa [ 1896.719176] ? create_object.isra.0+0x3a/0xa20 [ 1896.719642] should_failslab+0x5/0x20 [ 1896.720047] kmem_cache_alloc+0x5b/0x310 [ 1896.720803] ? mark_held_locks+0x9e/0xe0 [ 1896.721269] create_object.isra.0+0x3a/0xa20 [ 1896.721651] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1896.722102] kmem_cache_alloc_bulk+0x168/0x320 [ 1896.722509] io_submit_sqes+0x6fe6/0x8610 [ 1896.722885] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.723328] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1896.723747] ? lock_downgrade+0x6d0/0x6d0 [ 1896.724104] ? find_held_lock+0x2c/0x110 [ 1896.724460] ? io_submit_sqes+0x8610/0x8610 [ 1896.724840] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1896.725679] ? wait_for_completion_io+0x270/0x270 [ 1896.726614] ? rcu_read_lock_any_held+0x75/0xa0 [ 1896.727512] ? vfs_write+0x354/0xb10 [ 1896.728213] ? fput_many+0x2f/0x1a0 [ 1896.728897] ? ksys_write+0x1a9/0x260 [ 1896.729665] ? __ia32_sys_read+0xb0/0xb0 [ 1896.730483] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1896.731534] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1896.732551] do_syscall_64+0x33/0x40 [ 1896.733335] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1896.734355] RIP: 0033:0x7f30a2e99b19 [ 1896.735099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1896.738815] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1896.740335] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1896.741786] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1896.743201] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1896.744624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1896.745431] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:53:51 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64) 05:53:51 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1897.051923] FAULT_INJECTION: forcing a failure. [ 1897.051923] name failslab, interval 1, probability 0, space 0, times 0 [ 1897.052951] CPU: 1 PID: 9040 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1897.053536] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1897.054237] Call Trace: [ 1897.054468] dump_stack+0x107/0x167 [ 1897.054780] should_fail.cold+0x5/0xa [ 1897.055106] ? io_timeout_prep+0x693/0x8b0 [ 1897.055468] should_failslab+0x5/0x20 [ 1897.055792] __kmalloc+0x72/0x390 [ 1897.056094] ? __hrtimer_init+0x12c/0x270 [ 1897.056447] io_timeout_prep+0x693/0x8b0 [ 1897.056796] io_submit_sqes+0x54d8/0x8610 [ 1897.057209] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1897.057648] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1897.058077] ? lock_downgrade+0x6d0/0x6d0 [ 1897.058440] ? find_held_lock+0x2c/0x110 [ 1897.058804] ? io_submit_sqes+0x8610/0x8610 [ 1897.059193] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1897.059621] ? wait_for_completion_io+0x270/0x270 [ 1897.060046] ? rcu_read_lock_any_held+0x75/0xa0 [ 1897.060443] ? vfs_write+0x354/0xb10 [ 1897.060762] ? fput_many+0x2f/0x1a0 [ 1897.061109] ? ksys_write+0x1a9/0x260 [ 1897.061436] ? __ia32_sys_read+0xb0/0xb0 [ 1897.061787] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1897.062239] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1897.062679] do_syscall_64+0x33/0x40 [ 1897.062999] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1897.063436] RIP: 0033:0x7f0159fffb19 [ 1897.063754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1897.065337] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1897.065988] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1897.066592] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1897.067193] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1897.067789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1897.068387] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:53:51 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x800000000000000, 0x0, 0x0) [ 1897.103857] FAULT_INJECTION: forcing a failure. [ 1897.103857] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1897.104888] CPU: 1 PID: 9042 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1897.105484] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1897.106175] Call Trace: [ 1897.106403] dump_stack+0x107/0x167 [ 1897.106712] should_fail.cold+0x5/0xa [ 1897.107041] _copy_from_user+0x2e/0x1b0 [ 1897.107383] get_timespec64+0x75/0x190 [ 1897.107724] ? put_timespec64+0x130/0x130 [ 1897.108085] ? kasan_unpoison_shadow+0x33/0x50 [ 1897.108478] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1897.108911] io_timeout_prep+0x3c5/0x8b0 [ 1897.109291] io_submit_sqes+0x54d8/0x8610 [ 1897.109663] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1897.110085] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1897.110493] ? lock_downgrade+0x6d0/0x6d0 [ 1897.110843] ? find_held_lock+0x2c/0x110 [ 1897.111191] ? io_submit_sqes+0x8610/0x8610 [ 1897.111570] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1897.111980] ? wait_for_completion_io+0x270/0x270 [ 1897.112396] ? rcu_read_lock_any_held+0x75/0xa0 [ 1897.112787] ? vfs_write+0x354/0xb10 [ 1897.113135] ? fput_many+0x2f/0x1a0 [ 1897.113449] ? ksys_write+0x1a9/0x260 [ 1897.113773] ? __ia32_sys_read+0xb0/0xb0 [ 1897.114122] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1897.114565] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1897.115003] do_syscall_64+0x33/0x40 [ 1897.115320] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1897.115758] RIP: 0033:0x7f285a8beb19 [ 1897.116079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1897.117634] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1897.118274] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1897.118877] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1897.119480] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1897.120080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 05:53:51 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1897.120676] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1897.190275] FAULT_INJECTION: forcing a failure. [ 1897.190275] name failslab, interval 1, probability 0, space 0, times 0 [ 1897.191317] CPU: 1 PID: 9049 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1897.191890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1897.192582] Call Trace: [ 1897.192817] dump_stack+0x107/0x167 [ 1897.193164] should_fail.cold+0x5/0xa [ 1897.193492] ? create_object.isra.0+0x3a/0xa20 [ 1897.193884] should_failslab+0x5/0x20 [ 1897.194222] kmem_cache_alloc+0x5b/0x310 [ 1897.194570] create_object.isra.0+0x3a/0xa20 [ 1897.194951] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1897.195393] kmem_cache_alloc_bulk+0x168/0x320 [ 1897.195788] io_submit_sqes+0x6fe6/0x8610 [ 1897.196171] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1897.196599] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1897.197045] ? lock_downgrade+0x6d0/0x6d0 [ 1897.197404] ? find_held_lock+0x2c/0x110 [ 1897.197752] ? io_submit_sqes+0x8610/0x8610 [ 1897.198136] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1897.198558] ? wait_for_completion_io+0x270/0x270 [ 1897.198972] ? rcu_read_lock_any_held+0x75/0xa0 [ 1897.199374] ? vfs_write+0x354/0xb10 [ 1897.199692] ? fput_many+0x2f/0x1a0 [ 1897.200007] ? ksys_write+0x1a9/0x260 [ 1897.200334] ? __ia32_sys_read+0xb0/0xb0 [ 1897.200684] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1897.201158] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1897.201599] do_syscall_64+0x33/0x40 [ 1897.201919] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1897.202357] RIP: 0033:0x7f3842280b19 [ 1897.202678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1897.204217] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1897.204860] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1897.205485] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1897.206099] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1897.206702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1897.207300] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:54:05 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:54:05 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65) 05:54:05 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) 05:54:05 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8, 0x0, 0x0) 05:54:05 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000000, 0x0, 0x0, 0x0) 05:54:05 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:54:05 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) 05:54:05 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r4, 0x0, 0x0, 0x0) r5 = ioctl$TUNGETDEVNETNS(r3, 0x54e3, 0x0) fcntl$dupfd(r4, 0x406, r5) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r7, 0x0, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000000, 0x4000010, r7, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1911.657471] FAULT_INJECTION: forcing a failure. [ 1911.657471] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.658484] CPU: 0 PID: 9063 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1911.659062] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.659563] FAULT_INJECTION: forcing a failure. [ 1911.659563] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.659774] Call Trace: [ 1911.659794] dump_stack+0x107/0x167 [ 1911.659811] should_fail.cold+0x5/0xa [ 1911.661591] ? create_object.isra.0+0x3a/0xa20 [ 1911.661984] should_failslab+0x5/0x20 [ 1911.662313] kmem_cache_alloc+0x5b/0x310 [ 1911.662664] ? mark_held_locks+0x9e/0xe0 [ 1911.663015] create_object.isra.0+0x3a/0xa20 [ 1911.663390] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.663828] kmem_cache_alloc_bulk+0x168/0x320 [ 1911.664222] io_submit_sqes+0x6fe6/0x8610 [ 1911.664601] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.665023] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.665452] ? lock_downgrade+0x6d0/0x6d0 [ 1911.665803] ? find_held_lock+0x2c/0x110 [ 1911.666153] ? io_submit_sqes+0x8610/0x8610 [ 1911.666528] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1911.666943] ? wait_for_completion_io+0x270/0x270 [ 1911.667357] ? rcu_read_lock_any_held+0x75/0xa0 [ 1911.667753] ? vfs_write+0x354/0xb10 [ 1911.668072] ? fput_many+0x2f/0x1a0 [ 1911.668385] ? ksys_write+0x1a9/0x260 [ 1911.668713] ? __ia32_sys_read+0xb0/0xb0 [ 1911.669063] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.669525] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.669967] do_syscall_64+0x33/0x40 [ 1911.670287] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.670723] RIP: 0033:0x7f3842280b19 [ 1911.671043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.672617] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.673280] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1911.673884] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1911.674491] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.675094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.675698] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1911.676325] CPU: 1 PID: 9077 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1911.676934] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.677688] Call Trace: [ 1911.677933] dump_stack+0x107/0x167 [ 1911.678265] should_fail.cold+0x5/0xa [ 1911.678606] ? create_object.isra.0+0x3a/0xa20 [ 1911.679018] should_failslab+0x5/0x20 [ 1911.679360] kmem_cache_alloc+0x5b/0x310 [ 1911.679731] create_object.isra.0+0x3a/0xa20 [ 1911.680125] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.680588] __kmalloc+0x16e/0x390 [ 1911.680916] io_timeout_prep+0x693/0x8b0 [ 1911.681310] io_submit_sqes+0x54d8/0x8610 [ 1911.681711] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.682156] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.682595] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.683061] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1911.683460] ? trace_hardirqs_on+0x5b/0x180 [ 1911.683848] ? io_submit_sqes+0x8610/0x8610 [ 1911.684235] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1911.684613] ? finish_task_switch+0x126/0x5d0 [ 1911.684986] ? finish_task_switch+0xef/0x5d0 [ 1911.685398] ? __switch_to+0x572/0xf70 [ 1911.685749] ? __switch_to_asm+0x3a/0x60 [ 1911.686109] ? __switch_to_asm+0x34/0x60 [ 1911.686478] ? __schedule+0x82c/0x1ea0 [ 1911.686839] ? io_schedule_timeout+0x140/0x140 [ 1911.687249] ? copy_kernel_to_fpregs+0x9e/0xe0 [ 1911.687661] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 1911.688143] ? ksys_write+0x1a9/0x260 [ 1911.688495] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.688961] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.689443] do_syscall_64+0x33/0x40 [ 1911.689782] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.690236] RIP: 0033:0x7f0159fffb19 [ 1911.690576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.692123] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.692795] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1911.693448] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1911.694074] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.694701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.695329] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1911.701305] FAULT_INJECTION: forcing a failure. [ 1911.701305] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.702333] CPU: 1 PID: 9069 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1911.702938] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.703668] Call Trace: [ 1911.703913] dump_stack+0x107/0x167 [ 1911.704247] should_fail.cold+0x5/0xa [ 1911.704596] ? io_timeout_prep+0x693/0x8b0 [ 1911.704982] should_failslab+0x5/0x20 [ 1911.709368] __kmalloc+0x72/0x390 [ 1911.709689] ? __hrtimer_init+0x12c/0x270 [ 1911.710069] io_timeout_prep+0x693/0x8b0 [ 1911.710443] io_submit_sqes+0x54d8/0x8610 [ 1911.710850] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.711299] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.711739] ? lock_downgrade+0x6d0/0x6d0 [ 1911.712113] ? find_held_lock+0x2c/0x110 [ 1911.712489] ? io_submit_sqes+0x8610/0x8610 [ 1911.712891] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1911.713351] ? wait_for_completion_io+0x270/0x270 [ 1911.713789] ? rcu_read_lock_any_held+0x75/0xa0 [ 1911.714205] ? vfs_write+0x354/0xb10 [ 1911.714544] ? fput_many+0x2f/0x1a0 [ 1911.714893] ? ksys_write+0x1a9/0x260 [ 1911.715237] ? __ia32_sys_read+0xb0/0xb0 [ 1911.715606] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.716076] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.716541] do_syscall_64+0x33/0x40 [ 1911.716878] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.717353] RIP: 0033:0x7f285a8beb19 [ 1911.717693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.719297] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.719980] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1911.720612] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1911.721263] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.721902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.722534] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1911.726911] FAULT_INJECTION: forcing a failure. [ 1911.726911] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.728016] CPU: 1 PID: 9065 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1911.728625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.733395] Call Trace: [ 1911.733643] dump_stack+0x107/0x167 [ 1911.733976] should_fail.cold+0x5/0xa [ 1911.734324] ? create_object.isra.0+0x3a/0xa20 [ 1911.734740] should_failslab+0x5/0x20 [ 1911.735089] kmem_cache_alloc+0x5b/0x310 [ 1911.735464] create_object.isra.0+0x3a/0xa20 [ 1911.735864] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.736329] kmem_cache_alloc_bulk+0x168/0x320 [ 1911.736754] io_submit_sqes+0x6fe6/0x8610 [ 1911.737175] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.737631] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1911.738070] ? lock_downgrade+0x6d0/0x6d0 [ 1911.738441] ? find_held_lock+0x2c/0x110 [ 1911.738814] ? io_submit_sqes+0x8610/0x8610 [ 1911.739211] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1911.739653] ? wait_for_completion_io+0x270/0x270 [ 1911.740090] ? rcu_read_lock_any_held+0x75/0xa0 [ 1911.740507] ? vfs_write+0x354/0xb10 [ 1911.740846] ? fput_many+0x2f/0x1a0 [ 1911.741195] ? ksys_write+0x1a9/0x260 [ 1911.741550] ? __ia32_sys_read+0xb0/0xb0 [ 1911.741922] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.742472] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.742938] do_syscall_64+0x33/0x40 [ 1911.743275] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.743734] RIP: 0033:0x7f30a2e99b19 [ 1911.744071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.745704] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.746388] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1911.747024] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1911.747657] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.748288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.748922] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:54:06 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x80, 0x7, 0x0, 0x40, 0x1, 0x0, 0x7f, 0x40000, 0x5, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x100, 0x1, @perf_bp={&(0x7f00000001c0), 0x4}, 0x0, 0x80000000, 0x2, 0x4, 0x100, 0x3, 0x100, 0x0, 0x4, 0x0, 0x5}, 0xffffffffffffffff, 0xe, r0, 0x3) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r4 = creat(0x0, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r4, 0xc0389424, &(0x7f0000000180)={0x862, 0x28, '\x00', 0x1, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:54:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 05:54:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0) 05:54:06 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffff00000000, 0x0, 0x0) 05:54:06 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8000000, 0x0, 0x0, 0x0) 05:54:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0) 05:54:06 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 66) 05:54:06 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:54:06 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:54:06 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) [ 1912.220131] FAULT_INJECTION: forcing a failure. [ 1912.220131] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1912.221252] CPU: 0 PID: 9103 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1912.221831] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1912.222522] Call Trace: [ 1912.222755] dump_stack+0x107/0x167 [ 1912.223067] should_fail.cold+0x5/0xa [ 1912.223398] _copy_from_user+0x2e/0x1b0 [ 1912.223743] get_timespec64+0x75/0x190 [ 1912.224075] ? put_timespec64+0x130/0x130 [ 1912.224432] ? kasan_unpoison_shadow+0x33/0x50 [ 1912.224821] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1912.225297] io_timeout_prep+0x3c5/0x8b0 [ 1912.225650] io_submit_sqes+0x54d8/0x8610 [ 1912.226023] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.226445] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.226860] ? lock_downgrade+0x6d0/0x6d0 [ 1912.227212] ? find_held_lock+0x2c/0x110 [ 1912.227562] ? io_submit_sqes+0x8610/0x8610 [ 1912.227936] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1912.228348] ? wait_for_completion_io+0x270/0x270 [ 1912.228761] ? rcu_read_lock_any_held+0x75/0xa0 [ 1912.229202] ? vfs_write+0x354/0xb10 [ 1912.229525] ? fput_many+0x2f/0x1a0 [ 1912.229837] ? ksys_write+0x1a9/0x260 [ 1912.230164] ? __ia32_sys_read+0xb0/0xb0 [ 1912.230513] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1912.230958] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1912.231399] do_syscall_64+0x33/0x40 [ 1912.231719] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1912.232157] RIP: 0033:0x7f0159fffb19 [ 1912.232477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1912.234052] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1912.234700] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1912.235302] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1912.235903] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1912.236504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1912.237136] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:54:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0) [ 1912.276395] FAULT_INJECTION: forcing a failure. [ 1912.276395] name failslab, interval 1, probability 0, space 0, times 0 [ 1912.277447] CPU: 1 PID: 9107 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1912.278027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1912.278732] Call Trace: [ 1912.278965] dump_stack+0x107/0x167 [ 1912.279274] should_fail.cold+0x5/0xa [ 1912.279600] ? create_object.isra.0+0x3a/0xa20 [ 1912.280007] should_failslab+0x5/0x20 [ 1912.280334] kmem_cache_alloc+0x5b/0x310 [ 1912.280683] ? mark_held_locks+0x9e/0xe0 [ 1912.281051] create_object.isra.0+0x3a/0xa20 [ 1912.281445] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1912.281898] kmem_cache_alloc_bulk+0x168/0x320 [ 1912.282299] io_submit_sqes+0x6fe6/0x8610 [ 1912.282672] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.283112] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.283525] ? lock_downgrade+0x6d0/0x6d0 [ 1912.283877] ? find_held_lock+0x2c/0x110 [ 1912.284244] ? io_submit_sqes+0x8610/0x8610 [ 1912.284625] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1912.285051] ? wait_for_completion_io+0x270/0x270 [ 1912.285497] ? rcu_read_lock_any_held+0x75/0xa0 [ 1912.285892] ? vfs_write+0x354/0xb10 [ 1912.286040] FAULT_INJECTION: forcing a failure. [ 1912.286040] name failslab, interval 1, probability 0, space 0, times 0 [ 1912.286230] ? fput_many+0x2f/0x1a0 [ 1912.286245] ? ksys_write+0x1a9/0x260 [ 1912.287797] ? __ia32_sys_read+0xb0/0xb0 [ 1912.288146] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1912.288606] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1912.289046] do_syscall_64+0x33/0x40 [ 1912.289400] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1912.289835] RIP: 0033:0x7f3842280b19 [ 1912.290152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1912.291715] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1912.292357] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1912.292974] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1912.293646] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1912.294257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1912.294875] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1912.295492] CPU: 0 PID: 9110 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1912.296079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1912.296777] Call Trace: [ 1912.297005] dump_stack+0x107/0x167 [ 1912.297360] should_fail.cold+0x5/0xa [ 1912.297685] ? create_object.isra.0+0x3a/0xa20 [ 1912.298074] should_failslab+0x5/0x20 [ 1912.298399] kmem_cache_alloc+0x5b/0x310 [ 1912.298749] create_object.isra.0+0x3a/0xa20 [ 1912.299132] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1912.299569] kmem_cache_alloc_bulk+0x168/0x320 [ 1912.299963] io_submit_sqes+0x6fe6/0x8610 [ 1912.300335] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.300760] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.301213] ? lock_downgrade+0x6d0/0x6d0 [ 1912.301616] ? find_held_lock+0x2c/0x110 [ 1912.302027] ? io_submit_sqes+0x8610/0x8610 [ 1912.302463] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1912.302939] ? wait_for_completion_io+0x270/0x270 [ 1912.303411] ? rcu_read_lock_any_held+0x75/0xa0 [ 1912.303857] ? vfs_write+0x354/0xb10 [ 1912.304217] ? fput_many+0x2f/0x1a0 [ 1912.304571] ? ksys_write+0x1a9/0x260 [ 1912.304941] ? __ia32_sys_read+0xb0/0xb0 [ 1912.305334] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1912.305780] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1912.306222] do_syscall_64+0x33/0x40 [ 1912.306548] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1912.306994] RIP: 0033:0x7f30a2e99b19 [ 1912.307313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1912.308856] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1912.309540] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1912.310143] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1912.310746] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1912.311349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1912.311950] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1912.313485] FAULT_INJECTION: forcing a failure. [ 1912.313485] name failslab, interval 1, probability 0, space 0, times 0 [ 1912.314558] CPU: 0 PID: 9111 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1912.315130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1912.315819] Call Trace: [ 1912.316045] dump_stack+0x107/0x167 [ 1912.316356] should_fail.cold+0x5/0xa [ 1912.316681] ? create_object.isra.0+0x3a/0xa20 [ 1912.317070] should_failslab+0x5/0x20 [ 1912.317433] kmem_cache_alloc+0x5b/0x310 [ 1912.317785] create_object.isra.0+0x3a/0xa20 [ 1912.318158] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1912.318591] __kmalloc+0x16e/0x390 [ 1912.318899] io_timeout_prep+0x693/0x8b0 [ 1912.319250] io_submit_sqes+0x54d8/0x8610 [ 1912.319624] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.320046] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1912.320457] ? lock_downgrade+0x6d0/0x6d0 [ 1912.320809] ? find_held_lock+0x2c/0x110 [ 1912.321198] ? io_submit_sqes+0x8610/0x8610 [ 1912.321586] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1912.322000] ? wait_for_completion_io+0x270/0x270 [ 1912.322414] ? rcu_read_lock_any_held+0x75/0xa0 [ 1912.322809] ? vfs_write+0x354/0xb10 [ 1912.323133] ? fput_many+0x2f/0x1a0 [ 1912.323449] ? ksys_write+0x1a9/0x260 [ 1912.323777] ? __ia32_sys_read+0xb0/0xb0 [ 1912.324130] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1912.324577] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1912.325020] do_syscall_64+0x33/0x40 [ 1912.325373] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1912.325810] RIP: 0033:0x7f285a8beb19 [ 1912.326129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1912.327671] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1912.328314] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1912.328917] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1912.329556] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1912.330157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1912.330757] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:54:06 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000000, 0x0, 0x0) 05:54:20 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) [ 1926.631366] FAULT_INJECTION: forcing a failure. [ 1926.631366] name failslab, interval 1, probability 0, space 0, times 0 [ 1926.632494] CPU: 1 PID: 9131 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1926.633068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1926.633797] Call Trace: [ 1926.634032] dump_stack+0x107/0x167 [ 1926.634344] should_fail.cold+0x5/0xa [ 1926.634672] ? io_timeout_prep+0x693/0x8b0 [ 1926.635038] should_failslab+0x5/0x20 [ 1926.635364] __kmalloc+0x72/0x390 [ 1926.635662] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1926.636106] io_timeout_prep+0x693/0x8b0 [ 1926.636459] io_submit_sqes+0x54d8/0x8610 [ 1926.636834] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.637270] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.637729] ? lock_downgrade+0x6d0/0x6d0 [ 1926.638084] ? find_held_lock+0x2c/0x110 [ 1926.638434] ? io_submit_sqes+0x8610/0x8610 [ 1926.638810] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1926.639226] ? wait_for_completion_io+0x270/0x270 [ 1926.639640] ? rcu_read_lock_any_held+0x75/0xa0 [ 1926.640040] ? vfs_write+0x354/0xb10 [ 1926.640360] ? fput_many+0x2f/0x1a0 [ 1926.640672] ? ksys_write+0x1a9/0x260 [ 1926.641002] ? __ia32_sys_read+0xb0/0xb0 [ 1926.641376] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1926.641821] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1926.642264] do_syscall_64+0x33/0x40 [ 1926.642583] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1926.643022] RIP: 0033:0x7f30a2e99b19 [ 1926.643344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1926.644897] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1926.645567] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1926.646167] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1926.646772] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1926.647374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1926.647978] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1926.657581] FAULT_INJECTION: forcing a failure. [ 1926.657581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1926.658776] CPU: 0 PID: 9132 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1926.659358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1926.660064] Call Trace: [ 1926.660300] dump_stack+0x107/0x167 [ 1926.660612] should_fail.cold+0x5/0xa [ 1926.660944] _copy_from_user+0x2e/0x1b0 [ 1926.661348] get_timespec64+0x75/0x190 [ 1926.661689] ? put_timespec64+0x130/0x130 [ 1926.662047] ? kasan_unpoison_shadow+0x33/0x50 [ 1926.662437] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1926.662871] io_timeout_prep+0x3c5/0x8b0 [ 1926.663221] io_submit_sqes+0x54d8/0x8610 [ 1926.663594] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.664016] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.664428] ? lock_downgrade+0x6d0/0x6d0 [ 1926.664782] ? find_held_lock+0x2c/0x110 [ 1926.665131] ? io_submit_sqes+0x8610/0x8610 [ 1926.665524] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1926.665936] ? wait_for_completion_io+0x270/0x270 [ 1926.666349] ? rcu_read_lock_any_held+0x75/0xa0 [ 1926.666744] ? vfs_write+0x354/0xb10 [ 1926.667061] ? fput_many+0x2f/0x1a0 [ 1926.667372] ? ksys_write+0x1a9/0x260 [ 1926.667697] ? __ia32_sys_read+0xb0/0xb0 [ 1926.668046] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1926.668489] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1926.668927] do_syscall_64+0x33/0x40 [ 1926.669257] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1926.669700] RIP: 0033:0x7f285a8beb19 [ 1926.670019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1926.671557] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1926.672199] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1926.672798] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1926.673415] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1926.674012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1926.674611] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1926.682514] FAULT_INJECTION: forcing a failure. [ 1926.682514] name failslab, interval 1, probability 0, space 0, times 0 [ 1926.683463] CPU: 0 PID: 9142 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1926.684040] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1926.684733] Call Trace: [ 1926.684959] dump_stack+0x107/0x167 [ 1926.685285] should_fail.cold+0x5/0xa [ 1926.685620] should_failslab+0x5/0x20 [ 1926.685947] kmem_cache_alloc_bulk+0x4b/0x320 [ 1926.686334] io_submit_sqes+0x6fe6/0x8610 [ 1926.686708] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.687132] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.687546] ? lock_downgrade+0x6d0/0x6d0 [ 1926.687899] ? find_held_lock+0x2c/0x110 [ 1926.688250] ? io_submit_sqes+0x8610/0x8610 [ 1926.688625] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1926.689040] ? wait_for_completion_io+0x270/0x270 [ 1926.689472] ? rcu_read_lock_any_held+0x75/0xa0 [ 1926.689867] ? vfs_write+0x354/0xb10 [ 1926.690185] ? fput_many+0x2f/0x1a0 [ 1926.690498] ? ksys_write+0x1a9/0x260 [ 1926.690830] ? __ia32_sys_read+0xb0/0xb0 [ 1926.691181] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1926.691627] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1926.692067] do_syscall_64+0x33/0x40 [ 1926.692386] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1926.692820] RIP: 0033:0x7f0159fffb19 [ 1926.693137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1926.694704] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1926.695347] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1926.695945] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1926.696541] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1926.697137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1926.697758] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1926.734444] FAULT_INJECTION: forcing a failure. [ 1926.734444] name failslab, interval 1, probability 0, space 0, times 0 [ 1926.735420] CPU: 0 PID: 9146 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1926.735994] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1926.736684] Call Trace: [ 1926.736912] dump_stack+0x107/0x167 [ 1926.737235] should_fail.cold+0x5/0xa [ 1926.737575] ? create_object.isra.0+0x3a/0xa20 [ 1926.737966] should_failslab+0x5/0x20 [ 1926.738297] kmem_cache_alloc+0x5b/0x310 [ 1926.738650] ? mark_held_locks+0x9e/0xe0 [ 1926.739002] create_object.isra.0+0x3a/0xa20 [ 1926.739380] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1926.739817] kmem_cache_alloc_bulk+0x168/0x320 [ 1926.740212] io_submit_sqes+0x6fe6/0x8610 [ 1926.740589] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.741020] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1926.741455] ? lock_downgrade+0x6d0/0x6d0 [ 1926.741808] ? find_held_lock+0x2c/0x110 [ 1926.742160] ? io_submit_sqes+0x8610/0x8610 [ 1926.742536] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1926.742953] ? wait_for_completion_io+0x270/0x270 [ 1926.743374] ? rcu_read_lock_any_held+0x75/0xa0 [ 1926.743779] ? vfs_write+0x354/0xb10 [ 1926.744109] ? fput_many+0x2f/0x1a0 [ 1926.744425] ? ksys_write+0x1a9/0x260 [ 1926.744753] ? __ia32_sys_read+0xb0/0xb0 [ 1926.745107] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1926.745571] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1926.746014] do_syscall_64+0x33/0x40 [ 1926.746334] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1926.746869] RIP: 0033:0x7f3842280b19 [ 1926.747189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1926.748726] RSP: 002b:00007f383f7d5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1926.749409] RAX: ffffffffffffffda RBX: 00007f3842394020 RCX: 00007f3842280b19 [ 1926.750021] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 1926.750634] RBP: 00007f383f7d51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1926.751252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1926.751866] R13: 00007ffcde4da82f R14: 00007f383f7d5300 R15: 0000000000022000 05:54:20 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:54:20 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4) 05:54:20 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8000000, 0x0, 0x0) 05:54:20 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x10, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:54:20 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 67) 05:54:20 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 05:54:20 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:54:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 05:54:21 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8) 05:54:21 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0) 05:54:21 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 68) 05:54:21 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1927.079326] FAULT_INJECTION: forcing a failure. [ 1927.079326] name failslab, interval 1, probability 0, space 0, times 0 [ 1927.080341] CPU: 1 PID: 9163 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1927.080915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1927.081631] Call Trace: [ 1927.081867] dump_stack+0x107/0x167 [ 1927.082182] should_fail.cold+0x5/0xa [ 1927.082513] ? create_object.isra.0+0x3a/0xa20 [ 1927.082910] should_failslab+0x5/0x20 [ 1927.083243] kmem_cache_alloc+0x5b/0x310 [ 1927.083605] create_object.isra.0+0x3a/0xa20 [ 1927.083986] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1927.084434] kmem_cache_alloc_bulk+0x168/0x320 [ 1927.084835] io_submit_sqes+0x6fe6/0x8610 [ 1927.085231] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1927.085681] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1927.086109] ? lock_downgrade+0x6d0/0x6d0 [ 1927.086469] ? find_held_lock+0x2c/0x110 [ 1927.086822] ? io_submit_sqes+0x8610/0x8610 [ 1927.087202] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1927.087627] ? wait_for_completion_io+0x270/0x270 [ 1927.088057] ? rcu_read_lock_any_held+0x75/0xa0 [ 1927.088457] ? vfs_write+0x354/0xb10 [ 1927.088784] ? fput_many+0x2f/0x1a0 [ 1927.089106] ? ksys_write+0x1a9/0x260 [ 1927.089454] ? __ia32_sys_read+0xb0/0xb0 [ 1927.089806] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1927.090255] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1927.090705] do_syscall_64+0x33/0x40 [ 1927.091031] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1927.091474] RIP: 0033:0x7f0159fffb19 [ 1927.091727] FAULT_INJECTION: forcing a failure. [ 1927.091727] name failslab, interval 1, probability 0, space 0, times 0 [ 1927.091798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1927.091813] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1927.095012] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1927.095619] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1927.096231] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1927.096838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1927.097463] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1927.098101] CPU: 0 PID: 9164 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1927.098693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1927.099392] Call Trace: [ 1927.099629] dump_stack+0x107/0x167 [ 1927.099945] should_fail.cold+0x5/0xa [ 1927.100280] ? io_timeout_prep+0x693/0x8b0 [ 1927.100644] ? io_timeout_prep+0x693/0x8b0 [ 1927.101012] should_failslab+0x5/0x20 [ 1927.101365] __kmalloc+0x72/0x390 [ 1927.101665] ? __hrtimer_init+0x12c/0x270 [ 1927.102024] io_timeout_prep+0x693/0x8b0 [ 1927.102378] io_submit_sqes+0x54d8/0x8610 [ 1927.102753] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1927.103179] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1927.103595] ? lock_downgrade+0x6d0/0x6d0 [ 1927.103949] ? find_held_lock+0x2c/0x110 [ 1927.104301] ? io_submit_sqes+0x8610/0x8610 [ 1927.104677] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1927.105096] ? wait_for_completion_io+0x270/0x270 [ 1927.105535] ? rcu_read_lock_any_held+0x75/0xa0 [ 1927.105933] ? vfs_write+0x354/0xb10 [ 1927.106255] ? fput_many+0x2f/0x1a0 [ 1927.106571] ? ksys_write+0x1a9/0x260 [ 1927.106900] ? __ia32_sys_read+0xb0/0xb0 [ 1927.107256] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1927.107706] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1927.108150] do_syscall_64+0x33/0x40 [ 1927.108470] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1927.108907] RIP: 0033:0x7f285a8beb19 [ 1927.109239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1927.110787] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1927.111429] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1927.112026] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1927.112625] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1927.113238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1927.113847] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:54:43 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:54:43 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x100000000000000, 0x0, 0x0) 05:54:43 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:54:43 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r3, 0x0, 0x0, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r4, 0x0, 0x0, 0x0) stat(&(0x7f0000000100)='./file1\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) setresuid(r5, 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r6, 0x0) setresuid(r6, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x1028080, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@afid={'afid', 0x3d, 0x6}}, {@posixacl}, {@dfltuid={'dfltuid', 0x3d, r5}}, {@uname={'uname', 0x3d, '(!!@'}}, {@access_user}, {@aname={'aname', 0x3d, '\x00'}}, {@access_uid={'access', 0x3d, r6}}, {@privport}, {@aname={'aname', 0x3d, '\x00'}}], [{@seclabel}]}}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r7, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:54:43 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) 05:54:43 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) 05:54:43 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 69) 05:54:43 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0) [ 1948.914900] FAULT_INJECTION: forcing a failure. [ 1948.914900] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.915927] CPU: 1 PID: 9180 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1948.916507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.917199] Call Trace: [ 1948.917439] dump_stack+0x107/0x167 [ 1948.917767] should_fail.cold+0x5/0xa [ 1948.918097] ? create_object.isra.0+0x3a/0xa20 [ 1948.918492] should_failslab+0x5/0x20 [ 1948.918821] kmem_cache_alloc+0x5b/0x310 [ 1948.919172] ? mark_held_locks+0x9e/0xe0 [ 1948.919524] create_object.isra.0+0x3a/0xa20 [ 1948.919901] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1948.920339] kmem_cache_alloc_bulk+0x168/0x320 [ 1948.920736] io_submit_sqes+0x6fe6/0x8610 [ 1948.921112] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1948.921560] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1948.921978] ? lock_downgrade+0x6d0/0x6d0 [ 1948.922332] ? find_held_lock+0x2c/0x110 [ 1948.922685] ? io_submit_sqes+0x8610/0x8610 [ 1948.923073] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1948.923489] ? wait_for_completion_io+0x270/0x270 [ 1948.923906] ? rcu_read_lock_any_held+0x75/0xa0 [ 1948.924302] ? vfs_write+0x354/0xb10 [ 1948.924623] ? fput_many+0x2f/0x1a0 [ 1948.924938] ? ksys_write+0x1a9/0x260 [ 1948.925267] ? __ia32_sys_read+0xb0/0xb0 [ 1948.925642] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.926098] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.926545] do_syscall_64+0x33/0x40 [ 1948.926871] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.927313] RIP: 0033:0x7f0159fffb19 [ 1948.927639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.929201] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1948.929854] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1948.930449] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1948.931047] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1948.931644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.932241] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1948.940156] FAULT_INJECTION: forcing a failure. [ 1948.940156] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.941115] CPU: 1 PID: 9178 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1948.941703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.942393] Call Trace: [ 1948.942619] dump_stack+0x107/0x167 [ 1948.942929] should_fail.cold+0x5/0xa [ 1948.943253] ? create_object.isra.0+0x3a/0xa20 [ 1948.943641] should_failslab+0x5/0x20 [ 1948.943966] kmem_cache_alloc+0x5b/0x310 [ 1948.944312] ? mark_held_locks+0x9e/0xe0 [ 1948.944662] create_object.isra.0+0x3a/0xa20 [ 1948.945036] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1948.945481] kmem_cache_alloc_bulk+0x168/0x320 [ 1948.945884] io_submit_sqes+0x6fe6/0x8610 [ 1948.946255] ? percpu_ref_tryget_many+0x13/0x2d0 [ 1948.946664] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1948.947092] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1948.947510] ? lock_downgrade+0x6d0/0x6d0 [ 1948.947865] ? find_held_lock+0x2c/0x110 [ 1948.948218] ? io_submit_sqes+0x8610/0x8610 [ 1948.948595] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1948.949016] ? wait_for_completion_io+0x270/0x270 [ 1948.949441] ? rcu_read_lock_any_held+0x75/0xa0 [ 1948.949844] ? vfs_write+0x354/0xb10 [ 1948.950163] ? fput_many+0x2f/0x1a0 [ 1948.950482] ? ksys_write+0x1a9/0x260 [ 1948.950809] ? __ia32_sys_read+0xb0/0xb0 [ 1948.951166] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.951612] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.952062] do_syscall_64+0x33/0x40 [ 1948.952384] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.952821] RIP: 0033:0x7f3842280b19 [ 1948.953151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.954779] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1948.955464] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1948.956064] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1948.956676] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1948.957284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.957773] FAULT_INJECTION: forcing a failure. [ 1948.957773] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.957900] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1948.959676] CPU: 0 PID: 9186 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1948.960290] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.961020] Call Trace: [ 1948.961259] dump_stack+0x107/0x167 [ 1948.961584] should_fail.cold+0x5/0xa [ 1948.961913] ? create_object.isra.0+0x3a/0xa20 [ 1948.962370] should_failslab+0x5/0x20 [ 1948.962700] kmem_cache_alloc+0x5b/0x310 [ 1948.963128] create_object.isra.0+0x3a/0xa20 [ 1948.963499] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1948.963931] __kmalloc+0x16e/0x390 [ 1948.964281] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1948.964724] io_timeout_prep+0x693/0x8b0 [ 1948.965120] io_submit_sqes+0x54d8/0x8610 [ 1948.965503] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1948.965935] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1948.966397] ? lock_downgrade+0x6d0/0x6d0 [ 1948.966744] ? find_held_lock+0x2c/0x110 [ 1948.967161] ? io_submit_sqes+0x8610/0x8610 [ 1948.967532] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1948.967948] ? wait_for_completion_io+0x270/0x270 [ 1948.968407] ? rcu_read_lock_any_held+0x75/0xa0 [ 1948.968799] ? vfs_write+0x354/0xb10 [ 1948.969162] ? fput_many+0x2f/0x1a0 [ 1948.969487] ? ksys_write+0x1a9/0x260 [ 1948.969874] ? __ia32_sys_read+0xb0/0xb0 [ 1948.970338] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.970877] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.971477] do_syscall_64+0x33/0x40 [ 1948.971855] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.972421] RIP: 0033:0x7f30a2e99b19 [ 1948.972806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.974545] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1948.975229] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1948.975822] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1948.976483] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1948.977125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.977757] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1949.010314] FAULT_INJECTION: forcing a failure. [ 1949.010314] name failslab, interval 1, probability 0, space 0, times 0 [ 1949.011407] CPU: 0 PID: 9174 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1949.012048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1949.012762] Call Trace: [ 1949.013059] dump_stack+0x107/0x167 [ 1949.013394] should_fail.cold+0x5/0xa [ 1949.013775] ? create_object.isra.0+0x3a/0xa20 [ 1949.014227] should_failslab+0x5/0x20 [ 1949.014553] kmem_cache_alloc+0x5b/0x310 [ 1949.014913] create_object.isra.0+0x3a/0xa20 [ 1949.015334] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1949.015762] __kmalloc+0x16e/0x390 [ 1949.016145] io_timeout_prep+0x693/0x8b0 [ 1949.016495] io_submit_sqes+0x54d8/0x8610 [ 1949.016864] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.017334] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.017778] ? lock_downgrade+0x6d0/0x6d0 [ 1949.018176] ? find_held_lock+0x2c/0x110 [ 1949.018527] ? io_submit_sqes+0x8610/0x8610 [ 1949.018898] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1949.019354] ? wait_for_completion_io+0x270/0x270 [ 1949.019763] ? rcu_read_lock_any_held+0x75/0xa0 [ 1949.025697] ? vfs_write+0x354/0xb10 [ 1949.026071] ? fput_many+0x2f/0x1a0 [ 1949.026382] ? ksys_write+0x1a9/0x260 [ 1949.026703] ? __ia32_sys_read+0xb0/0xb0 [ 1949.027097] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1949.027537] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1949.028024] do_syscall_64+0x33/0x40 [ 1949.028348] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1949.028776] RIP: 0033:0x7f285a8beb19 [ 1949.029146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1949.030782] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1949.031474] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1949.032115] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1949.032711] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1949.033361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1949.034047] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:54:43 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 70) [ 1949.291075] FAULT_INJECTION: forcing a failure. [ 1949.291075] name failslab, interval 1, probability 0, space 0, times 0 [ 1949.292163] CPU: 1 PID: 9198 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1949.292742] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1949.293447] Call Trace: [ 1949.293713] dump_stack+0x107/0x167 [ 1949.294025] should_fail.cold+0x5/0xa [ 1949.294352] ? create_object.isra.0+0x3a/0xa20 [ 1949.294749] should_failslab+0x5/0x20 [ 1949.295079] kmem_cache_alloc+0x5b/0x310 [ 1949.295427] ? mark_held_locks+0x9e/0xe0 [ 1949.295780] create_object.isra.0+0x3a/0xa20 [ 1949.296160] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1949.296593] kmem_cache_alloc_bulk+0x168/0x320 [ 1949.296996] io_submit_sqes+0x6fe6/0x8610 [ 1949.297374] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.298291] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.298706] ? lock_downgrade+0x6d0/0x6d0 [ 1949.299058] ? find_held_lock+0x2c/0x110 [ 1949.299409] ? io_submit_sqes+0x8610/0x8610 [ 1949.299782] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1949.300194] ? wait_for_completion_io+0x270/0x270 [ 1949.300605] ? rcu_read_lock_any_held+0x75/0xa0 [ 1949.300999] ? vfs_write+0x354/0xb10 [ 1949.301317] ? fput_many+0x2f/0x1a0 [ 1949.301685] ? ksys_write+0x1a9/0x260 [ 1949.302014] ? __ia32_sys_read+0xb0/0xb0 [ 1949.302365] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1949.302807] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1949.303246] do_syscall_64+0x33/0x40 [ 1949.303564] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1949.304001] RIP: 0033:0x7f0159fffb19 [ 1949.304323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1949.306617] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1949.308413] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1949.309978] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1949.311536] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1949.313090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1949.314654] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:54:43 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:54:43 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000) 05:54:43 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) 05:54:43 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1949.389119] FAULT_INJECTION: forcing a failure. [ 1949.389119] name failslab, interval 1, probability 0, space 0, times 0 [ 1949.391568] CPU: 1 PID: 9204 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1949.392875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1949.394702] Call Trace: [ 1949.395196] dump_stack+0x107/0x167 [ 1949.395874] should_fail.cold+0x5/0xa [ 1949.396587] ? create_object.isra.0+0x3a/0xa20 [ 1949.397448] should_failslab+0x5/0x20 [ 1949.398355] kmem_cache_alloc+0x5b/0x310 [ 1949.399125] ? mark_held_locks+0x9e/0xe0 [ 1949.399907] create_object.isra.0+0x3a/0xa20 [ 1949.400743] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1949.401791] kmem_cache_alloc_bulk+0x168/0x320 [ 1949.402644] io_submit_sqes+0x6fe6/0x8610 [ 1949.403435] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.404386] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.405290] ? lock_downgrade+0x6d0/0x6d0 [ 1949.406262] ? find_held_lock+0x2c/0x110 [ 1949.407062] ? io_submit_sqes+0x8610/0x8610 [ 1949.407884] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1949.408796] ? wait_for_completion_io+0x270/0x270 [ 1949.409590] ? rcu_read_lock_any_held+0x75/0xa0 [ 1949.409985] ? vfs_write+0x354/0xb10 [ 1949.410307] ? fput_many+0x2f/0x1a0 [ 1949.410621] ? ksys_write+0x1a9/0x260 [ 1949.410949] ? __ia32_sys_read+0xb0/0xb0 [ 1949.411302] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1949.411751] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1949.412195] do_syscall_64+0x33/0x40 [ 1949.412514] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1949.412947] RIP: 0033:0x7f3842280b19 [ 1949.413265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1949.417349] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1949.418643] FAULT_INJECTION: forcing a failure. [ 1949.418643] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1949.419123] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1949.419131] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1949.419139] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1949.419147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1949.419154] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1949.424230] CPU: 0 PID: 9207 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1949.424933] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1949.425767] Call Trace: [ 1949.426047] dump_stack+0x107/0x167 [ 1949.426422] should_fail.cold+0x5/0xa [ 1949.426822] _copy_from_user+0x2e/0x1b0 [ 1949.427243] get_timespec64+0x75/0x190 [ 1949.427651] ? put_timespec64+0x130/0x130 [ 1949.428081] ? kasan_unpoison_shadow+0x33/0x50 [ 1949.428536] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1949.429044] io_timeout_prep+0x3c5/0x8b0 [ 1949.429461] io_submit_sqes+0x54d8/0x8610 [ 1949.429841] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.430264] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1949.430679] ? lock_downgrade+0x6d0/0x6d0 [ 1949.431031] ? find_held_lock+0x2c/0x110 [ 1949.431380] ? io_submit_sqes+0x8610/0x8610 [ 1949.431760] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1949.432174] ? wait_for_completion_io+0x270/0x270 [ 1949.432586] ? rcu_read_lock_any_held+0x75/0xa0 [ 1949.432982] ? vfs_write+0x354/0xb10 [ 1949.433300] ? fput_many+0x2f/0x1a0 [ 1949.433625] ? ksys_write+0x1a9/0x260 [ 1949.433952] ? __ia32_sys_read+0xb0/0xb0 [ 1949.434303] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1949.434748] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1949.435188] do_syscall_64+0x33/0x40 [ 1949.435509] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1949.435947] RIP: 0033:0x7f30a2e99b19 [ 1949.436269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1949.437824] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1949.438471] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1949.439072] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1949.439671] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1949.440269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1949.440867] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:54:43 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x2}, 0x14a85, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000180)={0x0, 0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r4, 0x0, 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0xd5) 05:54:43 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000000000000, 0x0, 0x0) 05:54:43 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8, 0x0, 0x0) 05:54:59 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000) 05:54:59 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:54:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 05:54:59 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x800000000000000, 0x0, 0x0) 05:54:59 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 71) 05:54:59 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:54:59 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) 05:54:59 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r5, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MPATH(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x40, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3f, 0x4}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x40800}, 0x10) pread64(r4, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x30, 0x0, 0x55, 0xfc, 0x0, 0x7, 0x1e80, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x769ca881, 0x0, @perf_bp={&(0x7f0000000000), 0x5}, 0x8, 0xffffffff, 0x29adc9ce, 0x3, 0x7, 0x4, 0x5, 0x0, 0xff, 0x0, 0x80}, 0xffffffffffffffff, 0x8, r4, 0x1) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1964.786451] FAULT_INJECTION: forcing a failure. [ 1964.786451] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.787449] CPU: 0 PID: 9232 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1964.788021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.788711] Call Trace: [ 1964.788944] dump_stack+0x107/0x167 [ 1964.789265] should_fail.cold+0x5/0xa [ 1964.789602] ? create_object.isra.0+0x3a/0xa20 [ 1964.790014] should_failslab+0x5/0x20 [ 1964.790342] kmem_cache_alloc+0x5b/0x310 [ 1964.790691] ? mark_held_locks+0x9e/0xe0 [ 1964.791042] create_object.isra.0+0x3a/0xa20 [ 1964.791416] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1964.791853] kmem_cache_alloc_bulk+0x168/0x320 [ 1964.792250] io_submit_sqes+0x6fe6/0x8610 [ 1964.792625] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.793049] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.793462] ? lock_downgrade+0x6d0/0x6d0 [ 1964.793829] ? find_held_lock+0x2c/0x110 [ 1964.794180] ? io_submit_sqes+0x8610/0x8610 [ 1964.794556] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1964.794967] ? wait_for_completion_io+0x270/0x270 [ 1964.795380] ? rcu_read_lock_any_held+0x75/0xa0 [ 1964.795774] ? vfs_write+0x354/0xb10 [ 1964.796091] ? fput_many+0x2f/0x1a0 [ 1964.796403] ? ksys_write+0x1a9/0x260 [ 1964.796728] ? __ia32_sys_read+0xb0/0xb0 [ 1964.797076] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.797522] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.797980] do_syscall_64+0x33/0x40 [ 1964.798306] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.798740] RIP: 0033:0x7f3842280b19 [ 1964.799059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.800599] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1964.801243] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1964.801866] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1964.802468] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.803066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.803665] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1964.811752] FAULT_INJECTION: forcing a failure. [ 1964.811752] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.812719] CPU: 0 PID: 9236 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1964.813289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.813999] Call Trace: [ 1964.814225] dump_stack+0x107/0x167 [ 1964.814536] should_fail.cold+0x5/0xa [ 1964.814861] ? io_timeout_prep+0x693/0x8b0 [ 1964.815221] should_failslab+0x5/0x20 [ 1964.815544] __kmalloc+0x72/0x390 [ 1964.815841] ? __hrtimer_init+0x12c/0x270 [ 1964.816196] io_timeout_prep+0x693/0x8b0 [ 1964.816547] io_submit_sqes+0x54d8/0x8610 [ 1964.816919] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.817340] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.817770] ? lock_downgrade+0x6d0/0x6d0 [ 1964.818120] ? find_held_lock+0x2c/0x110 [ 1964.818470] ? io_submit_sqes+0x8610/0x8610 [ 1964.818843] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1964.819255] ? wait_for_completion_io+0x270/0x270 [ 1964.819666] ? rcu_read_lock_any_held+0x75/0xa0 [ 1964.820058] ? vfs_write+0x354/0xb10 [ 1964.820377] ? fput_many+0x2f/0x1a0 [ 1964.820688] ? ksys_write+0x1a9/0x260 [ 1964.821013] ? __ia32_sys_read+0xb0/0xb0 [ 1964.821362] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.821826] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.822265] do_syscall_64+0x33/0x40 [ 1964.822582] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.823015] RIP: 0033:0x7f30a2e99b19 [ 1964.823332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.824866] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1964.825508] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1964.826150] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1964.826790] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.827428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.828076] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1964.850720] FAULT_INJECTION: forcing a failure. [ 1964.850720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1964.851784] CPU: 0 PID: 9238 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1964.852398] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.853138] Call Trace: [ 1964.853388] dump_stack+0x107/0x167 [ 1964.853739] should_fail.cold+0x5/0xa [ 1964.854102] _copy_from_user+0x2e/0x1b0 [ 1964.854476] get_timespec64+0x75/0x190 [ 1964.854839] ? put_timespec64+0x130/0x130 [ 1964.854890] FAULT_INJECTION: forcing a failure. [ 1964.854890] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.855199] ? kasan_unpoison_shadow+0x33/0x50 [ 1964.855216] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1964.855235] io_timeout_prep+0x3c5/0x8b0 [ 1964.857268] io_submit_sqes+0x54d8/0x8610 [ 1964.857656] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.858087] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.858501] ? lock_downgrade+0x6d0/0x6d0 [ 1964.858853] ? find_held_lock+0x2c/0x110 [ 1964.859207] ? io_submit_sqes+0x8610/0x8610 [ 1964.859581] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1964.859995] ? wait_for_completion_io+0x270/0x270 [ 1964.860405] ? rcu_read_lock_any_held+0x75/0xa0 [ 1964.860798] ? vfs_write+0x354/0xb10 [ 1964.861119] ? fput_many+0x2f/0x1a0 [ 1964.861430] ? ksys_write+0x1a9/0x260 [ 1964.861777] ? __ia32_sys_read+0xb0/0xb0 [ 1964.862130] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.862573] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.863017] do_syscall_64+0x33/0x40 [ 1964.863346] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.863778] RIP: 0033:0x7f285a8beb19 [ 1964.864112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.865666] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1964.866310] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1964.866905] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1964.867504] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.868103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.868698] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1964.869320] CPU: 1 PID: 9241 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1964.873977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.874719] Call Trace: [ 1964.874970] dump_stack+0x107/0x167 [ 1964.875311] should_fail.cold+0x5/0xa [ 1964.875666] ? create_object.isra.0+0x3a/0xa20 [ 1964.876100] should_failslab+0x5/0x20 [ 1964.876452] kmem_cache_alloc+0x5b/0x310 [ 1964.876828] ? mark_held_locks+0x9e/0xe0 [ 1964.877213] create_object.isra.0+0x3a/0xa20 [ 1964.877621] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1964.878089] kmem_cache_alloc_bulk+0x168/0x320 [ 1964.878475] io_submit_sqes+0x6fe6/0x8610 [ 1964.878843] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.879259] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1964.879664] ? lock_downgrade+0x6d0/0x6d0 [ 1964.880011] ? find_held_lock+0x2c/0x110 [ 1964.880357] ? io_submit_sqes+0x8610/0x8610 [ 1964.880727] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1964.881137] ? wait_for_completion_io+0x270/0x270 [ 1964.881541] ? rcu_read_lock_any_held+0x75/0xa0 [ 1964.882019] ? vfs_write+0x354/0xb10 [ 1964.882367] ? fput_many+0x2f/0x1a0 [ 1964.882706] ? ksys_write+0x1a9/0x260 [ 1964.883082] ? __ia32_sys_read+0xb0/0xb0 [ 1964.883460] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.883935] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.884414] do_syscall_64+0x33/0x40 [ 1964.884760] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.885226] RIP: 0033:0x7f0159fffb19 [ 1964.885573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.887241] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1964.887934] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1964.888578] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1964.889221] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.889895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.890532] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 05:54:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0) 05:54:59 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000) 05:54:59 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) 05:54:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0) 05:54:59 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 72) 05:54:59 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47) 05:54:59 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1965.360225] FAULT_INJECTION: forcing a failure. [ 1965.360225] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.361372] CPU: 1 PID: 9266 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1965.362029] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.362770] Call Trace: [ 1965.363025] dump_stack+0x107/0x167 [ 1965.363393] should_fail.cold+0x5/0xa [ 1965.363758] ? create_object.isra.0+0x3a/0xa20 [ 1965.364192] should_failslab+0x5/0x20 [ 1965.364552] kmem_cache_alloc+0x5b/0x310 [ 1965.364960] ? mark_held_locks+0x9e/0xe0 [ 1965.365386] create_object.isra.0+0x3a/0xa20 [ 1965.365839] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.366314] kmem_cache_alloc_bulk+0x168/0x320 [ 1965.366744] io_submit_sqes+0x6fe6/0x8610 [ 1965.367165] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.367623] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.368068] ? lock_downgrade+0x6d0/0x6d0 [ 1965.368449] ? find_held_lock+0x2c/0x110 [ 1965.368830] ? io_submit_sqes+0x8610/0x8610 [ 1965.369239] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.369694] ? wait_for_completion_io+0x270/0x270 [ 1965.370188] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.370621] ? vfs_write+0x354/0xb10 [ 1965.370970] ? fput_many+0x2f/0x1a0 [ 1965.371310] ? ksys_write+0x1a9/0x260 [ 1965.371679] ? __ia32_sys_read+0xb0/0xb0 [ 1965.372088] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.372600] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.373077] do_syscall_64+0x33/0x40 [ 1965.373425] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1965.374043] RIP: 0033:0x7f0159fffb19 [ 1965.374390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.376021] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.376712] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1965.377359] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1965.378011] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.378659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1965.379307] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1965.398466] FAULT_INJECTION: forcing a failure. [ 1965.398466] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.399506] CPU: 1 PID: 9267 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1965.400119] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.400857] Call Trace: [ 1965.401108] dump_stack+0x107/0x167 [ 1965.401448] should_fail.cold+0x5/0xa [ 1965.401469] FAULT_INJECTION: forcing a failure. [ 1965.401469] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.401792] ? create_object.isra.0+0x3a/0xa20 [ 1965.403088] should_failslab+0x5/0x20 [ 1965.403412] kmem_cache_alloc+0x5b/0x310 [ 1965.403761] create_object.isra.0+0x3a/0xa20 [ 1965.404144] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.404573] __kmalloc+0x16e/0x390 [ 1965.404880] io_timeout_prep+0x693/0x8b0 [ 1965.405243] io_submit_sqes+0x54d8/0x8610 [ 1965.405619] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.406072] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.406488] ? lock_downgrade+0x6d0/0x6d0 [ 1965.406837] ? find_held_lock+0x2c/0x110 [ 1965.407198] ? io_submit_sqes+0x8610/0x8610 [ 1965.407571] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.407988] ? wait_for_completion_io+0x270/0x270 [ 1965.408405] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.408797] ? vfs_write+0x354/0xb10 [ 1965.409125] ? fput_many+0x2f/0x1a0 [ 1965.409438] ? ksys_write+0x1a9/0x260 [ 1965.409785] ? __ia32_sys_read+0xb0/0xb0 [ 1965.410147] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.410588] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.411030] do_syscall_64+0x33/0x40 [ 1965.411353] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1965.411783] RIP: 0033:0x7f30a2e99b19 [ 1965.412110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.413639] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.414317] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1965.414912] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1965.415518] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.416123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1965.416718] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1965.417345] CPU: 0 PID: 9268 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1965.418005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.418748] Call Trace: [ 1965.418998] dump_stack+0x107/0x167 [ 1965.419384] should_fail.cold+0x5/0xa [ 1965.419765] ? create_object.isra.0+0x3a/0xa20 [ 1965.420210] should_failslab+0x5/0x20 [ 1965.420545] kmem_cache_alloc+0x5b/0x310 [ 1965.420924] ? mark_held_locks+0x9e/0xe0 [ 1965.421291] create_object.isra.0+0x3a/0xa20 [ 1965.421717] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.422180] kmem_cache_alloc_bulk+0x168/0x320 [ 1965.422614] io_submit_sqes+0x6fe6/0x8610 [ 1965.423031] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.423539] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.424024] ? lock_downgrade+0x6d0/0x6d0 [ 1965.424403] ? find_held_lock+0x2c/0x110 [ 1965.424809] ? io_submit_sqes+0x8610/0x8610 [ 1965.425240] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.425714] ? wait_for_completion_io+0x270/0x270 [ 1965.426160] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.426581] ? vfs_write+0x354/0xb10 [ 1965.426922] ? fput_many+0x2f/0x1a0 [ 1965.427262] ? ksys_write+0x1a9/0x260 [ 1965.427612] ? __ia32_sys_read+0xb0/0xb0 [ 1965.427990] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.428457] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.428931] do_syscall_64+0x33/0x40 [ 1965.429279] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1965.429756] RIP: 0033:0x7f3842280b19 [ 1965.430115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.431735] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.432436] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1965.433082] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1965.433694] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.434333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1965.434980] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:54:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0) 05:54:59 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:54:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000000, 0x0, 0x0) 05:54:59 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)={'#! ', './file0', [{0x20, '\\/*'}, {0x20, '\x00'}, {0x20, '}'}, {0x20, '\x00'}, {0x20, '-#'}], 0xa, "1ff18d07bd33f34dc1d4e8ad40a0d321843827d329446998803ba863a0eacfb89208294afb7f5501e1ccf10f8a2a88781d5cf93a078bb1bb46194c7004954e1634f2313dba4f2a0653df7e29eb6d8ac3bc74e78fbe50c2957e0dc782136f78dcaf84205e02b9e6c05fbecc913bdb2bf88e169d4b0a3fd2e9a07f95bee1989d48b9ee768ffc6f49ef67a96528fd6bf199fc48e6b164c134e3cd181bf8f152d38238ba6b9e9384c5ba9c3fddcada5b7b73ff6c1625c809662cac2fd3cbc8acae373ef60728afe7fe70e8196d6c95e163a68f4a"}, 0xea) [ 1965.612768] FAULT_INJECTION: forcing a failure. [ 1965.612768] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.613867] CPU: 0 PID: 9277 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1965.614486] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.615223] Call Trace: [ 1965.615471] dump_stack+0x107/0x167 [ 1965.615810] should_fail.cold+0x5/0xa [ 1965.616171] should_failslab+0x5/0x20 [ 1965.616525] kmem_cache_alloc_bulk+0x4b/0x320 [ 1965.616946] io_submit_sqes+0x6fe6/0x8610 [ 1965.617347] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.617827] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1965.618277] ? lock_downgrade+0x6d0/0x6d0 [ 1965.618658] ? find_held_lock+0x2c/0x110 [ 1965.619039] ? io_submit_sqes+0x8610/0x8610 [ 1965.619446] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1965.619874] ? wait_for_completion_io+0x270/0x270 [ 1965.620326] ? rcu_read_lock_any_held+0x75/0xa0 [ 1965.620757] ? vfs_write+0x354/0xb10 [ 1965.621110] ? fput_many+0x2f/0x1a0 [ 1965.621450] ? ksys_write+0x1a9/0x260 [ 1965.621823] ? __ia32_sys_read+0xb0/0xb0 [ 1965.622213] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.622696] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.623177] do_syscall_64+0x33/0x40 [ 1965.623526] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1965.623996] RIP: 0033:0x7f285a8beb19 [ 1965.624342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.625991] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1965.626693] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1965.627338] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1965.627992] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1965.628638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1965.629279] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:55:00 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000) 05:55:00 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 73) 05:55:00 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8000000, 0x0, 0x0) 05:55:00 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48) 05:55:00 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1966.184756] FAULT_INJECTION: forcing a failure. [ 1966.184756] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.186236] CPU: 0 PID: 9295 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1966.186994] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.187963] Call Trace: [ 1966.188296] dump_stack+0x107/0x167 [ 1966.188742] should_fail.cold+0x5/0xa [ 1966.189413] should_failslab+0x5/0x20 [ 1966.190328] kmem_cache_alloc_bulk+0x4b/0x320 [ 1966.191504] io_submit_sqes+0x6fe6/0x8610 [ 1966.192611] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1966.193883] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1966.195124] ? lock_downgrade+0x6d0/0x6d0 [ 1966.196195] ? find_held_lock+0x2c/0x110 [ 1966.196551] FAULT_INJECTION: forcing a failure. [ 1966.196551] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.197135] ? io_submit_sqes+0x8610/0x8610 [ 1966.197160] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1966.197178] ? wait_for_completion_io+0x270/0x270 [ 1966.201451] ? rcu_read_lock_any_held+0x75/0xa0 [ 1966.202520] ? vfs_write+0x354/0xb10 [ 1966.203371] ? fput_many+0x2f/0x1a0 [ 1966.204210] ? ksys_write+0x1a9/0x260 [ 1966.205067] ? __ia32_sys_read+0xb0/0xb0 [ 1966.205983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1966.207194] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.208364] do_syscall_64+0x33/0x40 [ 1966.209211] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1966.210384] RIP: 0033:0x7f0159fffb19 [ 1966.211231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.215424] RSP: 002b:00007f0157575188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1966.217155] RAX: ffffffffffffffda RBX: 00007f015a112f60 RCX: 00007f0159fffb19 [ 1966.218480] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1966.219765] RBP: 00007f01575751d0 R08: 0000000000000000 R09: 0000000000000000 [ 1966.221058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1966.222368] R13: 00007ffc4f57c14f R14: 00007f0157575300 R15: 0000000000022000 [ 1966.223675] CPU: 1 PID: 9298 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1966.224414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.225298] Call Trace: [ 1966.225590] dump_stack+0x107/0x167 [ 1966.225954] should_fail.cold+0x5/0xa [ 1966.226306] ? io_timeout_prep+0x693/0x8b0 [ 1966.226694] should_failslab+0x5/0x20 [ 1966.227043] __kmalloc+0x72/0x390 [ 1966.227363] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1966.227835] io_timeout_prep+0x693/0x8b0 [ 1966.228214] io_submit_sqes+0x54d8/0x8610 [ 1966.228626] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1966.229075] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1966.229521] ? lock_downgrade+0x6d0/0x6d0 [ 1966.229960] ? find_held_lock+0x2c/0x110 [ 1966.230344] ? io_submit_sqes+0x8610/0x8610 [ 1966.230754] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1966.231200] ? wait_for_completion_io+0x270/0x270 [ 1966.231643] ? rcu_read_lock_any_held+0x75/0xa0 [ 1966.232061] ? vfs_write+0x354/0xb10 [ 1966.232405] ? fput_many+0x2f/0x1a0 [ 1966.232730] ? ksys_write+0x1a9/0x260 [ 1966.233086] ? __ia32_sys_read+0xb0/0xb0 [ 1966.233466] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1966.233980] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.234544] do_syscall_64+0x33/0x40 [ 1966.234955] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1966.235508] RIP: 0033:0x7f30a2e99b19 [ 1966.235916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.237879] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1966.238560] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1966.239199] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1966.239840] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1966.240481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1966.241123] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1966.245266] FAULT_INJECTION: forcing a failure. [ 1966.245266] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.246293] CPU: 1 PID: 9297 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1966.246903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.247634] Call Trace: [ 1966.247885] dump_stack+0x107/0x167 [ 1966.248216] should_fail.cold+0x5/0xa [ 1966.248570] ? create_object.isra.0+0x3a/0xa20 [ 1966.248987] ? create_object.isra.0+0x3a/0xa20 [ 1966.249408] should_failslab+0x5/0x20 [ 1966.249776] kmem_cache_alloc+0x5b/0x310 [ 1966.250156] ? mark_held_locks+0x9e/0xe0 [ 1966.250535] create_object.isra.0+0x3a/0xa20 [ 1966.250939] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1966.251409] kmem_cache_alloc_bulk+0x168/0x320 [ 1966.251834] io_submit_sqes+0x6fe6/0x8610 [ 1966.252240] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1966.257919] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1966.258367] ? lock_downgrade+0x6d0/0x6d0 [ 1966.258743] ? find_held_lock+0x2c/0x110 [ 1966.259122] ? io_submit_sqes+0x8610/0x8610 [ 1966.259528] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1966.259975] ? wait_for_completion_io+0x270/0x270 [ 1966.260378] ? rcu_read_lock_any_held+0x75/0xa0 [ 1966.260792] ? vfs_write+0x354/0xb10 [ 1966.261139] ? fput_many+0x2f/0x1a0 [ 1966.261480] ? ksys_write+0x1a9/0x260 [ 1966.261856] ? __ia32_sys_read+0xb0/0xb0 [ 1966.262237] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1966.262718] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.263195] do_syscall_64+0x33/0x40 [ 1966.263542] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1966.264009] RIP: 0033:0x7f3842280b19 [ 1966.264355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.266024] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1966.266715] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1966.267362] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1966.268009] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1966.268656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1966.269303] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:55:14 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4) 05:55:14 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:55:14 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49) 05:55:14 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8000000) 05:55:14 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x4) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:55:14 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:55:14 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 05:55:14 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 74) [ 1980.252090] FAULT_INJECTION: forcing a failure. [ 1980.252090] name failslab, interval 1, probability 0, space 0, times 0 [ 1980.253122] CPU: 1 PID: 9322 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1980.253694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1980.254402] Call Trace: [ 1980.254634] dump_stack+0x107/0x167 [ 1980.254947] should_fail.cold+0x5/0xa [ 1980.255276] ? io_timeout_prep+0x693/0x8b0 [ 1980.255640] should_failslab+0x5/0x20 [ 1980.255966] __kmalloc+0x72/0x390 [ 1980.256265] ? __hrtimer_init+0x12c/0x270 [ 1980.256622] io_timeout_prep+0x693/0x8b0 [ 1980.256980] io_submit_sqes+0x54d8/0x8610 [ 1980.257356] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.257779] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.258219] ? lock_downgrade+0x6d0/0x6d0 [ 1980.258573] ? find_held_lock+0x2c/0x110 [ 1980.258920] ? io_submit_sqes+0x8610/0x8610 [ 1980.259291] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1980.259706] ? wait_for_completion_io+0x270/0x270 [ 1980.260115] ? rcu_read_lock_any_held+0x75/0xa0 [ 1980.260506] ? vfs_write+0x354/0xb10 [ 1980.260822] ? fput_many+0x2f/0x1a0 [ 1980.261131] ? ksys_write+0x1a9/0x260 [ 1980.261454] ? __ia32_sys_read+0xb0/0xb0 [ 1980.261801] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1980.262255] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1980.262693] do_syscall_64+0x33/0x40 [ 1980.263009] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1980.263438] RIP: 0033:0x7f30a2e99b19 [ 1980.263754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1980.265281] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1980.265921] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1980.266527] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1980.267124] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1980.267719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1980.268316] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 1980.270092] FAULT_INJECTION: forcing a failure. [ 1980.270092] name failslab, interval 1, probability 0, space 0, times 0 [ 1980.271056] CPU: 1 PID: 9320 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1980.271627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1980.272317] Call Trace: [ 1980.272544] dump_stack+0x107/0x167 [ 1980.272860] should_fail.cold+0x5/0xa [ 1980.273185] ? create_object.isra.0+0x3a/0xa20 [ 1980.273573] should_failslab+0x5/0x20 [ 1980.273897] kmem_cache_alloc+0x5b/0x310 [ 1980.274272] create_object.isra.0+0x3a/0xa20 [ 1980.274648] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1980.275082] kmem_cache_alloc_bulk+0x168/0x320 [ 1980.275473] io_submit_sqes+0x6fe6/0x8610 [ 1980.275851] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.276275] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.276687] ? lock_downgrade+0x6d0/0x6d0 [ 1980.277038] ? find_held_lock+0x2c/0x110 [ 1980.277389] ? io_submit_sqes+0x8610/0x8610 [ 1980.277762] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1980.278191] ? wait_for_completion_io+0x270/0x270 [ 1980.278607] ? rcu_read_lock_any_held+0x75/0xa0 [ 1980.279002] ? vfs_write+0x354/0xb10 [ 1980.279321] ? fput_many+0x2f/0x1a0 [ 1980.279634] ? ksys_write+0x1a9/0x260 [ 1980.279966] ? __ia32_sys_read+0xb0/0xb0 [ 1980.280316] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1980.280761] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1980.281203] do_syscall_64+0x33/0x40 [ 1980.281521] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1980.281962] RIP: 0033:0x7f285a8beb19 [ 1980.282296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1980.283842] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1980.284488] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1980.285091] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1980.285691] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1980.286313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1980.286924] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1980.300862] FAULT_INJECTION: forcing a failure. [ 1980.300862] name failslab, interval 1, probability 0, space 0, times 0 [ 1980.302093] CPU: 0 PID: 9321 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1980.302714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1980.303448] Call Trace: [ 1980.303711] dump_stack+0x107/0x167 [ 1980.304071] should_fail.cold+0x5/0xa [ 1980.304443] ? create_object.isra.0+0x3a/0xa20 [ 1980.304842] should_failslab+0x5/0x20 [ 1980.305179] kmem_cache_alloc+0x5b/0x310 [ 1980.305537] create_object.isra.0+0x3a/0xa20 [ 1980.305911] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1980.306371] __kmalloc+0x16e/0x390 [ 1980.306678] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1980.307129] io_timeout_prep+0x693/0x8b0 [ 1980.307483] io_submit_sqes+0x54d8/0x8610 [ 1980.307858] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.308291] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.308709] ? lock_downgrade+0x6d0/0x6d0 [ 1980.309067] ? find_held_lock+0x2c/0x110 [ 1980.309421] ? io_submit_sqes+0x8610/0x8610 [ 1980.309801] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1980.310254] ? wait_for_completion_io+0x270/0x270 [ 1980.310666] ? rcu_read_lock_any_held+0x75/0xa0 [ 1980.311062] ? vfs_write+0x354/0xb10 [ 1980.311386] ? fput_many+0x2f/0x1a0 [ 1980.311696] ? ksys_write+0x1a9/0x260 [ 1980.312026] ? __ia32_sys_read+0xb0/0xb0 [ 1980.312385] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1980.312834] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1980.313280] do_syscall_64+0x33/0x40 [ 1980.313606] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1980.314043] RIP: 0033:0x7f3842280b19 [ 1980.314380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1980.315938] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1980.316582] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1980.317197] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1980.317804] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1980.318428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1980.319035] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:55:14 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r0, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) renameat2(r3, &(0x7f0000000300)='./file0\x00', r3, &(0x7f0000000340)='./file0\x00', 0x2) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) r8 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000280), 0x200001, 0x0) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r9, 0x0, 0x0, 0x0) fcntl$dupfd(r8, 0x406, r9) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000380)=ANY=[@ANYBLOB="0100001800000000000000002db50a49bbf23d10a4802faacd28d813d7bd0d5cf96b0301da84c2a2851a225ce0a92d3f251e894ff8c785cb980f3a7949d17c6ff7707603541f7ebfc9326d5dece9f1b1c588a9a497f72b727fe73f2d14d6276fbc0df5434360927cd6a7059b2bb5cf24d2197f0d1f66c0419e7fd2e6e168acab954a3d41e5bc9f9df9a3589e97e5335ba4ee8675d88ada415d6616ce4be7c1b8afe1a82a0cf89bc6b4d463658ee4d00c108d6bf867ffb853e3b9eec5a4bbb2b7d8", @ANYRES32=r3, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00./file0\x00']) syz_io_uring_submit(r5, r7, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x1, 0x0, r10, 0x80, &(0x7f0000000180)=@generic={0x11, "ef79f3bfb611e9cfb25ef1fb113baa2526311af15da32e8278c85c42a1f2932214cfa48ecb34dac06a2b661611ce173c0a71fe1d3ad3a0a21164f7896082c5646160f60c5975caf2539085548061d2ba2ce5dd138ba1e12de6b884f26b27534d72c80aaf2e147bd1bd56361cff17daa5f510822e0c57108f0db956ef73f4"}, 0x0, 0x0, 0x1}, 0x6fec) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:55:14 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:55:14 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0) 05:55:14 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1995.516515] FAULT_INJECTION: forcing a failure. [ 1995.516515] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.517562] CPU: 1 PID: 9353 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1995.518137] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.518849] Call Trace: [ 1995.519084] dump_stack+0x107/0x167 [ 1995.519402] should_fail.cold+0x5/0xa [ 1995.519740] ? create_object.isra.0+0x3a/0xa20 [ 1995.520138] should_failslab+0x5/0x20 [ 1995.520469] kmem_cache_alloc+0x5b/0x310 [ 1995.520820] ? mark_held_locks+0x9e/0xe0 [ 1995.521173] create_object.isra.0+0x3a/0xa20 [ 1995.521551] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.521992] kmem_cache_alloc_bulk+0x168/0x320 05:55:29 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x100000000000000, 0x0, 0x0) 05:55:29 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:55:29 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000) 05:55:29 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8) 05:55:29 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 1995.522388] io_submit_sqes+0x6fe6/0x8610 [ 1995.522783] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.523212] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.523630] ? lock_downgrade+0x6d0/0x6d0 [ 1995.523987] ? find_held_lock+0x2c/0x110 [ 1995.524341] ? io_submit_sqes+0x8610/0x8610 05:55:29 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50) 05:55:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6032, &(0x7f0000000240)={0x0, 0x5725, 0x20, 0x1, 0x17f}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000300)=0x0, &(0x7f0000000340)) syz_io_uring_submit(r0, 0x0, &(0x7f0000000380)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x6) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r6, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r5, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x5, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x7) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r7, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:55:29 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 1995.524721] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1995.534745] ? wait_for_completion_io+0x270/0x270 [ 1995.535156] ? rcu_read_lock_any_held+0x75/0xa0 [ 1995.535545] ? vfs_write+0x354/0xb10 [ 1995.535861] ? fput_many+0x2f/0x1a0 [ 1995.536170] ? ksys_write+0x1a9/0x260 [ 1995.536493] ? __ia32_sys_read+0xb0/0xb0 [ 1995.536505] FAULT_INJECTION: forcing a failure. [ 1995.536505] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1995.537784] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.538225] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.542685] do_syscall_64+0x33/0x40 [ 1995.543003] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.543433] RIP: 0033:0x7f285a8beb19 [ 1995.543755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.545283] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1995.545924] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1995.546522] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1995.547141] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1995.547738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1995.548334] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1995.548954] CPU: 0 PID: 9357 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1995.549552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.550259] Call Trace: [ 1995.550489] dump_stack+0x107/0x167 [ 1995.550824] should_fail.cold+0x5/0xa [ 1995.551158] _copy_from_user+0x2e/0x1b0 [ 1995.551508] get_timespec64+0x75/0x190 [ 1995.551843] ? put_timespec64+0x130/0x130 [ 1995.552205] ? kasan_unpoison_shadow+0x33/0x50 [ 1995.552598] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.553036] io_timeout_prep+0x3c5/0x8b0 [ 1995.553392] io_submit_sqes+0x54d8/0x8610 [ 1995.553771] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.554199] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.554626] ? lock_downgrade+0x6d0/0x6d0 [ 1995.554990] ? find_held_lock+0x2c/0x110 [ 1995.555347] ? io_submit_sqes+0x8610/0x8610 [ 1995.555724] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1995.556140] ? wait_for_completion_io+0x270/0x270 [ 1995.556554] ? rcu_read_lock_any_held+0x75/0xa0 [ 1995.556954] ? vfs_write+0x354/0xb10 [ 1995.557276] ? fput_many+0x2f/0x1a0 [ 1995.557591] ? ksys_write+0x1a9/0x260 [ 1995.557920] ? __ia32_sys_read+0xb0/0xb0 [ 1995.558274] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.558742] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.559187] do_syscall_64+0x33/0x40 [ 1995.559509] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.559945] RIP: 0033:0x7f3842280b19 [ 1995.560267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.561821] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1995.562471] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1995.563098] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1995.563699] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1995.564300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1995.564901] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 1995.612536] FAULT_INJECTION: forcing a failure. [ 1995.612536] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.613612] CPU: 1 PID: 9366 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1995.614185] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.615481] Call Trace: [ 1995.615971] dump_stack+0x107/0x167 [ 1995.616640] should_fail.cold+0x5/0xa [ 1995.617342] ? create_object.isra.0+0x3a/0xa20 [ 1995.618188] should_failslab+0x5/0x20 [ 1995.618752] kmem_cache_alloc+0x5b/0x310 [ 1995.619104] create_object.isra.0+0x3a/0xa20 [ 1995.619478] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.619910] __kmalloc+0x16e/0x390 [ 1995.620220] io_timeout_prep+0x693/0x8b0 [ 1995.620570] io_submit_sqes+0x54d8/0x8610 [ 1995.620944] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.621365] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.621785] ? io_submit_sqes+0x8610/0x8610 [ 1995.622156] ? recalibrate_cpu_khz+0x10/0x10 [ 1995.622529] ? ktime_get+0x158/0x1f0 [ 1995.623383] ? setup_APIC_eilvt+0x2f0/0x2f0 [ 1995.624376] ? clockevents_program_event+0x131/0x360 [ 1995.625554] ? tick_program_event+0xa8/0x140 [ 1995.626589] ? hrtimer_interrupt+0x771/0x9b0 [ 1995.627632] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.628624] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.629595] do_syscall_64+0x33/0x40 [ 1995.630291] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.630907] RIP: 0033:0x7f30a2e99b19 [ 1995.631227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.632767] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1995.633414] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1995.634015] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1995.634645] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1995.636306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1995.637653] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:55:30 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000) 05:55:30 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:55:30 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51) 05:55:30 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) [ 1995.966797] FAULT_INJECTION: forcing a failure. [ 1995.966797] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.968063] CPU: 1 PID: 9377 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 1995.968637] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.969330] Call Trace: [ 1995.969565] dump_stack+0x107/0x167 [ 1995.969878] should_fail.cold+0x5/0xa [ 1995.970209] ? create_object.isra.0+0x3a/0xa20 [ 1995.970609] should_failslab+0x5/0x20 [ 1995.970950] kmem_cache_alloc+0x5b/0x310 [ 1995.971301] ? mark_held_locks+0x9e/0xe0 [ 1995.971652] create_object.isra.0+0x3a/0xa20 [ 1995.972029] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.972468] kmem_cache_alloc_bulk+0x168/0x320 [ 1995.972867] io_submit_sqes+0x6fe6/0x8610 [ 1995.973242] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.973668] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.974082] ? lock_downgrade+0x6d0/0x6d0 [ 1995.974434] ? find_held_lock+0x2c/0x110 [ 1995.974809] ? io_submit_sqes+0x8610/0x8610 [ 1995.975189] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1995.975605] ? wait_for_completion_io+0x270/0x270 [ 1995.976022] ? rcu_read_lock_any_held+0x75/0xa0 [ 1995.976418] ? vfs_write+0x354/0xb10 [ 1995.976739] ? fput_many+0x2f/0x1a0 [ 1995.977054] ? ksys_write+0x1a9/0x260 [ 1995.977380] ? __ia32_sys_read+0xb0/0xb0 [ 1995.977733] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.978180] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.978629] do_syscall_64+0x33/0x40 [ 1995.978961] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.979398] RIP: 0033:0x7f285a8beb19 [ 1995.979718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.981267] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1995.981915] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 1995.982517] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 1995.983140] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 1995.983743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1995.984346] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 1995.986632] FAULT_INJECTION: forcing a failure. [ 1995.986632] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1995.987644] CPU: 0 PID: 9379 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 1995.988223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.988923] Call Trace: [ 1995.989150] dump_stack+0x107/0x167 [ 1995.989461] should_fail.cold+0x5/0xa [ 1995.989796] _copy_from_user+0x2e/0x1b0 [ 1995.990145] get_timespec64+0x75/0x190 [ 1995.990482] ? put_timespec64+0x130/0x130 [ 1995.990858] ? kasan_unpoison_shadow+0x33/0x50 [ 1995.991253] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.991690] io_timeout_prep+0x3c5/0x8b0 [ 1995.992046] io_submit_sqes+0x54d8/0x8610 [ 1995.992434] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.992862] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1995.993278] ? lock_downgrade+0x6d0/0x6d0 [ 1995.993633] ? find_held_lock+0x2c/0x110 [ 1995.993986] ? io_submit_sqes+0x8610/0x8610 [ 1995.994365] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1995.994796] ? wait_for_completion_io+0x270/0x270 [ 1995.995221] ? rcu_read_lock_any_held+0x75/0xa0 [ 1995.995628] ? vfs_write+0x354/0xb10 [ 1995.995958] ? fput_many+0x2f/0x1a0 [ 1995.996286] ? ksys_write+0x1a9/0x260 [ 1995.996625] ? __ia32_sys_read+0xb0/0xb0 [ 1995.996987] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.997431] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.997869] do_syscall_64+0x33/0x40 [ 1995.998184] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.998627] RIP: 0033:0x7f30a2e99b19 [ 1995.998954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1996.000488] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1996.001129] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 1996.001729] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 05:55:30 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4, 0x0, 0x0, 0x0) [ 1996.002326] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1996.002936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1996.003536] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:55:30 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000000000000, 0x0, 0x0) 05:55:30 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 1996.082770] FAULT_INJECTION: forcing a failure. [ 1996.082770] name failslab, interval 1, probability 0, space 0, times 0 [ 1996.083828] CPU: 0 PID: 9389 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 1996.084401] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1996.085097] Call Trace: [ 1996.085330] dump_stack+0x107/0x167 [ 1996.085643] should_fail.cold+0x5/0xa [ 1996.085971] ? create_object.isra.0+0x3a/0xa20 [ 1996.086362] should_failslab+0x5/0x20 [ 1996.086712] kmem_cache_alloc+0x5b/0x310 [ 1996.087070] ? mark_held_locks+0x9e/0xe0 [ 1996.087429] create_object.isra.0+0x3a/0xa20 [ 1996.087812] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1996.088248] kmem_cache_alloc_bulk+0x168/0x320 [ 1996.088642] io_submit_sqes+0x6fe6/0x8610 [ 1996.089015] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1996.089437] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1996.089847] ? lock_downgrade+0x6d0/0x6d0 [ 1996.090201] ? find_held_lock+0x2c/0x110 [ 1996.090551] ? io_submit_sqes+0x8610/0x8610 [ 1996.090946] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1996.091363] ? wait_for_completion_io+0x270/0x270 [ 1996.091777] ? rcu_read_lock_any_held+0x75/0xa0 [ 1996.092172] ? vfs_write+0x354/0xb10 [ 1996.092491] ? fput_many+0x2f/0x1a0 [ 1996.092804] ? ksys_write+0x1a9/0x260 [ 1996.093129] ? __ia32_sys_read+0xb0/0xb0 [ 1996.093480] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1996.093924] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1996.094364] do_syscall_64+0x33/0x40 [ 1996.094699] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1996.095135] RIP: 0033:0x7f3842280b19 [ 1996.095455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1996.096985] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1996.097628] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 1996.098226] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1996.098843] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 1996.099446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1996.100048] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:55:44 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x4, 0x0, 0x8, 0x0, 0x0, 0x4308, 0x44020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x8}, 0x0, 0x3, 0x0, 0x8}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x1) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000240)=@abs, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000300)=""/192, 0xc0}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x3, &(0x7f0000001580)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd0}, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4d, 0x8, 0x1f, 0x2, 0x0, 0x9, 0x40000, 0xc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x5, 0x6}, 0x2042, 0x7ff, 0x0, 0x4, 0x5, 0x2, 0x7, 0x0, 0x9, 0x0, 0x111d}, 0x0, 0xd, r3, 0x1) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf, 0x12, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x1642, 0x64b4, 0x1, &(0x7f0000000000)={[0x1]}, 0x8) 05:55:44 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:55:44 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8, 0x0, 0x0, 0x0) 05:55:44 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x100000000000000) 05:55:44 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52) 05:55:44 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000) 05:55:44 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:55:44 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x800000000000000, 0x0, 0x0) [ 2010.192407] FAULT_INJECTION: forcing a failure. [ 2010.192407] name failslab, interval 1, probability 0, space 0, times 0 [ 2010.193458] CPU: 1 PID: 9417 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2010.194027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2010.194716] Call Trace: [ 2010.194948] dump_stack+0x107/0x167 [ 2010.195278] should_fail.cold+0x5/0xa [ 2010.195606] ? create_object.isra.0+0x3a/0xa20 [ 2010.195997] should_failslab+0x5/0x20 [ 2010.196325] kmem_cache_alloc+0x5b/0x310 [ 2010.196673] ? mark_held_locks+0x9e/0xe0 [ 2010.197023] create_object.isra.0+0x3a/0xa20 [ 2010.197399] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2010.197848] kmem_cache_alloc_bulk+0x168/0x320 [ 2010.198256] io_submit_sqes+0x6fe6/0x8610 [ 2010.198646] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.199090] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.199508] ? lock_downgrade+0x6d0/0x6d0 [ 2010.199859] ? find_held_lock+0x2c/0x110 [ 2010.200211] ? io_submit_sqes+0x8610/0x8610 [ 2010.200588] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2010.201003] ? wait_for_completion_io+0x270/0x270 [ 2010.201419] ? rcu_read_lock_any_held+0x75/0xa0 [ 2010.201814] ? vfs_write+0x354/0xb10 [ 2010.202135] ? fput_many+0x2f/0x1a0 [ 2010.202454] ? ksys_write+0x1a9/0x260 [ 2010.202779] ? __ia32_sys_read+0xb0/0xb0 [ 2010.203143] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2010.203592] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2010.204031] do_syscall_64+0x33/0x40 [ 2010.204348] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2010.204781] RIP: 0033:0x7f285a8beb19 [ 2010.205101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2010.206657] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2010.207334] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2010.207943] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2010.208549] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2010.209158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2010.209770] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 2010.217460] FAULT_INJECTION: forcing a failure. [ 2010.217460] name failslab, interval 1, probability 0, space 0, times 0 [ 2010.218531] CPU: 0 PID: 9418 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2010.219198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2010.219927] Call Trace: [ 2010.220161] dump_stack+0x107/0x167 [ 2010.220471] should_fail.cold+0x5/0xa [ 2010.220840] ? io_timeout_prep+0x693/0x8b0 [ 2010.221203] should_failslab+0x5/0x20 [ 2010.221525] __kmalloc+0x72/0x390 [ 2010.221865] ? __hrtimer_init+0x12c/0x270 [ 2010.222218] io_timeout_prep+0x693/0x8b0 [ 2010.222566] io_submit_sqes+0x54d8/0x8610 [ 2010.223006] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.223463] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.223917] ? lock_downgrade+0x6d0/0x6d0 [ 2010.224270] ? find_held_lock+0x2c/0x110 [ 2010.224659] ? io_submit_sqes+0x8610/0x8610 [ 2010.225034] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2010.225443] ? wait_for_completion_io+0x270/0x270 [ 2010.225894] ? rcu_read_lock_any_held+0x75/0xa0 [ 2010.226299] ? vfs_write+0x354/0xb10 [ 2010.226686] ? fput_many+0x2f/0x1a0 [ 2010.226998] ? ksys_write+0x1a9/0x260 [ 2010.227336] ? __ia32_sys_read+0xb0/0xb0 [ 2010.227751] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2010.228193] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2010.228673] do_syscall_64+0x33/0x40 [ 2010.228992] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2010.229419] RIP: 0033:0x7f30a2e99b19 [ 2010.229778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2010.231378] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2010.232055] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2010.232713] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2010.233307] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2010.233949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2010.234540] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 2010.240237] FAULT_INJECTION: forcing a failure. [ 2010.240237] name failslab, interval 1, probability 0, space 0, times 0 [ 2010.241253] CPU: 0 PID: 9419 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2010.241862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2010.242547] Call Trace: [ 2010.242814] dump_stack+0x107/0x167 [ 2010.243160] should_fail.cold+0x5/0xa [ 2010.243483] ? create_object.isra.0+0x3a/0xa20 [ 2010.243918] should_failslab+0x5/0x20 [ 2010.244243] kmem_cache_alloc+0x5b/0x310 [ 2010.244589] create_object.isra.0+0x3a/0xa20 [ 2010.245004] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2010.245436] __kmalloc+0x16e/0x390 [ 2010.245816] io_timeout_prep+0x693/0x8b0 [ 2010.246169] io_submit_sqes+0x54d8/0x8610 [ 2010.246540] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.247002] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.247446] ? lock_downgrade+0x6d0/0x6d0 [ 2010.247836] ? find_held_lock+0x2c/0x110 [ 2010.248184] ? io_submit_sqes+0x8610/0x8610 [ 2010.248554] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2010.249013] ? wait_for_completion_io+0x270/0x270 [ 2010.249430] ? rcu_read_lock_any_held+0x75/0xa0 [ 2010.249887] ? vfs_write+0x354/0xb10 [ 2010.250211] ? fput_many+0x2f/0x1a0 [ 2010.250520] ? ksys_write+0x1a9/0x260 [ 2010.250893] ? __ia32_sys_read+0xb0/0xb0 [ 2010.251279] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2010.251770] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2010.252206] do_syscall_64+0x33/0x40 [ 2010.252525] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2010.252997] RIP: 0033:0x7f3842280b19 [ 2010.253312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2010.254927] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2010.255639] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2010.256239] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2010.260718] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2010.261311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2010.261945] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:55:44 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:55:44 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000000000000) 05:55:44 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000) 05:55:44 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:55:44 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53) [ 2010.682706] FAULT_INJECTION: forcing a failure. [ 2010.682706] name failslab, interval 1, probability 0, space 0, times 0 05:55:45 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 2010.685571] CPU: 1 PID: 9435 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2010.690724] FAULT_INJECTION: forcing a failure. [ 2010.690724] name failslab, interval 1, probability 0, space 0, times 0 [ 2010.691223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2010.691228] Call Trace: [ 2010.691248] dump_stack+0x107/0x167 [ 2010.691262] should_fail.cold+0x5/0xa [ 2010.691278] ? create_object.isra.0+0x3a/0xa20 [ 2010.691301] should_failslab+0x5/0x20 [ 2010.698668] kmem_cache_alloc+0x5b/0x310 [ 2010.699065] ? mark_held_locks+0x9e/0xe0 [ 2010.699467] create_object.isra.0+0x3a/0xa20 [ 2010.699886] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2010.700382] kmem_cache_alloc_bulk+0x168/0x320 [ 2010.700824] io_submit_sqes+0x6fe6/0x8610 [ 2010.701241] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.701705] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.702187] ? lock_downgrade+0x6d0/0x6d0 [ 2010.702595] ? find_held_lock+0x2c/0x110 [ 2010.702987] ? io_submit_sqes+0x8610/0x8610 [ 2010.703412] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2010.703877] ? wait_for_completion_io+0x270/0x270 [ 2010.704339] ? rcu_read_lock_any_held+0x75/0xa0 [ 2010.704772] ? vfs_write+0x354/0xb10 [ 2010.705134] ? fput_many+0x2f/0x1a0 [ 2010.705481] ? ksys_write+0x1a9/0x260 [ 2010.705837] ? __ia32_sys_read+0xb0/0xb0 [ 2010.706261] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2010.706777] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2010.707280] do_syscall_64+0x33/0x40 [ 2010.707638] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2010.708124] RIP: 0033:0x7f285a8beb19 [ 2010.708475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2010.710196] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2010.710921] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2010.711749] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2010.712430] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2010.713195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2010.714057] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 2010.714842] CPU: 0 PID: 9437 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2010.716430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2010.718331] Call Trace: [ 2010.718956] dump_stack+0x107/0x167 [ 2010.719835] should_fail.cold+0x5/0xa [ 2010.720711] ? create_object.isra.0+0x3a/0xa20 [ 2010.721769] should_failslab+0x5/0x20 [ 2010.722636] kmem_cache_alloc+0x5b/0x310 [ 2010.723562] create_object.isra.0+0x3a/0xa20 [ 2010.724566] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2010.725848] __kmalloc+0x16e/0x390 [ 2010.726668] io_timeout_prep+0x693/0x8b0 [ 2010.727577] io_submit_sqes+0x54d8/0x8610 [ 2010.728550] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.729758] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.730860] ? lock_downgrade+0x6d0/0x6d0 [ 2010.731859] ? find_held_lock+0x2c/0x110 [ 2010.732825] ? io_submit_sqes+0x8610/0x8610 [ 2010.733835] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2010.734933] ? wait_for_completion_io+0x270/0x270 [ 2010.735408] ? rcu_read_lock_any_held+0x75/0xa0 [ 2010.735842] ? vfs_write+0x354/0xb10 [ 2010.736161] ? fput_many+0x2f/0x1a0 [ 2010.736467] ? ksys_write+0x1a9/0x260 [ 2010.736857] ? __ia32_sys_read+0xb0/0xb0 [ 2010.737205] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2010.737694] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2010.738129] do_syscall_64+0x33/0x40 [ 2010.738446] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2010.738921] RIP: 0033:0x7f30a2e99b19 [ 2010.739300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2010.740924] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2010.741563] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2010.742204] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2010.742842] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2010.744180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2010.745458] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:55:45 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) [ 2010.820353] FAULT_INJECTION: forcing a failure. [ 2010.820353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2010.821692] CPU: 1 PID: 9442 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2010.822280] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2010.823023] Call Trace: [ 2010.823277] dump_stack+0x107/0x167 [ 2010.823650] should_fail.cold+0x5/0xa [ 2010.823984] _copy_from_user+0x2e/0x1b0 [ 2010.824328] get_timespec64+0x75/0x190 05:55:45 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000000000000) [ 2010.824713] ? put_timespec64+0x130/0x130 [ 2010.825906] ? kasan_unpoison_shadow+0x33/0x50 [ 2010.826379] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2010.826958] io_timeout_prep+0x3c5/0x8b0 [ 2010.827935] io_submit_sqes+0x54d8/0x8610 [ 2010.828381] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.828940] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2010.829440] ? lock_downgrade+0x6d0/0x6d0 [ 2010.829941] ? find_held_lock+0x2c/0x110 [ 2010.830365] ? io_submit_sqes+0x8610/0x8610 [ 2010.830866] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2010.831355] ? wait_for_completion_io+0x270/0x270 [ 2010.831906] ? rcu_read_lock_any_held+0x75/0xa0 [ 2010.832384] ? vfs_write+0x354/0xb10 [ 2010.832809] ? fput_many+0x2f/0x1a0 [ 2010.833184] ? ksys_write+0x1a9/0x260 [ 2010.833648] ? __ia32_sys_read+0xb0/0xb0 [ 2010.834073] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2010.834666] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2010.835206] do_syscall_64+0x33/0x40 [ 2010.835646] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2010.836172] RIP: 0033:0x7f3842280b19 [ 2010.836555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2010.838520] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2010.839330] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2010.840798] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2010.841407] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2010.842069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2010.842718] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:55:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) 05:55:59 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:55:59 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54) 05:55:59 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0) 05:55:59 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000) 05:55:59 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:55:59 executing program 2: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x3c, &(0x7f00000001c0)={0x0, 0x0}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRESDEC=r0, @ANYBLOB="210029095000fbdbdf250ca5b100000008000600080000005a7b55db5e57f3764a856b27ab7233edec04f3b2fe1998f22e52daa91d76b76e000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004002}, 0x4000044) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000580)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000700)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000006c0)={&(0x7f00000005c0)={0xf8, r3, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_STA_AID={0x6, 0x10, 0x76e}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x7}, @NL80211_ATTR_STA_EXT_CAPABILITY={0xbd, 0xac, "db4e351231a4f3249b77bb54a9141feee11d23dc18dcc6fa42bb4b510db391a7e40cc92f82cf92ce3d89e89bbcefccab3b94bc79d976b624f0c2127801ddbe302db229db45a978548ff070ffd68b1084ba776d0a23b8cbe3fbfedb3aad3591f7b219bd3e55ce9aff7182a1fe0258d73d29d8cea5cf6a1d78d28d35abd03ae439e4ca4924d0e48fd5f7f08b424d0e4d981c18040f342de2d5b87f4585e2cde9163f18bc88552507cef70e8db0dacde9cce80ac75800029d8bbb"}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000) sendmsg$NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc044}, 0x4000001) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r5, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r5, 0x8000000) syz_io_uring_submit(r8, r7, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r5, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:55:59 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000) [ 2025.099141] FAULT_INJECTION: forcing a failure. [ 2025.099141] name failslab, interval 1, probability 0, space 0, times 0 [ 2025.100179] CPU: 0 PID: 9464 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2025.100789] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2025.101519] Call Trace: [ 2025.101769] dump_stack+0x107/0x167 [ 2025.102115] should_fail.cold+0x5/0xa [ 2025.102476] ? io_timeout_prep+0x693/0x8b0 [ 2025.102846] should_failslab+0x5/0x20 [ 2025.103179] __kmalloc+0x72/0x390 [ 2025.103489] ? __hrtimer_init+0x12c/0x270 [ 2025.103872] io_timeout_prep+0x693/0x8b0 [ 2025.104232] io_submit_sqes+0x54d8/0x8610 [ 2025.104613] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2025.105039] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2025.105458] ? lock_downgrade+0x6d0/0x6d0 [ 2025.105812] ? find_held_lock+0x2c/0x110 [ 2025.106165] ? io_submit_sqes+0x8610/0x8610 [ 2025.106542] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2025.106957] ? wait_for_completion_io+0x270/0x270 [ 2025.107372] ? rcu_read_lock_any_held+0x75/0xa0 [ 2025.107791] ? vfs_write+0x354/0xb10 [ 2025.108111] ? fput_many+0x2f/0x1a0 [ 2025.108432] ? ksys_write+0x1a9/0x260 [ 2025.108762] ? __ia32_sys_read+0xb0/0xb0 [ 2025.109122] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2025.109578] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2025.110026] do_syscall_64+0x33/0x40 [ 2025.110347] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2025.110791] RIP: 0033:0x7f3842280b19 [ 2025.111119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2025.112711] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2025.113358] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2025.113964] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2025.114563] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2025.115166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2025.115794] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2025.124626] FAULT_INJECTION: forcing a failure. [ 2025.124626] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2025.125776] CPU: 0 PID: 9469 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2025.126388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2025.127112] Call Trace: [ 2025.127376] dump_stack+0x107/0x167 [ 2025.127740] should_fail.cold+0x5/0xa [ 2025.128104] _copy_from_user+0x2e/0x1b0 [ 2025.128451] get_timespec64+0x75/0x190 [ 2025.128785] ? put_timespec64+0x130/0x130 [ 2025.129141] ? kasan_unpoison_shadow+0x33/0x50 [ 2025.129540] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2025.129977] io_timeout_prep+0x3c5/0x8b0 [ 2025.130338] io_submit_sqes+0x54d8/0x8610 [ 2025.130721] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2025.131153] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2025.131586] ? lock_downgrade+0x6d0/0x6d0 [ 2025.131942] ? find_held_lock+0x2c/0x110 [ 2025.132298] ? io_submit_sqes+0x8610/0x8610 [ 2025.132675] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2025.133093] ? wait_for_completion_io+0x270/0x270 [ 2025.133507] ? rcu_read_lock_any_held+0x75/0xa0 [ 2025.133902] ? vfs_write+0x354/0xb10 [ 2025.134221] ? fput_many+0x2f/0x1a0 [ 2025.134533] ? ksys_write+0x1a9/0x260 [ 2025.134859] ? __ia32_sys_read+0xb0/0xb0 [ 2025.135210] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2025.135678] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2025.136119] do_syscall_64+0x33/0x40 [ 2025.136438] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2025.136871] RIP: 0033:0x7f30a2e99b19 [ 2025.137189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2025.138755] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2025.139405] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2025.140033] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2025.140639] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2025.141236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2025.141834] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 2025.146875] FAULT_INJECTION: forcing a failure. [ 2025.146875] name failslab, interval 1, probability 0, space 0, times 0 [ 2025.148114] CPU: 0 PID: 9467 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2025.148731] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2025.149472] Call Trace: [ 2025.149731] dump_stack+0x107/0x167 [ 2025.150087] should_fail.cold+0x5/0xa [ 2025.150448] ? create_object.isra.0+0x3a/0xa20 [ 2025.150853] should_failslab+0x5/0x20 [ 2025.151179] kmem_cache_alloc+0x5b/0x310 [ 2025.151562] ? mark_held_locks+0x9e/0xe0 [ 2025.151916] create_object.isra.0+0x3a/0xa20 [ 2025.152292] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2025.152727] kmem_cache_alloc_bulk+0x168/0x320 [ 2025.153128] io_submit_sqes+0x6fe6/0x8610 [ 2025.153501] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2025.153924] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2025.154337] ? lock_downgrade+0x6d0/0x6d0 [ 2025.154689] ? find_held_lock+0x2c/0x110 [ 2025.155041] ? io_submit_sqes+0x8610/0x8610 [ 2025.155425] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2025.155853] ? wait_for_completion_io+0x270/0x270 [ 2025.156272] ? rcu_read_lock_any_held+0x75/0xa0 [ 2025.156666] ? vfs_write+0x354/0xb10 [ 2025.156984] ? fput_many+0x2f/0x1a0 [ 2025.157301] ? ksys_write+0x1a9/0x260 [ 2025.157625] ? __ia32_sys_read+0xb0/0xb0 [ 2025.157976] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2025.158430] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2025.158867] do_syscall_64+0x33/0x40 [ 2025.159186] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2025.159648] RIP: 0033:0x7f285a8beb19 [ 2025.159969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2025.161505] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2025.162143] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2025.162747] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2025.163348] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2025.163978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2025.165351] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:55:59 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffff00000000) 05:56:13 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000) 05:56:13 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4) 05:56:14 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:56:14 executing program 1: r0 = mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r5, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x1e, 0x0, 0x2, 0x8, 0x0, 0x5, 0x60050, 0x4, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000001c0), 0x5}, 0x19002, 0x6, 0x80, 0x9, 0xfff, 0x8, 0x4, 0x0, 0x1, 0x0, 0x9}, 0xffffffffffffffff, 0x5, r5, 0x9) mq_notify(r0, &(0x7f0000000180)={0x0, 0x25, 0x0, @tid=r4}) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) 05:56:14 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0) 05:56:14 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x20, 0x0, 0x4, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = syz_io_uring_setup(0x3ca0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x10000) syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x1, 0x1, 0x1, {0x0, r6}}, 0xfff) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r7 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r8, 0x0, 0x0, 0x0) r9 = dup3(0xffffffffffffffff, r3, 0x0) sync_file_range(r9, 0xff, 0x3ffc0000, 0x1) sendmmsg(r7, &(0x7f0000000280)=[{{&(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, r8, 0x2, 0x4, 0x4, 0x1, {0xa, 0x4e20, 0x80000000, @mcast2, 0x1000}}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000300)="8bbd2b79af7d876941604f97556728947298236ed4f16e9ec8dd6d48ed8f93da0b0ce598835b937fb50675eda8bddbb9f23df30487461e60492e5f53e9ef507282c36523f44b7c784badc034c45f5469cfbc50cadbd0588458f626b2e17ed9e7ec08be2c05202655357ceb1307987361226436fbf4d3312228e621a7ad1dd57dad7b2cc6d54fe426ee47cd4866c32fa33f2099277c394ddff4eadd1aef904cf6e88cf77d4217", 0xa6}, {}], 0x2, &(0x7f0000000580)=ANY=[@ANYBLOB="480000000000000003010000ffffff7ff708dd69f3675ebd44da9566ad94a34dac5dc22402dfd43b927cc417f5b2b2dfdf9079f88c6cdc1296f44c4c8ba80eb19bd9abdf182ddb7d880000000000000018010000590e00009290442307a3af660f032a9d0d5310ade686b48351ed31d07e9af3376f9e5364f8e57e2e8cc7dca61c7406c36f46eae255baade2bb86ac81a91e2126a87031d326046327964f0eaa2ab87898d628ddcac5a857da329a2a66c511280fd43d93ad44371bf7807bac91db693c0108dd06c0aa584da700000000f0000000000000000c01000001800000602630e638f1eb73440040e67fdb627a194b021d9c8b19509a7a30a558d6f61aa03be262e25b37c596e2c924bf96d7d2f2a94b906f22a3d8a0b999fb2b1cacc1e4abf0ac74c7aa1caea2d93b632d3dbbe3e9ba2453e92f21e077d50c130739d81d12859d9fb7bf2cfb8fae550b2d8fec0556e9b519016b70086050273ef7f95703d12b3406edc316bb2cef0f7d9ac00088eff7f745fda22a487c053ceca0c5520cf21d9fc8fa02da098bd0c1cf9e5a370a7feca8fa0d2aed4d09f42797a4a4595fa9ef28ae19f4a302377843a86ee8e470720bf1c3ba726859675be200000000d0000000000000000100000007000000036cc614a97e77fcd2054568a6f0e8ef1a756f48b22a919bb811cd90f0d002717ad7bc4a4948988a760419532bb82c565135a2a45329d6cf4de43d7f6ef768190464fd5aaff405ad3fc6d6f105bd333adf90bcbc94aba2997dc4dab1d550b19677d9558bcca1939f7ecf251ba6e47fa6ead202d04a865838aaeb370fb08f7338101e68adbf3ccf43ab78f8b73a02d7ec96b317d9aa9ee558247878fcd32bcdbc1c70449a93dd7112fe2a516cedda84b8b1aabbf323f8ede68d000000000000001010000000000000010000000100008062fe11a2a42748859964e0f0b48de96a613ac82ac7131d16e1f54698d3fcfea4cdd276bdd234dcf66857c0b443db3843e8f543e37b74b59513947321826b84046936302bb6ef3d7473f5898a8206ba4c191cca61caeac49632b7c59636e9750c22707b7e0dcc7a72ac57aff224f6dd71f1b9c95e9c097c7bc1073b007ced1b3c2a52b49a138d9459a191937fc976266a8331985a83fdf2e88639dfccbbf9f9be9c88a959281c2758b34cd34c4c35f5657c5da47bdef55601ded56b1a2ed243b6c962bbb2c436392c4c1b8d88ab9898531812c65d4bb3da1a1c5d0eb22d95e0fd6a34bd2a1621c38d434d7194bc29de95bffa1ed4e2d5411861a22ed5604c942f86252aa27110186987bbbccd8aaea3a23c6a37e9c0b7ade52551230deb443c3e768fc9b42f1dfdd330e360b7a1344d26e3c5cccdc0a45f11fc551bd76f6fca47c182b6436b6b6cacda10379d69fe71c0f109fb8337a80cdd3c6df764930ed67b1cb777016b4ad76d903fe2b2e33fdd9ca3c615d4ddb7bba320c54b52f45c6e201a60a2aece0f146d3e7c7aa45ae449fe5da8221c2303af9cb05b95ff46de1fa4e17f039da0eba3e2d17553543b03ab23503840bb27b80df75a24c7ab09977e3efd07d3a89432200e2e3527a0bcd2266d8d98b0a0ef43a53095661ff28605478d58c5528c343cb9984d563d9e6eea2a8ba003b28105c8f7143ed9c54bea48f67f285e79edfafd7c2598078c01d830961b87bfd015d980c0a8ddc0ccda35386ddf727f15b0e177f1afbc12e8d724c5efda23cfb3412d2cf028a0ecffd1fb3cc72b97f5c3f71e2d913a96b407c5926292c234a710dda2b19f3e3a86bb6e6bff27d4bf02aca0aa7f2ea6411d5eacf27c7837b6e5e23e158960b863d7d8b5afe2e4ab6f1a84e709baad23fae17a8e2d2d9f56165d431d2383a42702b19dfc0fdee8b2348ed3d80c607723913ae51805002b39c0abe1cd876482d699960b8a3eb010ce94cbb64e87a12bb94f0a16eba1e6096ff7c76570b110ade2166936a48ed70f50c04133c32d849d46c228e5e968ac70cabef020d68a26253fd12d22f89867a8c714495cda9d2c20aa6112261280dfad72dccdd957e350fe5bfb0422bbd41be7607e4372944c13ad0dc36a487772ce8b85f139dd6163bb920d0ccbc4156d05c2590fe1faca63f0b934761281bbfad9d28625b6caa5cd5f46f3ddc58a6712279119e75f4981eeba1a27faf754461c0ea2633ef6eb6c57576553f7652a4af02ebaefc67f9a125c125c909cc38e7ae9fc08c7703be7448c68cca97915b8e9fdf87460d9cda1af898f307f38394f07fb819fdabc30110b81193eb491889e7826dc7c48f038ad4d185fd113157c49eeca1c4db494a9a0930542444c7f9a5d0b47100723d09a75337fc57eec5f900e9088d7d66df8e35e56c7dc214ea157282bc88850514ac28dc0c22d09f6b425825efc448bf8ff55058393ab247bcf28bd2faafe1eab79b0756d89035e2c9023a5de8efb8974f82ee362d8f1434373e35dce7dba5be34b43c6119d1d54e0634a6933ff9891635cc162ff925a05f80d3c5d6b04f059fbe59fa3c4a34985dffb6ac76297a94319d9b7742302af63f8e7c6d28a7e8aed14e353a7cde348062265e03d4e0fe009debe7ac1c73e4d3bfd7d9b948ab6b127a0bd343306721ea3625e80db4a4c90bba908e9aa436029ce6b06f3a7ba0623555edc68d1bc8bb0bf80d2ef3490f49f13322dd377c3d6781834eaee31f8d1afc7bcce1991a94eb2663f2df9288b38e7671e8114b899b724ed809efc8d1e6f718a0afbccbc6ab73effb28886702d2cf3c111fc2b9015244404a38dc0b0c00e0c121fc4b5a38c25be647385e6135f16b36e1573de20277e36e67496c6c733b69d4b4ab62cf110e77538066b59cdc57bed841ad46b195038c35d260d8642029ba85fa5adb99c002bb205660a344ede4bb26335c8bef68614a2a481e31d259b7d7f09c15c4b4cc036b0bd2663303d44580a10df4ec0b50b89765613ed2af5aa54d23a18bfb84425b8f881b10ffe578f6488384d5688d90066b8118028e8e7ee72deaaa209526a99fe7b50c8625b39c4c8a8879355c8d42914f003b7e5fc3925bfae8edab2c7e5d3d63209b4f878681bf5da7738f8b65e1d111a5cdf55e5e32683ad4841eb22c34128e8a425baed04899f0e4b463b0dd73d83f5f3903b26ff960aa83bb149a978a874f6571a1fd6af7bdc5cc1a7c96449a9ce69f4c40de2f25b701dd73eafe912a0ecfc224505a5564f0b8c0a442d1582b8ec08c3da5d9485954dcb3ecedc612bdb7e41ba124c90e43f4626a15ffbb23d2fab502dd58ec864f8dc695ddce63e2c808a73cf34a489fcb39607f402ef3fae24b27af3310ac0ffbaffb4ee5b2314d25328dd56ba5e575df542e53597d922b7d680bdf08fed6d6a5b80bd841decfa4c7d49ec970deaef4b7f97b5f8835a7d756c486174388e34e5b84eb6bd6ae7fc96b8721b126997224b4806c88c4c55748f24211130864f8d031fcd1c7a356c2bbcd03bb57dbb5f303030b73e57502a9566246af753aa1862a70aacf46c28af0dc962ed4376c57f70b7f3351edb6985c06d4f208c2b410850cf802ba4188fc05a0d985c34a938dd366d2a43d83c58526882cac4da7dc14293c3c5c095970610e98039f7ebbb4b60cec2b1890edc3bf96c76502082e447d2fc51f34c584565159e3e63ee10c3b3bba2287aac4b7fd1bb0665aab670e866fb6cbcb251e251aa2ee14f9599ea805f8ad8857aa783cec2c73c640a1685046440a159f89ea28be3507523e3898523fbc43c4bb50de4f34cdce380611fee6d7b2a108bc9fea17654cfa73eab1c0588d769cc793ec35e950b2b9c071f2fc82e00948dcd9f1a40e14c049999471ca3c33f85a71d67a8056ad1bd462c23884d35a5a4471fa20e61e160a2952f649fbbbfb606522670b33487c1f08436dd53f1fb5bc2b89676a1c3f98d316a9443822a4024ba716cc45aa2dc11461e781fb2b814fe1ec05df1d88b19277b16a9abb368ff37ae461c62d40bdcd313e727042feb7cf6725f64cc5ac4c026e57214eb47779c031e81782e500dff0eca5e470dcdf9f3d195adfd9898838a2fbbcea752a7d9b6ed0b52bbc83f5b267fc0b19a3c9d5cc4ddf30f6dd346e651ab24f318e34cd09850f425e0a01f3f0186958ea5cf33b65ab2c32835281f6bc1d98a09630ad4ee22120426c421d0f2a465947dcbf02510369297688778f3b1bab920fdef2ffd85828c58f183108550d7ba6ebc7019050c32b1acef039e252c2357cb09c3760f205a2095efc7b75806e43bde180177c613f44eebeb0b7426719e6fbe873da8f8665b937e0d019c3f2e104e02c08eb554b2b190b2be9039e1d4d7493d03eeb4d53074742f4ff0142f2fdc43bde13a14a2071318995551c95640338ce0dc4a1547a5b0fb6629539aea352e45e652c1357873b9a554ed01a3d2689dc069d8f6a3427632d10803d84071d4dbdc973e996b2c259af981ce187c5dd661376940eb922858a825abb5c0f6e123214b189b43386631176a4d45192cf864a51624d4f193dff7691654eba3e1739e3d7ce0efb41a7bbc551d7ec1d91504229dd347e41364daa56fc06a1de32efcc27481f5840806b501e9c32db1ea21b210332830929ff99f2807f7edf8a510821878003a4b6ae3647d9b853020b8c658ce5bb4e21cc31e7d4eeb5d1a652aced3bc7cca0bc5a76c712766ef204bad1bdd207a14e79c08aa5918f23638d025383f4ba5948f692677020ad619bb4ef2ff7510907ed9ec46dacf62bd196bc0c605fdde02241016ba9d07430173b4fca0f45ee3c360af7b954360b9977416c1b25c46af7ae3dee2f8a95c5674519165f4b0cc8afc57f340e94cd42c5c493f9d30ec883aaa751f90441a7da44f1a8510811bbba24906bd2c868bb0023536ebc573693af8736f756ce1be8dd3c9ffc352843c65fdcdf84b87425cf432aa606f3a8919712ba15d84e120b1c19f8362d0d8f129144d6d98740e6855d64d51dee80e510960b496c8b6d661d3aff9dbcb1f2320c47c43f203099d563fd2868f9facf54289b9fd34f031ae0ce92fb3e183c6a1de1d808d759dc8fbf5a4f1f3b4bee1a35c336bb4dbe9d157b50db78cc99e263b6e4b6462a3719e52df35975c2b6b0883054a065a4c6e96db630ceec4b0a9057634ec769c4dc0ab4dbfb30363d67f81b599df236e31c5203e31eaf5114a4a32a7fa93301df8b7e6cd96cddad0caa4a1827a24e0a8ceb9382e548c53e745f69f9167872cbcc78a5169a68cc02ea0b544d8ab6c51eae730587e62fefe69a88923ed6946d2d7b8dd486c0f2434c0a4d2039b93f61041da6437e4f36e818f2b2b2f87b6e7efd2620b9e6f73490a69c42f1891cfd34c36988533b847ce86eeb89e23023b4a6e06cbbb9da86a40cb19102fb7c3059362bac0d3f3bdb8d2fb27a40e60860a46ab57d07bd44513e78e9e744ca0a9d0dadff40e6b21d101aba6dbb6e270ccc50f439edd0c7b71505536bf83b796cb4cf064dd63ddbc083643b332e25c8bc1495e19610f2f8b5af9e15bda22cb0e2f4508a9f366598552b930da6a53f6cb2fd176ff9e83196229e98a02e748821a58e03adfd6b287210d4498d8b0e986f29381f0357127a7a57f0924ef1101b0b6659765652fe0d7a10c07aecfc2a154b2e4cd094f144a97acedc1c2b796debf4bd549aff54cbb97bf40156c7ba9113538f84c5f810d98cea52130c79bddd86bc95f743e229947829ce38af1ed598449409aac8b75963c56b2ba43f7d1bb24a464976b7542e27640287f67f7139519d3813cff6a912fb20b5a3519ac05a6871448ea9f7b714db5545df5f6d5871201452492d3e5274c8d837a8a26d8f9f8b99ff0c2d625c3da6794e2dc44004f118aa2dab68fc93456e06c7b134808ca42d28e51cd4a035b4d5241de984329943c5de86dec4cc5951f902f557bf7ab248f29349a27623c2bda8755701737a016cb866ebe88a3459d824750da0143dbf5031bf20af8de874b82dfbd82098cf7e9a0ba0727eb520d01b2ef8c2560bf0b11a542220a4bc3f07881da6bd6ddd7b7d301e0106646697acdee04a264560ef03d464db2b8b21c2d074fc6d1fcfaad83afe0d477fd30e7a0fae92499eb426f4a1f8e0fc822eb06fd755dc695d414b8426179454891cddd3d4dfbbfbead38a39bb8b8671c6f153210ab6b94eaf04da49b3b30d1b69cfed18e4ed45853c4d13f003e4b4119d6f3651f1bc0d2c03bc158adc7b197dda12c0d442c8f96043c4c1d101a5f404266df4af183f429d32a33e6432f6f5033145b14f65a2cc92786f180d2c70988fe923ec62cbaa48ab20056269e86da719a015f36a6db08e603c6c16d6d5f99821d390b790722006004591145f60ed760a7b45356f7e95ab26b187cebe8d20b6bc8366df3fb01680c75dfdf919a75649c0d51dbc1c38efc9a3c94bf67da9f1c84fa69478049517f7526afa8eee6a027cc404639a2529e2ef76c50051e9d94b1918bdd94964cd0dbc1c5a6f3f03e0cc1e2c1aceff55612bff4728296d770d83f38901edb7dd28a08927fffc3a41f45c9ee9f14bc74b31d4339390b20153f79139c9a16103df3289656f4364ec22c59c39581b3837edab65816847a7fb82968eb55fb740ca14f26a2d0be84a34431a53332c27e6549db213600840944dfebeab784981db3d785430f81261c7cc607e4c84ead906523ee784727043c262f1f96407a625cd785fa81429cc9e00ac2bc7eea3c5dd4c9d4ad5e036ddb"], 0x12a0}}], 0x1, 0x24000045) r10 = openat$cgroup_ro(r7, &(0x7f0000000500)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x0, 0x80, 0x80, 0x8, 0x7, 0x8, 0x0, 0x3, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xf89, 0x1, @perf_config_ext={0x2, 0x3a6e}, 0x400, 0xfe, 0x4, 0x4, 0x9, 0xfa, 0x81, 0x0, 0x20, 0x0, 0x81}, 0x0, 0x3, r10, 0xb) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r11 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r11, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:14 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:56:14 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55) [ 2039.743906] FAULT_INJECTION: forcing a failure. [ 2039.743906] name failslab, interval 1, probability 0, space 0, times 0 [ 2039.744943] CPU: 1 PID: 9506 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2039.745514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2039.746208] Call Trace: [ 2039.746440] dump_stack+0x107/0x167 [ 2039.746752] should_fail.cold+0x5/0xa [ 2039.747079] ? create_object.isra.0+0x3a/0xa20 [ 2039.747470] should_failslab+0x5/0x20 [ 2039.747797] kmem_cache_alloc+0x5b/0x310 [ 2039.748879] FAULT_INJECTION: forcing a failure. [ 2039.748879] name failslab, interval 1, probability 0, space 0, times 0 [ 2039.764188] ? mark_held_locks+0x9e/0xe0 [ 2039.764204] create_object.isra.0+0x3a/0xa20 [ 2039.764216] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2039.764233] kmem_cache_alloc_bulk+0x168/0x320 [ 2039.764251] io_submit_sqes+0x6fe6/0x8610 [ 2039.764284] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2039.764295] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2039.764310] ? lock_downgrade+0x6d0/0x6d0 [ 2039.764321] ? find_held_lock+0x2c/0x110 [ 2039.764336] ? io_submit_sqes+0x8610/0x8610 [ 2039.764356] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2039.764372] ? wait_for_completion_io+0x270/0x270 [ 2039.764387] ? rcu_read_lock_any_held+0x75/0xa0 [ 2039.764399] ? vfs_write+0x354/0xb10 [ 2039.764411] ? fput_many+0x2f/0x1a0 [ 2039.764424] ? ksys_write+0x1a9/0x260 [ 2039.764437] ? __ia32_sys_read+0xb0/0xb0 [ 2039.764452] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2039.764464] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2039.764478] do_syscall_64+0x33/0x40 [ 2039.764490] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2039.764499] RIP: 0033:0x7f285a8beb19 [ 2039.764511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2039.764518] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2039.764533] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2039.764540] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2039.764547] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2039.764555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2039.764562] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 2039.771649] FAULT_INJECTION: forcing a failure. [ 2039.771649] name failslab, interval 1, probability 0, space 0, times 0 [ 2039.771661] CPU: 1 PID: 9507 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2039.771667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2039.771671] Call Trace: [ 2039.771683] dump_stack+0x107/0x167 [ 2039.771696] should_fail.cold+0x5/0xa [ 2039.771709] ? create_object.isra.0+0x3a/0xa20 [ 2039.771722] should_failslab+0x5/0x20 [ 2039.771734] kmem_cache_alloc+0x5b/0x310 [ 2039.771750] create_object.isra.0+0x3a/0xa20 [ 2039.771763] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2039.771778] __kmalloc+0x16e/0x390 [ 2039.771795] io_timeout_prep+0x693/0x8b0 [ 2039.771812] io_submit_sqes+0x54d8/0x8610 [ 2039.771845] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2039.771857] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2039.771872] ? lock_downgrade+0x6d0/0x6d0 [ 2039.771906] ? find_held_lock+0x2c/0x110 [ 2039.771928] ? io_submit_sqes+0x8610/0x8610 [ 2039.771951] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2039.771970] ? wait_for_completion_io+0x270/0x270 [ 2039.771986] ? rcu_read_lock_any_held+0x75/0xa0 [ 2039.771999] ? vfs_write+0x354/0xb10 [ 2039.772013] ? fput_many+0x2f/0x1a0 [ 2039.772028] ? ksys_write+0x1a9/0x260 [ 2039.772047] ? __ia32_sys_read+0xb0/0xb0 [ 2039.772069] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2039.796663] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2039.797114] do_syscall_64+0x33/0x40 [ 2039.797433] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2039.797866] RIP: 0033:0x7f3842280b19 [ 2039.798197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2039.799734] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2039.800423] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2039.801029] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2039.801633] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2039.802242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2039.802841] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2039.803472] CPU: 0 PID: 9503 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2039.812106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2039.812791] Call Trace: [ 2039.813017] dump_stack+0x107/0x167 [ 2039.813326] should_fail.cold+0x5/0xa [ 2039.813647] ? io_timeout_prep+0x693/0x8b0 [ 2039.814004] should_failslab+0x5/0x20 [ 2039.814323] __kmalloc+0x72/0x390 [ 2039.814618] ? __hrtimer_init+0x12c/0x270 [ 2039.814970] io_timeout_prep+0x693/0x8b0 [ 2039.815317] io_submit_sqes+0x54d8/0x8610 [ 2039.815688] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2039.816133] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2039.816540] ? lock_downgrade+0x6d0/0x6d0 [ 2039.816888] ? find_held_lock+0x2c/0x110 [ 2039.817233] ? io_submit_sqes+0x8610/0x8610 [ 2039.817602] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2039.824270] ? wait_for_completion_io+0x270/0x270 [ 2039.824686] ? rcu_read_lock_any_held+0x75/0xa0 [ 2039.825074] ? vfs_write+0x354/0xb10 [ 2039.825388] ? fput_many+0x2f/0x1a0 [ 2039.825696] ? ksys_write+0x1a9/0x260 [ 2039.826017] ? __ia32_sys_read+0xb0/0xb0 [ 2039.826362] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2039.826800] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2039.827232] do_syscall_64+0x33/0x40 [ 2039.827547] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2039.828003] RIP: 0033:0x7f30a2e99b19 [ 2039.828328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2039.829870] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2039.830501] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2039.831090] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2039.831677] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2039.832297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2039.832888] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:56:14 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x3, 0x97, 0x8, 0x0, 0x0, 0xb9f, 0x2100, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x7, @perf_bp, 0x802, 0x2, 0x81, 0xd, 0x4, 0x80000000, 0x2, 0x0, 0x8, 0x0, 0x5}, r4, 0xd, 0xffffffffffffffff, 0x9) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)={{0x1, 0x1, 0x18, r3, {0x5}}, './file0\x00'}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200000d, 0x110, r5, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) pread64(r0, &(0x7f0000000300)=""/248, 0xf8, 0x100000000) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r7 = openat$incfs(r3, &(0x7f0000000280)='.pending_reads\x00', 0x801, 0x12) write$binfmt_elf32(r7, &(0x7f0000001e00)=ANY=[@ANYBLOB="7f454c4605060808090000000000000002000600010000006e03000038000000ba010000565b000008002000020006000600ff0f0000000004000000000c0000f9ffffff0100000004930000008000000d0000008000000004000000ff000000fffeffffdb18b02e20000000bf000000050000000800000089b15ab26edaa9fb54f3d89cfccbab6b294395b261b9b3f96add7b35710e075bf380887f4adc39ec6e7e9de6eaa7029913bfabb648789ce7c9125e037f2f236f2888e8f0c9cde5b49a4806c1057663e854e0262f6f9c270068295c78383cd1e4cc3c18f3c4bfbd229706223bf9753270d358cba8d8ea25c3965503538ef9a5f9234056bef928c0f1e6f48a0e250a3da4c5b0ee0042806d96dee55f1122a65f0bc2496a782767b740c2745fe78ab58bf3f213a4120020fceb075fbac7f4d1b2839379aedf7be043bba92c622850e31ad6d0d1a00b6fda62751f34724e56c2180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000463a53e60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ef1ffb2800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4f12ab1c4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000267a73a4b2631b7b86582e9f6b4813ad0ad15d762c3136d79e87df6fc54b1cc74e2139041feae64640321ae45b2c73c058f91c910c3a84165604427c5ecd4a34fb552407680fd7bf6e36c08a2ea7e173c8f47b1d459b059552cf97e1f0a5ffdf354d73fe8f9e617d26fa6c945990874abf0c5622c8660cb12d3c4e75ce952ad864ee5b90cbe74466b18f62c2f36694227c06fe0a81e8cb5cfb508c54ec40ab34f82d84da17cea5142539f5590a3f949b01a1b56bc21b32a7e0295e91f4a84830c1c42f954bdbc5cbc5300f195185edba04f670"], 0xb57) r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r8, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_RESIZE_FS(r8, 0x4008f510, &(0x7f0000000240)=0xfffffffffffffffe) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:14 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x5, 0x4004, @fd_index=0x9, 0x2}, 0xde) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x5) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:14 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 42) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 2040.143292] FAULT_INJECTION: forcing a failure. [ 2040.143292] name failslab, interval 1, probability 0, space 0, times 0 [ 2040.144375] CPU: 1 PID: 9524 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2040.144949] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2040.145642] Call Trace: [ 2040.145876] dump_stack+0x107/0x167 [ 2040.146190] should_fail.cold+0x5/0xa [ 2040.146520] ? create_object.isra.0+0x3a/0xa20 [ 2040.146911] should_failslab+0x5/0x20 [ 2040.147241] kmem_cache_alloc+0x5b/0x310 [ 2040.147593] ? mark_held_locks+0x9e/0xe0 [ 2040.147956] create_object.isra.0+0x3a/0xa20 [ 2040.148337] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2040.148776] kmem_cache_alloc_bulk+0x168/0x320 [ 2040.149172] io_submit_sqes+0x6fe6/0x8610 [ 2040.149549] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.149974] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.150391] ? lock_downgrade+0x6d0/0x6d0 [ 2040.150746] ? find_held_lock+0x2c/0x110 [ 2040.151098] ? io_submit_sqes+0x8610/0x8610 [ 2040.151475] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2040.151895] ? wait_for_completion_io+0x270/0x270 [ 2040.152330] ? rcu_read_lock_any_held+0x75/0xa0 [ 2040.152728] ? vfs_write+0x354/0xb10 [ 2040.153049] ? fput_many+0x2f/0x1a0 [ 2040.153364] ? ksys_write+0x1a9/0x260 [ 2040.153692] ? __ia32_sys_read+0xb0/0xb0 [ 2040.154045] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2040.154493] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2040.154938] do_syscall_64+0x33/0x40 [ 2040.155259] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2040.155698] RIP: 0033:0x7f285a8beb19 [ 2040.156044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2040.157601] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2040.158254] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2040.158860] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2040.159466] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 05:56:14 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8000000) [ 2040.160105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2040.160715] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:56:14 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0) 05:56:14 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 2040.294286] FAULT_INJECTION: forcing a failure. [ 2040.294286] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2040.295385] CPU: 1 PID: 9532 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2040.295974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2040.296669] Call Trace: [ 2040.296904] dump_stack+0x107/0x167 [ 2040.297218] should_fail.cold+0x5/0xa [ 2040.297549] _copy_from_user+0x2e/0x1b0 [ 2040.297898] get_timespec64+0x75/0x190 [ 2040.298238] ? put_timespec64+0x130/0x130 [ 2040.298605] ? kasan_unpoison_shadow+0x33/0x50 [ 2040.298997] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2040.299437] io_timeout_prep+0x3c5/0x8b0 [ 2040.299791] io_submit_sqes+0x54d8/0x8610 [ 2040.300182] ? __do_sys_io_uring_enter+0x1f2/0x18c0 [ 2040.300612] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.301037] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.301454] ? lock_downgrade+0x6d0/0x6d0 [ 2040.301808] ? find_held_lock+0x2c/0x110 [ 2040.302161] ? io_submit_sqes+0x8610/0x8610 [ 2040.302540] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2040.302956] ? wait_for_completion_io+0x270/0x270 [ 2040.303371] ? rcu_read_lock_any_held+0x75/0xa0 [ 2040.303770] ? vfs_write+0x354/0xb10 [ 2040.304115] ? fput_many+0x2f/0x1a0 [ 2040.304428] ? ksys_write+0x1a9/0x260 [ 2040.304756] ? __ia32_sys_read+0xb0/0xb0 [ 2040.305107] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2040.305554] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2040.305996] do_syscall_64+0x33/0x40 [ 2040.306314] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2040.306749] RIP: 0033:0x7f3842280b19 [ 2040.307069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2040.308632] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2040.309279] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2040.309884] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2040.310502] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2040.311103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2040.311708] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:56:14 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8) 05:56:14 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a74, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:14 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56) [ 2040.478445] FAULT_INJECTION: forcing a failure. [ 2040.478445] name failslab, interval 1, probability 0, space 0, times 0 [ 2040.479611] CPU: 1 PID: 9544 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2040.480210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2040.480900] Call Trace: [ 2040.481134] dump_stack+0x107/0x167 [ 2040.481447] should_fail.cold+0x5/0xa [ 2040.481773] ? create_object.isra.0+0x3a/0xa20 [ 2040.482165] should_failslab+0x5/0x20 [ 2040.482491] kmem_cache_alloc+0x5b/0x310 [ 2040.482841] create_object.isra.0+0x3a/0xa20 [ 2040.483214] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2040.483646] __kmalloc+0x16e/0x390 [ 2040.483967] io_timeout_prep+0x693/0x8b0 [ 2040.484322] io_submit_sqes+0x54d8/0x8610 [ 2040.484694] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.485117] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.485530] ? lock_downgrade+0x6d0/0x6d0 [ 2040.485881] ? find_held_lock+0x2c/0x110 [ 2040.486230] ? io_submit_sqes+0x8610/0x8610 [ 2040.486607] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2040.487020] ? wait_for_completion_io+0x270/0x270 [ 2040.487433] ? rcu_read_lock_any_held+0x75/0xa0 [ 2040.487829] ? vfs_write+0x354/0xb10 [ 2040.488171] ? fput_many+0x2f/0x1a0 [ 2040.488483] ? ksys_write+0x1a9/0x260 [ 2040.488809] ? __ia32_sys_read+0xb0/0xb0 [ 2040.489161] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2040.489606] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2040.490043] do_syscall_64+0x33/0x40 [ 2040.490359] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2040.490790] RIP: 0033:0x7f30a2e99b19 [ 2040.491108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2040.492662] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2040.493310] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2040.493912] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2040.494513] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2040.495115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2040.495717] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:56:14 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x4000000, 0x0, 0x0, 0x0) 05:56:14 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 43) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 2040.633479] FAULT_INJECTION: forcing a failure. [ 2040.633479] name failslab, interval 1, probability 0, space 0, times 0 [ 2040.635034] CPU: 0 PID: 9549 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2040.635608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2040.636312] Call Trace: [ 2040.636546] dump_stack+0x107/0x167 [ 2040.636858] should_fail.cold+0x5/0xa [ 2040.637188] ? io_timeout_prep+0x693/0x8b0 [ 2040.637553] should_failslab+0x5/0x20 [ 2040.637880] __kmalloc+0x72/0x390 [ 2040.638180] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 2040.638623] io_timeout_prep+0x693/0x8b0 [ 2040.638976] io_submit_sqes+0x54d8/0x8610 [ 2040.639354] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.639779] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.640211] ? lock_downgrade+0x6d0/0x6d0 [ 2040.640564] ? find_held_lock+0x2c/0x110 [ 2040.640916] ? io_submit_sqes+0x8610/0x8610 [ 2040.641292] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2040.641712] ? wait_for_completion_io+0x270/0x270 [ 2040.642128] ? rcu_read_lock_any_held+0x75/0xa0 [ 2040.642527] ? vfs_write+0x354/0xb10 [ 2040.642847] ? fput_many+0x2f/0x1a0 [ 2040.643160] ? ksys_write+0x1a9/0x260 [ 2040.643488] ? __ia32_sys_read+0xb0/0xb0 [ 2040.643856] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2040.644316] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2040.644757] do_syscall_64+0x33/0x40 [ 2040.645078] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2040.645512] RIP: 0033:0x7f285a8beb19 [ 2040.645835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2040.647374] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2040.648047] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2040.648648] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2040.649252] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2040.649853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2040.650454] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:56:14 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:56:15 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000) [ 2040.732814] FAULT_INJECTION: forcing a failure. [ 2040.732814] name failslab, interval 1, probability 0, space 0, times 0 [ 2040.733988] CPU: 1 PID: 9555 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2040.734563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2040.735256] Call Trace: [ 2040.735491] dump_stack+0x107/0x167 [ 2040.735805] should_fail.cold+0x5/0xa [ 2040.736146] ? io_timeout_prep+0x693/0x8b0 [ 2040.736512] should_failslab+0x5/0x20 [ 2040.736840] __kmalloc+0x72/0x390 [ 2040.737141] ? __hrtimer_init+0x12c/0x270 [ 2040.737499] io_timeout_prep+0x693/0x8b0 [ 2040.737854] io_submit_sqes+0x54d8/0x8610 [ 2040.738230] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.738656] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2040.739076] ? lock_downgrade+0x6d0/0x6d0 [ 2040.739430] ? find_held_lock+0x2c/0x110 [ 2040.739782] ? io_submit_sqes+0x8610/0x8610 [ 2040.740174] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2040.740591] ? wait_for_completion_io+0x270/0x270 [ 2040.741006] ? rcu_read_lock_any_held+0x75/0xa0 [ 2040.741404] ? vfs_write+0x354/0xb10 [ 2040.741727] ? fput_many+0x2f/0x1a0 [ 2040.742043] ? ksys_write+0x1a9/0x260 [ 2040.742370] ? __ia32_sys_read+0xb0/0xb0 [ 2040.742723] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2040.743171] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2040.743612] do_syscall_64+0x33/0x40 [ 2040.743945] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2040.744383] RIP: 0033:0x7f3842280b19 [ 2040.744705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2040.746251] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2040.746899] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2040.747501] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2040.748423] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2040.749777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2040.751126] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2056.359794] FAULT_INJECTION: forcing a failure. [ 2056.359794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2056.360848] CPU: 1 PID: 9579 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2056.361423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2056.362119] Call Trace: [ 2056.362354] dump_stack+0x107/0x167 [ 2056.362669] should_fail.cold+0x5/0xa [ 2056.363003] _copy_from_user+0x2e/0x1b0 [ 2056.363352] get_timespec64+0x75/0x190 [ 2056.363688] ? put_timespec64+0x130/0x130 [ 2056.364048] ? kasan_unpoison_shadow+0x33/0x50 [ 2056.364457] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2056.364895] io_timeout_prep+0x3c5/0x8b0 [ 2056.365249] io_submit_sqes+0x54d8/0x8610 [ 2056.365625] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.366049] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.366467] ? lock_downgrade+0x6d0/0x6d0 [ 2056.366821] ? find_held_lock+0x2c/0x110 [ 2056.367174] ? io_submit_sqes+0x8610/0x8610 [ 2056.367551] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2056.367966] ? wait_for_completion_io+0x270/0x270 [ 2056.368391] ? rcu_read_lock_any_held+0x75/0xa0 [ 2056.368801] ? vfs_write+0x354/0xb10 [ 2056.369123] ? fput_many+0x2f/0x1a0 [ 2056.369438] ? ksys_write+0x1a9/0x260 [ 2056.369768] ? __ia32_sys_read+0xb0/0xb0 [ 2056.370121] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2056.370571] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2056.371016] do_syscall_64+0x33/0x40 [ 2056.371341] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2056.371779] RIP: 0033:0x7f30a2e99b19 05:56:30 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) 05:56:30 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000) 05:56:30 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 44) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:56:30 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57) 05:56:30 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r5 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10802, 0xa0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r6, 0x0, 0x0, 0x0) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r7, 0x0, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r9, 0x0, 0x0, 0x0) r10 = socket$inet6_icmp(0xa, 0x2, 0x3a) r11 = syz_open_dev$vcsu(&(0x7f00000002c0), 0x4, 0x810102) io_submit(0x0, 0x6, &(0x7f0000001740)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x6, 0xfb, r5, &(0x7f0000000300)="aa60a3ec64a4a52e8bce6337843229f76705569935f8dfab4b638d51b22c7e78143ef745e0eeb1a110ee33a71eb61dfaaf7ffe9adf4f29fb6e766598c226f464d1b5f4118e7dd0de08b8351613af5b97c053478b1a934619d8a66fc926aacca378d435c2ceb6b0fe9ba46eb64a445d2a4385061748de535047f94d80c51f2d60dc1a0ba8dc9eb9427a7d81f926", 0x8d, 0x4, 0x0, 0x2, r6}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x3, r7, &(0x7f0000000580)="b4f585ae52e03a2bcaefa099c61c670392247551e301e6fcda801ab80e2bcb61837e79b722b8317c1bfd5c4df35b26a40582b54d426a95ef522350535fe2153bca83894b126d9238709c16e1f65a1658a4a1ed9eb57c22b0d19eac735b6338bd16904e9e21de0057b25bd9bd9d76bebba3c0b4fbfc6c23e2254f7e220d021225f5974f49a3a8b97e2c94dacbf612edde1d244571673fc712c13b3adedafc217335470e1cf2c6114ff460d6db3ff2d7be197dee8885a31d66dd5da0d7035bfb631f66113fb4c5f2e6fe579a19bfdb5e4582e2962faa674cce0d5f2e947959e6a9ef6591e133f0bd97626f31f99ce137d5ef504adb4ce4a7fa18ecf2330fff9be93c9113449778fa87431731f3ab29c0fe28d1c4078c365030eafbf346d4b6476a7bd39595101906823ceb00485c750432a22d165e24b722830b987e64ed8a56df1336e516da54cb9cfa832b5431458dd540fbadfba65c7094834c2d4ffa864ccc4f1c8164a04ce33b6ae16fdede95e15e86867a465984895c916031694c5bfbd2fa55b1948a1740a78bbe743128f334c3abe6361631ce79110d03a5e4d9009f5bb06802f12478f87e578183f2d8d16393f59c85ed374968dc2661a4a3a514d024db8be9b864256d7c7fe8ab1b653705987b223153376b9b19955f75ac199fd013530ed146421cf7a1feda51f277e16a86fc1beef6c6f9532fd415ebc32fe8c41a55173c1f25ca0a4915539da240d7b392292557de244473b4cfe7fb473e3a5f774f58082f7d0e2194e8d29de6d1c041649a0152bec5829c7472028202da6e9d89ffb1d1af07f4770442aaa2fae3a4030aea2ad34b846349f019189adb8d270542cbc5aaffdce0883a8324e5f46c628adff1c46e64668748bdbc85997e09a9f664dcff3d9dfe8a00a55aedae25c473ff0054afa3f3fe200792cadb11d3133e2efe4635324984c406e9ae24e59b3eef5943fc9e07b76e4728ca1c04f4df56108e7a23433ba7cb37a11a37001f411a63cf73e49087e525880893ccfe0ab91e775cfb30ca6bd4fcf0eac8ad702b6bbf067eee38987f38850a2eb9dd39b82cee98549fce0b37e0bdd849478faaf12ab607a7de98449fc1c24231e8a7b52aa1fd3b3bd2f93a650ca3162a720b6901bb239c80e25ae587b397cadd2ef41666163fb86931c92ce285ae8319fee4a3fb1fe312438dda498c1e93afef90f034ddb1fa7f8d409cfd6e6ac47fea8c074a0b45044d262d1390cd36362d107235766bbaabb4cd06b286597e7d6d0985a9bdcdf5f40edc9992f25e6154200d0b3dd8529caf1b5212373ac57e48c9bd0116f6304319a0146ff9f430d9a6f4598936db73e0228bbca8607d02a703518393ab8ce2d374376f15009e89942b5594327b68696b9c1536c9c9962412fd662f9352402f33ac533a08e267e19da27502f8cb5354046c5e622f563a8aa4b17e88863a602b91fe522c4a3c54f86f2a25b470a9334e973e862c826a82fc04e730beb0d052d190d803d4b7f52a8e9c773f30bfd281151a5bf3b0d3f02b2cc9cf8f6cdb084608def7a93e654cb822a87f01b2ee14cf662b08a82c99a41668b2e89ef804e48dd61d89ad11b765f3db93ae3833b9730391498064c575851cc04a4557c1f845d25d3c7aec18670704441f001ae17b872cbfa8649198db4a63a26656cc254fb6e0d33540b3253c3d0a854ae192bad619b0d2bd6a1ee2df34a4f30db92e2edcad1bcfdf42ac6bad6ccee2682f4c0f3f18440bec7c6b9c4c153e3c881f2cfaee20298e2ede9c168a796d8a233205f8fa6f63144272da51813d14b06562a85eb01cb0ee92f4c5a25ecd5df1f8ecd948a58b2f3f82a28dcc4f8d77fbc3a6cb40eb70c87568fb0dfa1113f168228cefc48bafdb0bf00735fe048161fe8a8c6207de30fdedd421d9e1e86c7064b1d4fe494915c172f7774c490c718499df81c849429906f91c32af87c4dd44d82bf419869fb90e2fd459c5800af1caff7eaad9aa3f2374beb5e600461f5b0ccf57152386b50face99cf4e31ee294e98af3a21a19c51f834ca3baa71e7224d7813515465c15849492cdb4cef3c13aac744ac9cb1ec12125f5d60b914cf57002da2a3acaa1645318d67a9310b21d34c64c5fd539d1b9fce63afffa59042e3f73a090a82d3838c772c53d4931af4dc43febd3edef070ff09fa62de386494b766eed5659bb32958b9090101eb06e02dbd005f54a6f6df3316d02b4b912a2ccee170b27183bfebb54d934127e31d7c4a738036588bb8316cbde0eb743423de06b62ffa1008e5ad33184015a3383093823f614152f5c8583aa40537049a396856069f3c4053538f375e79d37a35e32f146da48c05cb3ca56f28b9e08d72e7d7535806677bddb997cc1398f19a896d3374b87d69fe781ff8ffb188ae04632496b9bb69209f555092d9586ae544ce741c2898d8a6ad40e4a40a35ab21c7ac68559b415402382fd8592c4b36f763bd006d211304d2081fcc3e736b0545067ac78b92279e54d7ab7b459e5bc8f9f9092344f92e1d9f65cce7dee199aa806f16f6eec574a89cc65a7c621bfc25d114cc6667eef6a7ca7858898dfb05b6fd3bd895ddbd0bd39354259ae85383d597f1f565eb70a2a9f2b5313291ee4e20813ae94bb5031325b356b81b5f27ae021819295c47bf51cc8614a5e3e77842017f520d5e2d69615ef01ef770210b3eac2f5fd16f324fd5c2d9a904621a9bbeb5098459d7045e3affcd4af213e7931fd7ba63dd533fed6340bf3d9c5b9c979ae0eb1f38a7f40a7b039aa9d30ca14506e10012d8f3fbbf0349613d23f97a2348ea3e004d3ab1e0662b97e845aae044fd32e0be2fad17724b494eafc2c3ca9078268557682f062dfe188624308b1d393204c4934858f0ca3ad6d8868937dd4dc325f4946ae0459271417ef3cb9e30182ac675dd4e430a899cc9453988369e746b59968a298bbd680ca94b67227ecebf787d603e46fa792a11c1d0f6e1413ab6b733c54d823859d2baabb48588b4cf091aa2051455ee280901c0549257390a692210d0407dce03ae9e272211d7cf4ca07153135a68ed7bda79c0b39705c6b347db59e7c08a0e2e13b098346d58e017683f0fdcec91c61177ee615859033380a5840b5bee97bb69f61d6d50b823499eb4d7b094135fcc2a236bcc6680722b47454a4df59a4c315a024e3f89c490b320d89d1c6463f36c5f2f84f2215324fb0a08feedb053a5f7006f78b2b51c595a8fde2979c10eb4aba3ce9b5806fe34297adeb1d00927c7ef12ac335b662dd71c1125b8a86ab3087718ee6b17febfd87f9875b34c8e224593ee5bed9f016501e162d9ab52bd539a96bcd07ceea16b2350e239c4cd83db05c29c90b876998c6236ef968fa12cce60c72177f05a11716d57a658b39b011c1b44b3acb19e86af0eb945069ef325aca6e5ad0a4658af7aab55ca52677e9eebf036aa77be0d14d931fe2a371d735bdd36657ed0bdb34d659ffade6598b03ac63856d924ada1c80064626b2eb79c24753adf6abbb2938206ac1ab1e0b6470291617d359b726bdb5e00a32675e1799dc6f98e813fc527e89e26bb4eef8da6a0be4af7ca8a1f524d23771c9e29e0a9518db6d5e473a037f05177f5f22acf0498f9b6a8a61ec22601ea0ae56e81bfb1f2e22bb39e15e5a4988a27413f5a1fe6b8a7fdca678f0a0300346ab8b495a8a40abddf6d0639952c4ec438cc71db0020ba1582a0b4aaf8f302e1e6409a143e8950dc33f69cd76780fd22b44f74a2bc844597beb669a2b97f4ded1fad7fc11f39784f6f15ce4065f6d81ee5ad2db050357d5f38644db9a381cfc1f96a1542cfc7bcd5e66960bc499ef3f62a6cb4e16ad2b0de158048297c6238c62a5f03e9179dd490a4506fdaf4f2341f397edb8d3f87ec92334e8df8e2e4b559d5e8bb2333c9916b8eed57af5c25f2e124c3eb01dfd94a17c5279231c80985417e4e137def6a8332845c7fa8fb67ab4056f7b212353c97e93910cbf1d100e0139b16aac9db5317e8b5e0dc11eb28b68405423ab8cfa55c4f1385c5ec557f69294d4819dc76745abc144cf9fc712b66253f74b1b3735907a0b4efdc8eec4a48982eb8aa9b54d13f6ec1266f5ff2fff1370b511f4bf447b118bb5692c022ddbec43ec5753d5b27375e0ec7a4d4baa83f165cb823231dad5bbde34d71abdf776bd9f04886c9030d8917e5e544ca9854fcf322db93da0043a2b2a8830a1932e31b662d0a03348297a121a546f848739de3a62dc0b7b78418a9efd567fd11797b9142c88e756a7065348377e048c451826f50bfa03b1291c2b581a2296515bc610f34df5efaf8752bb6808d43f85ff5056f253c5cb3ac3e2a20cb995d811d5ab3781fb2b21679be59b1d2c8a3cc7e9553178c2e4cf75100ede48965fb7c4e7db686c7273bc82c326d7c55cd94b59b043e0d9fd48c2797731732a5b3dec7195ebe5edd41cd9e925cc4e6be7699537cb6dc9bb09e20e369afedcae6177735317604da0c2c79d2df0de729ecdc596c8864bb67d6156e2f852413df25287646aed7baec99df114dcbd7185b3b1af98706c82e4b9496622386f9bd230bb8aa803dcdab36d333bcefd253611fd6a9355a71aa2005dfa5a1bcbfb8d82f5fe80ee9b1b7b17b0343ad91c6e0fc681905a3a86318418a76eff63ec59ffdb46cf7c5a9fc56115458cac4e30aea5ea89bfb02d5aeb4a06729a1843065db2609cc00d56d74c22ddb99843035cb3a02bad51bf938761f9ed2b18e8e4f55f19afbe511469caf534abced74e9702b2aa2497366cd9ad8747097bb8b123d97f58c75417d6fd67d94998f8bedf80a07020659b7023387b2810a0eb5c503efd3def4be2fdf429b348da6f036d738eabeccb7c680d6e389106a3c98ef4e573292745a364d629235b1f7dde4a51e2f4a96097edfe3722262c7da3de01c0e90c4c124dec9001ae778635100c67a5d410d7868292be42227fa833dbee232245308e41a1489db2d4bf57d4f68f434a52adf17d6f0363e278cd39469f6d7d7bb76d0af743cba4b66774f87da742b8acf66cf41d32915aa423c904241430477245e9ef34e8d01411ef52c1881d0168433a4c8c2fd7c47af03091de102b5c4096a3be7b9d3e3e2803d190ab1f1a0d1ab3003f8cfbb362e73d56a1afe31b2ab7c8db00c11fdd033fb9ccbe3573973a5770a861aa2c3ac0d028575bfcb8303bebbd89194383132c1e3148350e2760919b177eb7d9e2d80c776c39bb1209795331e73ce99fb9cb1413c7c5331f6d6f103b02b167364fff0aff3e2282d49f0056dc93145c6bdbd4c2493c2393bb176290b21e9ad3321961b8d3fa96e643f4ffcc1549b40baad66231f435b6769708807cb0ebc072206db33f1562499c46a38b73f09a2c4aff32ba6255ea46e2bab5f5680b6f8f932a7c7df67c534ed7e17a61618b1fcf2fdb90ef624ce54d26a5ded782648341430f2646e63aa867966d64897afcc25e064819b1ccc2fbdeccad5a28db917a6fc02d8b63bfcf823e58c13038c27c1916ec988bd7fa326498f56710f860b663170bae660a67c3efe727a980790ad570b3afbe5d8cd681dd7f2ea81f95e9d42fc1e5cde4aec17edec5d09607148baa84fb7317f392975e8cd604b147b4482a7f7f3f9c4ade624b80a072ba6777ebc8ed258ae78f175322d53b8a5c1d37f914bb13b5cc8c406f326c749fbccbb84eed025c9710216443b6c723492f1d63023989d75ff77653ca3f636e487c3bd10f71955eea9a651017163f86a4bbc382d5c5d38ed6ab9720b99977117360", 0x1000, 0x535, 0x0, 0x4}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x6, 0x54, r8, &(0x7f0000000240)="e4990f67be6b63f3ccc44e704f84b81c14ae3ac818134cc7a55748e77ab87156087536f736d56972f06f73850a09cb1c329e552d9d197c4140d3fc4d063f97361f79b242a8b0c681e24d0fbc3fde952107c7b16f5d3ed37cd57f77ee3d830b23d7c5506f70efb1152e3eaac3876f", 0x6e, 0x6, 0x0, 0x1}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x7, 0x400, r9, &(0x7f0000000400)="ed3c9b1e720a8ac38f92b2b1cef6f00f55d7ab139cd54431f4b6e17a2f004d07d9b25926cc23660e9d17f816c95e0cab08d260e530feece19e9d58c46572febbb2224e37132719848805d593208008745fe769c57c1d5260d5168ee21be78be33943fffb2846b317e7f90365eadda9bdb9b7d1f32f7dbe17619b79", 0x7b, 0x40b4349d, 0x0, 0x2, r11}, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x5, 0x401, r0, &(0x7f0000001580)="89e1dc610c0dd96f5fd2f618334187349201008f2f00d75b09ffcae5bf77ecc9f25a9fa90469ffaa9771cf933bfec602039a81520c7411f71f074dbb7acbd6d54ee011e136185f2b314f3b076e32da837195076099a227bdb61141885a70d7da3116e84213c6f3d15bb541f1710477a3dea4de50002be41b6349a3f9fa1196a200515dac2f711d391f7389f34dae4d48fe1deb582e6487", 0x97, 0x29f99ec8, 0x0, 0x1}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x1, 0x9a8d, r10, &(0x7f0000001680)="1ccd69c3eaeb0a89acf2cfc39e13c0813527e8ad211d5f74bea8bd0016c87a0d0e288a811f06d30d5ea9d14dcf62bc1bafc2e8308c349a6163f985b9d0fcb510907a5435c0d17ce44f70d1e48396", 0x4e, 0xed, 0x0, 0x1}]) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r2, 0x8000000) [ 2056.372100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2056.373737] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2056.374672] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2056.375482] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2056.376096] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2056.376896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.377568] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 io_uring_enter(r2, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:30 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x8000000, 0x0, 0x0, 0x0) 05:56:30 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 53) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:56:30 executing program 1: r0 = mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x40000000}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000340)=ANY=[@ANYRES64=r6, @ANYBLOB="c0ffffffffffffff090000000000000009000000000000000000361500000000000000000000000500000000000000040000007747000004000000e0ffffff0001000000000000050000000000000009000000000000000700000000000f002000000000000000000000000000000000000000000000000000000000000000000000000000000026ce72f95122e1e5718ab9767043cec498378c5f3a110bac716943ed974f09bb5c81356b79cad7187434ed0f03edd2bf35a3425198f760b623001e33a67fc36d60f172be312829f18654b38c76a337563e83668e2891c106e2c23fe48c3795a1c96a"]) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004fc00)={0xfffffffffffff31c, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {r6}], 0xff, "e0ae9629ed1578"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000340)=ANY=[@ANYRES64=r7, @ANYBLOB="c0ffffffffffffff090000000000000009000000000000000000361500000000000000000000000500000000000000040000007747000004000000e0ffffff0001000000000000050000000000000009000000000000000700000000000f002000000000000000000000000000000000000000000000000000000000000000000000000000000026ce72f95122e1e5718ab9767043cec498378c5f3a110bac716943ed974f09bb5c81356b79cad7187434ed0f03edd2bf35a3425198f760b623001e33a67fc36d60f172be312829f18654b38c76a337563e83668e2891c106e2c23fe48c3795a1c96a"]) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000340)=ANY=[@ANYRES64=r9, @ANYBLOB="c0ffffffffffffff090000000000000009000000000000000000361500000000000000000000000500000000000000040000007747000004000000e0ffffff0001000000000000050000000000000009000000000000000700000000000f002000000000000000000000000000000000000000000000000000000000000000000000000000000026ce72f95122e1e5718ab9767043cec498378c5f3a110bac716943ed974f09bb5c81356b79cad7187434ed0f03edd2bf35a3425198f760b623001e33a67fc36d60f172be312829f18654b38c76a337563e83668e2891c106e2c23fe48c3795a1c96a"]) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004fc00)={0xfffffffffffff31c, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {0x0, r8}, {}, {r9}], 0xff, "e0ae9629ed1578"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000058700)={0x6, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}], 0x1, "ce687fb97853ce"}) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2056.386504] FAULT_INJECTION: forcing a failure. [ 2056.386504] name failslab, interval 1, probability 0, space 0, times 0 [ 2056.387575] CPU: 1 PID: 9580 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2056.388163] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2056.388880] Call Trace: [ 2056.389113] dump_stack+0x107/0x167 [ 2056.389424] should_fail.cold+0x5/0xa [ 2056.389748] ? create_object.isra.0+0x3a/0xa20 [ 2056.390148] should_failslab+0x5/0x20 [ 2056.390472] kmem_cache_alloc+0x5b/0x310 [ 2056.390823] create_object.isra.0+0x3a/0xa20 [ 2056.391208] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2056.391644] __kmalloc+0x16e/0x390 [ 2056.391955] io_timeout_prep+0x693/0x8b0 [ 2056.392316] io_submit_sqes+0x54d8/0x8610 [ 2056.392724] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.393166] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.393596] ? lock_downgrade+0x6d0/0x6d0 [ 2056.393960] ? find_held_lock+0x2c/0x110 [ 2056.394124] FAULT_INJECTION: forcing a failure. [ 2056.394124] name failslab, interval 1, probability 0, space 0, times 0 [ 2056.394325] ? io_submit_sqes+0x8610/0x8610 [ 2056.395703] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2056.396126] ? wait_for_completion_io+0x270/0x270 [ 2056.396547] ? rcu_read_lock_any_held+0x75/0xa0 [ 2056.396943] ? vfs_write+0x354/0xb10 [ 2056.397263] ? fput_many+0x2f/0x1a0 [ 2056.397577] ? ksys_write+0x1a9/0x260 [ 2056.397905] ? __ia32_sys_read+0xb0/0xb0 [ 2056.398256] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2056.398702] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2056.399145] do_syscall_64+0x33/0x40 [ 2056.399467] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2056.399903] RIP: 0033:0x7f3842280b19 [ 2056.400229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2056.401787] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2056.402440] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2056.403046] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2056.403650] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2056.404261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.405575] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2056.406840] CPU: 0 PID: 9571 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2056.407637] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2056.408537] Call Trace: [ 2056.408879] dump_stack+0x107/0x167 [ 2056.409298] should_fail.cold+0x5/0xa [ 2056.409733] ? create_object.isra.0+0x3a/0xa20 [ 2056.410242] should_failslab+0x5/0x20 [ 2056.410682] kmem_cache_alloc+0x5b/0x310 [ 2056.411150] create_object.isra.0+0x3a/0xa20 [ 2056.411669] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2056.412253] __kmalloc+0x16e/0x390 [ 2056.412667] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 2056.413239] io_timeout_prep+0x693/0x8b0 [ 2056.413745] io_submit_sqes+0x54d8/0x8610 [ 2056.414230] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.414789] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.415335] ? lock_downgrade+0x6d0/0x6d0 [ 2056.415820] ? find_held_lock+0x2c/0x110 [ 2056.416299] ? io_submit_sqes+0x8610/0x8610 [ 2056.416769] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2056.417305] ? wait_for_completion_io+0x270/0x270 [ 2056.417842] ? rcu_read_lock_any_held+0x75/0xa0 [ 2056.418388] ? vfs_write+0x354/0xb10 [ 2056.418809] ? fput_many+0x2f/0x1a0 [ 2056.419231] ? ksys_write+0x1a9/0x260 [ 2056.419694] ? __ia32_sys_read+0xb0/0xb0 [ 2056.420154] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2056.420740] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2056.421329] do_syscall_64+0x33/0x40 [ 2056.421752] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2056.422311] RIP: 0033:0x7f285a8beb19 [ 2056.422733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2056.424751] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2056.425624] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2056.426386] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2056.427194] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2056.427992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.428777] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:56:30 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=0x0) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x3, 0x2, 0x81, 0xa1, 0x0, 0x8, 0x10, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1, @perf_bp={&(0x7f0000000000), 0xb0a4e1670858f014}, 0x1, 0xfffffffffffffffc, 0x5, 0x1, 0x80000000, 0x1, 0x800, 0x0, 0xbde1, 0x0, 0xb2e}, r1, 0x10, r0, 0x8) r2 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r2, 0x8000000) syz_io_uring_submit(r5, r4, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r2, 0x58ab, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000440)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000580)=""/208, 0xd0, 0x0, &(0x7f0000000400)=""/27, 0x1b}, &(0x7f0000000500)=0x40) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)={0x0, 0xfb, 0xbe, 0x1, 0x70, "161961b842da275c2d0e03928a7dba40", "4e9b4f21fe507c28174d0f3a68cd610b66eaeb7a4bb3f1c370f585cdfc7f4a2563d18dfce2d3ee90130150c32d4c47ca96b191a385bcb33d349587efdc3972bd4fc17009ba998e7fec39ab32990ad5cdc81c66e9728863623a00779ecc563c4ec754f70b3e8d4bc479e449d4b96a4df14dc391039d5edc6151b6489a3af531ed68a689641d514f34e4616bc299df9d63cd019862006da19312677a7afaed373e07828b2140c0caa8aa"}, 0xbe, 0x0) 05:56:31 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, '\x00', 0x36}, 0xae82}, 0x1c) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:31 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58) 05:56:31 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 05:56:31 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x100000000000000) 05:56:31 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 54) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 2056.816155] FAULT_INJECTION: forcing a failure. [ 2056.816155] name failslab, interval 1, probability 0, space 0, times 0 [ 2056.817307] CPU: 1 PID: 9599 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2056.817889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2056.818590] Call Trace: [ 2056.818825] dump_stack+0x107/0x167 [ 2056.819146] should_fail.cold+0x5/0xa [ 2056.819476] ? io_timeout_prep+0x693/0x8b0 [ 2056.819842] should_failslab+0x5/0x20 [ 2056.820176] __kmalloc+0x72/0x390 [ 2056.820487] ? __hrtimer_init+0x12c/0x270 [ 2056.820845] io_timeout_prep+0x693/0x8b0 [ 2056.821208] io_submit_sqes+0x54d8/0x8610 [ 2056.821585] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.822013] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.822430] ? lock_downgrade+0x6d0/0x6d0 [ 2056.822783] ? find_held_lock+0x2c/0x110 [ 2056.823135] ? io_submit_sqes+0x8610/0x8610 [ 2056.823518] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2056.823933] ? wait_for_completion_io+0x270/0x270 [ 2056.824352] ? rcu_read_lock_any_held+0x75/0xa0 [ 2056.824771] ? vfs_write+0x354/0xb10 [ 2056.825098] ? fput_many+0x2f/0x1a0 [ 2056.825413] ? ksys_write+0x1a9/0x260 [ 2056.825742] ? __ia32_sys_read+0xb0/0xb0 [ 2056.826095] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2056.826545] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2056.826991] do_syscall_64+0x33/0x40 [ 2056.827318] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2056.827765] RIP: 0033:0x7f30a2e99b19 [ 2056.828089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2056.829668] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2056.830330] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2056.830939] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2056.831547] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2056.832158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.832782] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 2056.874247] FAULT_INJECTION: forcing a failure. [ 2056.874247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2056.875356] CPU: 0 PID: 9602 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2056.875931] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2056.876635] Call Trace: [ 2056.876874] dump_stack+0x107/0x167 [ 2056.877197] should_fail.cold+0x5/0xa [ 2056.877547] _copy_from_user+0x2e/0x1b0 [ 2056.877902] get_timespec64+0x75/0x190 [ 2056.878245] ? put_timespec64+0x130/0x130 [ 2056.878616] ? kasan_unpoison_shadow+0x33/0x50 [ 2056.879019] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2056.879456] io_timeout_prep+0x3c5/0x8b0 [ 2056.879809] io_submit_sqes+0x54d8/0x8610 [ 2056.880188] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.880625] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2056.881041] ? lock_downgrade+0x6d0/0x6d0 [ 2056.881394] ? find_held_lock+0x2c/0x110 [ 2056.881745] ? io_submit_sqes+0x8610/0x8610 [ 2056.882131] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2056.882554] ? wait_for_completion_io+0x270/0x270 [ 2056.882976] ? rcu_read_lock_any_held+0x75/0xa0 [ 2056.883370] ? vfs_write+0x354/0xb10 [ 2056.883688] ? fput_many+0x2f/0x1a0 [ 2056.884001] ? ksys_write+0x1a9/0x260 [ 2056.884333] ? __ia32_sys_read+0xb0/0xb0 [ 2056.884695] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2056.885148] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2056.885588] do_syscall_64+0x33/0x40 [ 2056.885907] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2056.886343] RIP: 0033:0x7f3842280b19 [ 2056.886663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2056.888211] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2056.888872] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2056.889473] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2056.890074] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2056.890679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2056.891278] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:56:31 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000) 05:56:31 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 45) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 2057.153602] FAULT_INJECTION: forcing a failure. [ 2057.153602] name failslab, interval 1, probability 0, space 0, times 0 [ 2057.154843] CPU: 1 PID: 9611 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2057.155451] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2057.156170] Call Trace: [ 2057.156435] dump_stack+0x107/0x167 [ 2057.156779] should_fail.cold+0x5/0xa [ 2057.157136] ? create_object.isra.0+0x3a/0xa20 [ 2057.157536] should_failslab+0x5/0x20 [ 2057.157863] kmem_cache_alloc+0x5b/0x310 [ 2057.158215] ? mark_held_locks+0x9e/0xe0 [ 2057.158566] create_object.isra.0+0x3a/0xa20 [ 2057.158944] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2057.159380] kmem_cache_alloc_bulk+0x168/0x320 [ 2057.159777] io_submit_sqes+0x6fe6/0x8610 [ 2057.160155] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2057.160601] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2057.161016] ? lock_downgrade+0x6d0/0x6d0 [ 2057.161369] ? find_held_lock+0x2c/0x110 [ 2057.161721] ? io_submit_sqes+0x8610/0x8610 [ 2057.162100] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2057.162516] ? wait_for_completion_io+0x270/0x270 [ 2057.162932] ? rcu_read_lock_any_held+0x75/0xa0 [ 2057.163328] ? vfs_write+0x354/0xb10 [ 2057.163649] ? fput_many+0x2f/0x1a0 [ 2057.163965] ? ksys_write+0x1a9/0x260 [ 2057.164292] ? __ia32_sys_read+0xb0/0xb0 [ 2057.164665] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2057.165112] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2057.165553] do_syscall_64+0x33/0x40 [ 2057.165872] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2057.166309] RIP: 0033:0x7f285a8beb19 [ 2057.166630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2057.168174] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2057.168933] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2057.169534] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2057.170136] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2057.170739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2057.171340] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:56:45 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x18101) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1, 0xc0030, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_OPENAT={0x12, 0x2, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000000)='./file0\x00', 0x160, 0x80000, 0x23456}, 0xa59) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000340)={0x0, r1, 0x7fff, 0x118e, 0x1ff, 0x9a29}) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000280)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x3, 0x0, r5, &(0x7f00000001c0)={0x80000000}, r7, 0x1, 0x0, 0x1}, 0x7fffffff) 05:56:45 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:56:45 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000000000000) 05:56:45 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000) 05:56:45 executing program 2: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$revoke(0x3, r0) keyctl$read(0xb, r0, 0x0, 0x63f4fd1d) add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, r0) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$revoke(0x3, r2) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000280)='.request_key_auth\x00', &(0x7f0000000300)) keyctl$read(0xb, r2, 0x0, 0x63f4fd1d) keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x2, 0x5, 0x0, 0x0, 0x2, 0x3000, 0x6, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_config_ext={0xfffffffffffffff7, 0x7}, 0x2000, 0x7, 0x3, 0x0, 0x3, 0x0, 0x8, 0x0, 0x911, 0x0, 0xd1b}, 0xffffffffffffffff, 0xf, r3, 0x3) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r4, 0x8000000) syz_io_uring_submit(r7, r6, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r4, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:45 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 55) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:56:45 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59) [ 2071.348392] FAULT_INJECTION: forcing a failure. [ 2071.348392] name failslab, interval 1, probability 0, space 0, times 0 [ 2071.349436] CPU: 0 PID: 9627 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2071.350007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2071.350697] Call Trace: [ 2071.350930] dump_stack+0x107/0x167 [ 2071.351244] should_fail.cold+0x5/0xa [ 2071.351577] ? create_object.isra.0+0x3a/0xa20 [ 2071.351968] should_failslab+0x5/0x20 [ 2071.352295] kmem_cache_alloc+0x5b/0x310 [ 2071.352650] create_object.isra.0+0x3a/0xa20 [ 2071.353044] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2071.353477] __kmalloc+0x16e/0x390 [ 2071.353788] io_timeout_prep+0x693/0x8b0 [ 2071.354140] io_submit_sqes+0x54d8/0x8610 [ 2071.354513] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2071.354935] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2071.355349] ? lock_downgrade+0x6d0/0x6d0 [ 2071.355700] ? find_held_lock+0x2c/0x110 [ 2071.356051] ? io_submit_sqes+0x8610/0x8610 [ 2071.356425] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2071.356852] ? wait_for_completion_io+0x270/0x270 [ 2071.357269] ? rcu_read_lock_any_held+0x75/0xa0 [ 2071.357665] ? vfs_write+0x354/0xb10 [ 2071.357988] ? fput_many+0x2f/0x1a0 [ 2071.358321] ? ksys_write+0x1a9/0x260 [ 2071.358647] ? __ia32_sys_read+0xb0/0xb0 [ 2071.358995] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2071.359439] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2071.359876] do_syscall_64+0x33/0x40 [ 2071.360192] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2071.360623] RIP: 0033:0x7f30a2e99b19 [ 2071.361003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2071.362536] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2071.363179] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2071.363777] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2071.364376] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2071.364993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2071.365591] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:56:45 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0) [ 2071.392514] FAULT_INJECTION: forcing a failure. [ 2071.392514] name failslab, interval 1, probability 0, space 0, times 0 [ 2071.393627] CPU: 0 PID: 9632 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2071.394245] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2071.394972] Call Trace: [ 2071.395227] dump_stack+0x107/0x167 [ 2071.395566] should_fail.cold+0x5/0xa [ 2071.395924] ? io_timeout_prep+0x693/0x8b0 [ 2071.396323] should_failslab+0x5/0x20 [ 2071.396680] __kmalloc+0x72/0x390 [ 2071.397026] ? __hrtimer_init+0x12c/0x270 [ 2071.397415] io_timeout_prep+0x693/0x8b0 [ 2071.397801] io_submit_sqes+0x54d8/0x8610 [ 2071.398217] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2071.398678] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2071.399130] ? lock_downgrade+0x6d0/0x6d0 [ 2071.399513] ? find_held_lock+0x2c/0x110 [ 2071.399896] ? io_submit_sqes+0x8610/0x8610 [ 2071.400310] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2071.400760] ? wait_for_completion_io+0x270/0x270 [ 2071.401226] ? rcu_read_lock_any_held+0x75/0xa0 [ 2071.401657] ? vfs_write+0x354/0xb10 [ 2071.402005] ? fput_many+0x2f/0x1a0 [ 2071.402348] ? ksys_write+0x1a9/0x260 [ 2071.402710] ? __ia32_sys_read+0xb0/0xb0 [ 2071.403096] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2071.403583] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2071.403644] FAULT_INJECTION: forcing a failure. [ 2071.403644] name failslab, interval 1, probability 0, space 0, times 0 [ 2071.404029] do_syscall_64+0x33/0x40 [ 2071.404045] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2071.404055] RIP: 0033:0x7f285a8beb19 [ 2071.404070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2071.404079] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2071.408228] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2071.408836] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2071.409454] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2071.410066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2071.410663] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 2071.411297] CPU: 1 PID: 9635 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2071.411927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2071.412672] Call Trace: [ 2071.412939] dump_stack+0x107/0x167 [ 2071.413280] should_fail.cold+0x5/0xa [ 2071.413637] ? io_timeout_prep+0x693/0x8b0 [ 2071.414032] should_failslab+0x5/0x20 [ 2071.414384] __kmalloc+0x72/0x390 [ 2071.414708] ? __hrtimer_init+0x12c/0x270 [ 2071.415099] io_timeout_prep+0x693/0x8b0 [ 2071.415483] io_submit_sqes+0x54d8/0x8610 [ 2071.415895] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2071.416358] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2071.416817] ? lock_downgrade+0x6d0/0x6d0 [ 2071.417207] ? find_held_lock+0x2c/0x110 [ 2071.417592] ? io_submit_sqes+0x8610/0x8610 [ 2071.418008] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2071.418453] ? wait_for_completion_io+0x270/0x270 [ 2071.418910] ? rcu_read_lock_any_held+0x75/0xa0 [ 2071.419336] ? vfs_write+0x354/0xb10 [ 2071.419685] ? fput_many+0x2f/0x1a0 [ 2071.420027] ? ksys_write+0x1a9/0x260 [ 2071.420382] ? __ia32_sys_read+0xb0/0xb0 [ 2071.420763] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2071.421267] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2071.421751] do_syscall_64+0x33/0x40 [ 2071.422103] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2071.422571] RIP: 0033:0x7f3842280b19 [ 2071.422916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2071.424561] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2071.425275] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2071.425923] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2071.426572] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2071.427222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2071.427881] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:56:45 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000000)=0x1) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r4, 0x0, 0x0, 0x0) fcntl$getownex(r4, 0x10, &(0x7f0000000180)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:46 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1085, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:56:46 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 47) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:56:46 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 56) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 2071.998410] FAULT_INJECTION: forcing a failure. [ 2071.998410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2072.001701] CPU: 1 PID: 9652 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2072.003546] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2072.005744] Call Trace: [ 2072.006433] dump_stack+0x107/0x167 [ 2072.007378] should_fail.cold+0x5/0xa [ 2072.008385] _copy_from_user+0x2e/0x1b0 [ 2072.009468] get_timespec64+0x75/0x190 [ 2072.010564] ? put_timespec64+0x130/0x130 [ 2072.011658] ? kasan_unpoison_shadow+0x33/0x50 [ 2072.012857] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2072.014223] io_timeout_prep+0x3c5/0x8b0 [ 2072.015274] io_submit_sqes+0x54d8/0x8610 [ 2072.016402] ? __do_sys_io_uring_enter+0x1f2/0x18c0 [ 2072.017752] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2072.019077] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2072.020343] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2072.021698] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2072.022895] ? trace_hardirqs_on+0x5b/0x180 [ 2072.023682] FAULT_INJECTION: forcing a failure. [ 2072.023682] name failslab, interval 1, probability 0, space 0, times 0 [ 2072.024016] ? io_submit_sqes+0x8610/0x8610 [ 2072.024029] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2072.024057] ? finish_task_switch+0x126/0x5d0 [ 2072.028630] ? finish_task_switch+0xef/0x5d0 [ 2072.029542] ? __switch_to+0x572/0xf70 [ 2072.030455] ? __switch_to_asm+0x3a/0x60 [ 2072.031399] ? __switch_to_asm+0x34/0x60 [ 2072.032350] ? __schedule+0x82c/0x1ea0 [ 2072.033280] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2072.034494] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2072.035743] ? trace_hardirqs_on+0x5b/0x180 [ 2072.036759] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2072.038054] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2072.039269] do_syscall_64+0x33/0x40 [ 2072.040137] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2072.041339] RIP: 0033:0x7f3842280b19 [ 2072.042217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2072.046508] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2072.048275] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2072.049941] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2072.051602] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2072.053278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2072.054941] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2072.056622] CPU: 0 PID: 9653 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2072.058265] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 05:56:46 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60) 05:56:46 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8, 0x0, 0x0) [ 2072.059100] Call Trace: [ 2072.059967] dump_stack+0x107/0x167 [ 2072.060877] should_fail.cold+0x5/0xa [ 2072.061293] ? create_object.isra.0+0x3a/0xa20 [ 2072.062426] should_failslab+0x5/0x20 [ 2072.063373] kmem_cache_alloc+0x5b/0x310 [ 2072.064388] create_object.isra.0+0x3a/0xa20 [ 2072.065498] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2072.066791] __kmalloc+0x16e/0x390 [ 2072.067693] io_timeout_prep+0x693/0x8b0 [ 2072.068712] io_submit_sqes+0x54d8/0x8610 [ 2072.069777] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2072.070997] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2072.072223] ? lock_downgrade+0x6d0/0x6d0 [ 2072.073277] ? find_held_lock+0x2c/0x110 [ 2072.074310] ? io_submit_sqes+0x8610/0x8610 [ 2072.075393] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2072.076571] ? wait_for_completion_io+0x270/0x270 [ 2072.077794] ? rcu_read_lock_any_held+0x75/0xa0 [ 2072.078951] ? vfs_write+0x354/0xb10 [ 2072.079878] ? fput_many+0x2f/0x1a0 [ 2072.080808] ? ksys_write+0x1a9/0x260 [ 2072.081767] ? __ia32_sys_read+0xb0/0xb0 [ 2072.082779] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2072.084095] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2072.085414] do_syscall_64+0x33/0x40 [ 2072.086344] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2072.087598] RIP: 0033:0x7f285a8beb19 [ 2072.088506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2072.093019] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2072.094888] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2072.096709] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2072.098710] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2072.100184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2072.102390] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:56:46 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000) [ 2072.216723] FAULT_INJECTION: forcing a failure. [ 2072.216723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2072.219703] CPU: 0 PID: 9660 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2072.221479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2072.223783] Call Trace: [ 2072.224436] dump_stack+0x107/0x167 [ 2072.225443] should_fail.cold+0x5/0xa [ 2072.226452] _copy_from_user+0x2e/0x1b0 [ 2072.227528] get_timespec64+0x75/0x190 [ 2072.228702] ? put_timespec64+0x130/0x130 [ 2072.229818] ? kasan_unpoison_shadow+0x33/0x50 [ 2072.231065] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2072.232363] io_timeout_prep+0x3c5/0x8b0 [ 2072.233470] io_submit_sqes+0x54d8/0x8610 [ 2072.234711] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2072.236035] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2072.237327] ? lock_downgrade+0x6d0/0x6d0 05:56:46 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x800000000000000) [ 2072.238631] ? find_held_lock+0x2c/0x110 [ 2072.239768] ? io_submit_sqes+0x8610/0x8610 [ 2072.241047] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2072.242259] ? wait_for_completion_io+0x270/0x270 [ 2072.243461] ? rcu_read_lock_any_held+0x75/0xa0 [ 2072.244743] ? vfs_write+0x354/0xb10 [ 2072.245736] ? fput_many+0x2f/0x1a0 [ 2072.246663] ? ksys_write+0x1a9/0x260 [ 2072.247628] ? __ia32_sys_read+0xb0/0xb0 [ 2072.248701] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2072.250196] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2072.251651] do_syscall_64+0x33/0x40 [ 2072.252718] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2072.254164] RIP: 0033:0x7f30a2e99b19 [ 2072.255241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2072.260407] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2072.262612] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2072.264664] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2072.266706] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2072.268701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2072.270676] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:56:46 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x5, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xad7, 0x33c1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2086.959507] FAULT_INJECTION: forcing a failure. [ 2086.959507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2086.960543] CPU: 1 PID: 9691 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2086.961114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2086.961835] Call Trace: [ 2086.962068] dump_stack+0x107/0x167 [ 2086.962381] should_fail.cold+0x5/0xa [ 2086.962712] _copy_from_user+0x2e/0x1b0 [ 2086.963060] get_timespec64+0x75/0x190 [ 2086.963393] ? put_timespec64+0x130/0x130 [ 2086.963754] ? kasan_unpoison_shadow+0x33/0x50 [ 2086.964146] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2086.964583] io_timeout_prep+0x3c5/0x8b0 [ 2086.964936] io_submit_sqes+0x54d8/0x8610 [ 2086.965324] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2086.965753] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2086.966175] ? lock_downgrade+0x6d0/0x6d0 [ 2086.966532] ? find_held_lock+0x2c/0x110 [ 2086.966884] ? io_submit_sqes+0x8610/0x8610 [ 2086.967260] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2086.967675] ? wait_for_completion_io+0x270/0x270 [ 2086.968090] ? rcu_read_lock_any_held+0x75/0xa0 [ 2086.968535] ? vfs_write+0x354/0xb10 [ 2086.969303] ? fput_many+0x2f/0x1a0 [ 2086.969615] ? ksys_write+0x1a9/0x260 [ 2086.969945] ? __ia32_sys_read+0xb0/0xb0 [ 2086.970295] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2086.970740] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2086.971180] do_syscall_64+0x33/0x40 [ 2086.971499] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2086.971933] RIP: 0033:0x7f3842280b19 [ 2086.972251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2086.973849] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2086.974495] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2086.975096] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2086.975698] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2086.976297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2086.976897] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2086.988185] FAULT_INJECTION: forcing a failure. [ 2086.988185] name failslab, interval 1, probability 0, space 0, times 0 05:57:01 executing program 2: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000480)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x40e04, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1ff, 0xfffe, 0x0, 0x2}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r2, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) sendfile(r1, r1, &(0x7f0000000000)=0x5, 0x4) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:01 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000) 05:57:01 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61) 05:57:01 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff4000/0xc000)=nil, &(0x7f0000fec000/0x2000)=nil, &(0x7f0000000500)="7f3393f487c6676acf32510399602d6a2e8b43b27cc0addfb4daa2ffccfcd0412ce183c1cb5569468d2e242f0f4b61ba166ac3c429f27050d4777df4c6cf630ae4a2a7557917fea3d6908bfcb193b613313d009071925586db0ffa365546e4195c816fd9a2b1dc2041d9913c58024f05ab5da7b30a7c62997422c6fe95ad7ee3116425279171f342cb1e39ee9d412b65677b9d416bc045887975dc429b12dc93fb24ce73cf134b6b185ead193ca559185f23ed7271bb7dbb0e3ace7bccb4b02282c99927fae7511c0aa910939fa7099d972fafd7dbbd4a067e61c189f46946197fc2b57e20396620f22f1e2fadfea38ecff2ccb93ad0f6526af3862035b3dadd19e7202e8e5833425b1dea69922cb07181ea685efbfd1250abdbff9844b13ac40b4bec989538effec4ab8069ae8cb012ad56f44bf5d2848554180b1faa01727991d32c2a71509a563f5b7efedf307efc53fe38f780187445a54cf119139bf5935ebe184ca22da78f66df4ab6ef1cbf04a31ea18d6f7e577035c239ba865cdf2f09d8472d7e30c3ef47ada6751956529ddaf9b502868bb7bd7c148da0e23d17280411aac5b38698462eae05d9322e8e432776f7c4be6e1f059685d0ed8a0f74f9094d142c840d7ba35df61f48c78da1f73e02b5e9e7d6d478e92d5dcf0ba6b0f14c572f289e9c592f36894abb54b7cfa194ab6a0c291f82134ac1fe4fc1405d8f40bb2c7cb79143f52df91961231163e9e4e5310384a9802b2bf37c7e3e05ad81935a1d4ac0a6431c2edf4e00c76db59d527c267b04037efa9835c2eea438a813655ebc23750b177c043d3a1ef79b35fc5c0ab73e84a09df25f276d084489dbfd30e7f3bfbde8824377f6508b7a4106241ea170950d500c5c6909df16b3c05dece627df6ce3d9c5e59e59f14806e817f59acc9d701fef819767c5a16d447d613740824e2e19842e8d4d08103f339950486505a21b58090d735629e55b1f1648ebc4975099769b8f60de27c128efd9141f56b0001ea9e6a7efc623f4b5f54671b25c6329475ada19a096221bfa10360c186ce9999be9e324d2a513cce6cd314acac5631f391f748b9a71f8da3af51b58bdb32e2e9e37354d522ffc75e516d434e6b37d0d2cebd6c58bd43b871c2548a344b14332f9070bacc17def69436a0e87346007fb46b56b247129b7646fed47c777063218f7f36c5e816f8a5e70d1d1784fe37d394597b8e2f9104a910034f4fb5de79845eebdcf382d1f768f943cb40612700b3a05cdfc4ed108ea728ea363d30b42da72d53e675f19fea9799b497861a8c9c6f70fc1b945c0f3e5c4809dc279b5357879ce468dcad3da3f2224db292cae067d524449ff987453a1dfd477df1bec096525bf18ce0bc42218e24785ce091df89ddd7e4f6dd6ef9d6c980e0c47e34bac1165b0d2119796b423c2fe38275e112917af4d22822a5280abecff155c747241bd28dea83f79211f42e5654a6914620ac75bb2acb2d8aa494f443d73b8cb72e86966f402c04eaeb9310a92c2d639f09ce16bd095603ae34bc8abbdfa39af1be0ca142466377e6e32280625b04bd6083332aecf8937618b7b88ec818134bb5d341481bdef18e30dec8dc9cf05e1768eb804e2069401eb660d6d765702f252588e97863e094cf7e706cbd916c74c773869fffde8e055e4635739c871367f74beb380057baf5faca5e861ed080a79bfa99c283836b6c9d141ca2aca9c65e14e4b5077126095565c027d33b79395d5cb0113e8d10899deb3aa1e1461e8309cc4a3ea960efc6dd1053db43ed9dd8b6d7f24cefa407f35019ee59ec463f5978870c417cb33075630f5807b66060c155d47380991579e7937a05849e16ad53e5f896a120be6059953a29ece3e053983e46b28d611b1c1ce1c60e4d1d52c1ac9cfeea6d9357c54b4b933e0f618ae78ef4404757eff043499f2d2f0660d63fc400909893761d0e505d68a9188f06e0355b61a6eda41406d94b4a3b84873a9ef17a82527d2ebfeea1141c2695677b0e0658926b35f8ade3caa2ebd219e6b3ac65d8ec37d6b81f7f0543ed653edb5a99943afce583cecc69d349158bcf0796121fc05d7a642e217f606eff7f1b75abf07516bf4be568b7de05ce32864ecefc25bf668e00edc85be1070f8f7b25498b0aa6192458d6ae1a5d0b6b391f82379be779f0423b59c47c9870dffd57824c0e93e1fc33776426a107c07efa449215b3a7eeb3149509e2e516f6c85fcc2702b29f0a4487d8208f08a36726f423f0b674c1281673017393bc283d265b2140893d3644128e018bd88839ed6de0bb48be217c3d463b74532a6ddac731313f2324c72ad66556b145192137c98de81d3e1cc2de1bb212902d84135432de2635ce952056cc55198c1083dbc934b4c240e310135ab1a14a5067d74af4573299cef49a591eb113497f7b019518028b6ca51dcda362bcefe0d026cbdaab5b5189f4549b948670272948fab25e8abf7f155055f2eb1c1f9a4c38256ddca872c53ca2f2fc60589a76ea14a0eda6d9e65545b4eeb1c09e629d650f90e705d5430625979591181c8f05faebfddd57e8050de409fa2ef5d4e206d0f88ee55caa5d363f2217dd9eed054b7325c396f37ea4d202f1ad7d214598d68eb671817ecf70777adf77de544d77f008bfe1279bbf785714b51d96c896aecb1ecf8e4f090d9cecc5e871a92ef2d201c9bc0d6894557e4136b5cd39d22b10cefbf7d1f3898acd03a7d5011e705b1c52649ff148903045f8dc73531156dcf3bb4f772f78592704c7f2c1b27df7924ef1e89230582a84837461903fdaca1d2f41bbece5880ff5757b24852424add8ce1e86de844ac2a3e6a58d0e7b8f2a96010289a667ba910faedba5aac7c100f164b2057230d341974b5e975699a6a8c62186beb0ccc05cbc2dc3ca8490494b54c96f82e8ce5d40d91e6881e49f2bb327dcec706f1a2f5cb846f47d0f8f961f7afb9142c65136b352689fbc8df104035e53934c50fe2f77fa7e345d283b2877c75ebd2f65648bee7a3ab9970d0703c5ce4dca2b62846db00c8f65aea7012c2aaa82e24282e62f46d97c9731680e35510da5e696c39ef28f9b1dce0d6dc88fd8ec6f98972c86da96f0a1c137988b75df98618f53d833bd70cd56a12a2d0c9057aaef71cccb5fb7a24694e5833b8fe3fa24e87a763bccae32f1b5c4a384c506f5a07275f2f0f616cfd9735d985291e702b98ad0beb45297af05821ceb5ba3abe5e6fb2a9e9a3a4373c5b4612c88cadb2bb292af026d597bc798d9d51d9be0f2b569e97af639c261e85f379a78e84233bbf834aa3fb9a4a908ac2aa85cd67033b2335f06257b1168aa1c376c54c2f27ab23f1537d978243ddf2627a542bf8a515cadc54db7fd4e95095e5fc3e94bda0bb6ea64b3ccb04c7a51217050512cae1f1054c438b6294fec45c51a737f98d606f10cb163dac16832c9a41fbbb94945ad226649291c5a6a9271246d20cfaadae9c561b2fe5f18adf5aa17682c90af76dfc347987a4f44ffcf6ce9246b5637b3d52706760e315b0a68b54f236ade04d4aed6cc36b23683a450f3a132ec7a70ce9722067f7e7dd4e48f919cdd2b22996102421f1bff60a00ce2c7e4fe5e903e7d0a78d9a23aa1ce02837a789da732df06b27d6ab48b4142c574005b0d3b755d66bb1fe4ab9557ebc1c2675dda5c1f9d0cf00c7a16cb88c3f4774cef41b7b6d865aad9c345d8ac9d25b26858e7dd172c93f36c16f11aaa1a4b65d51a74bf0bec6623178e24840e84bd9b4127221a48798525608049e79c8b1d8d437f9a0234f0586146fd314497c0489c949cc987730f3ef571fcadf42a3c082b853243dc39aa4d48fb85f9958a1a89d29cff58ca490ad342b1242ee253b3949c7fd4d0ff29a7b33cae1111c3dcd3a2bfdbfc5ec3125763de7fb9e8b891177a514231d664d2dc3a35ac8cb2cd75d58623fc116f405a42f0978391af069af4bf8b70436e04b3be1f409ab39e7fc7a46d7db02e86287bacced4a5684b7f05f185b4ca0f6e10e2b2b2f0e765e52ab70df10875b61fb0b03a546c5b925aae964df291abdaab62aea1840fb9974ac58fdb6b937cdf0c2d135a844b91c4edd472e6e0a9882cca0465d207bfa5fec5f388039612feaeff925aecdf1b8d00f92abdc0f695ea78b1aaf29abd312da53a8991413416297e27f6e8b5240a94a60366bfb928f2a8cc092e5a6579f1249724876c4e79d741ace7968bb3fba9e6c0c3b182c8af8330ecc3420623068a2d25d7eba2902df5cdf035222bd7c6d3816249c7ed2cbfe884e66fce6be85e64eb311dc38a094a340551ed9fae18796c9bf5a5df27e077f75869323efb253cc609368ffe2f48fa6992e86ffeb43a9de298232dedb4c763da66d499ec602f71f5db1b767cca006a4af3fd7a3c15c75199bd1e181bae6b6ef4a9b8a29a217ed18672cb00c8738add842e8905ddfc1fb3c61ec586bb759cbe33887b2d9c6b9054fd25440f8f92856a5b1215d3fcd36c94852a5a8a17465d87966e0bea64efc1a7eef038a641068f835df3b4c4d1480f9ac9bb3460b34d95b881057b35dedf4e600dddda8ea003e57b914b80a9104afe58d61815a1dea1b7a45ef1b66be372e1e713381b44c2364053f0ba63070bcb9b48671a771d7476c02d716557f26a1274391dd0c2b6e18835b954854e7dd2cdaaddd0519925380f8224df76492e1739fb6174e2959b2fe9a1b304f6b1238b39ce77fdea2818d3a1b3e56a4e73e799a677673bf3a9e70ab157874fc6b5a7ac43c40df1afc3c407943461ac7cda524d185ffd0e167feb9df1249f5b0618f90ced2216551811d1abcd23064dc79c9db98c1b505e79bd355e5fe31a6e521e93a9493a64fa6560b30581284a346a8036b6af965d8beb0f7541153755fd5c8dbcaa9f442df3815ad73c9ef9113f38af277372cc1f4450f609f08ea939355001a849395399f1c2bbbf0196e48f03ce05950ef242ae0ed4de1939d237daa30df148c6d0520d7414314602832ce64e696c0e09a678dc660c4500bec5aad656ef8d5edb2f468eddb3d429669ab12852108e6cd848479bf267862091868969668c5ddfb9db35a55835b6472de88934f3f1ba0339ae30589513c213cb73dfb9a35a739603716d4af8ae3d61d42761400c2626840384a228f922cd974e10ee7866fe5a69f06591bc8903bc4f137e692be7b44847e42229e81f9ba80ff0f4b79ca936279b41e429fde881a7aafa15c3bd7142fc0af3d8bb203005dbed8d15fb633e21d4bc4c8e01201a9a032b23ac742c0fa5ff27de2970caa0ce92134ac77c8d4fb83e7d138336923e19d7b18f8d3cdcc1a07dae03e98e50bf45c24b5186f13fa1299202786b96c7d8695ef55f8769ce38aee856388878410dacca824c82168ada033e3d5619413287aa7cf85e447e2bebc2156c3e298f545cb832842d5c165273e2c9aeb7c6a12da4181954c2592ad85b2ce841529bc248dd637a788d6e4c79ef6708c5cec4e6a7631c31468a8ba1412efb4cedb887aa7b1bbb552efa09e0b5c54aa40941ae52727a824805a6d035bdfeb02c71a3fbc7069f1e9eec28b5316e12a8d7c381a2aa17d247b48ba1b4da11db2d1dc131b95b55e18268b25c419d037426ea984eb7d6acdff3d9e371c17797d0188421c49c7b1f468a85911c483bdf32289efc05003fc5e2b2a04dd07dddca44dc45f8093ed3850bfb5f361172a7ab3ed03426e73e4e88c62008d7dc79c1259a215058b20eb912b2d7ee900a96ed571ac66b82f57cb67bc25884072145935", 0x1000, r0}, 0x68) 05:57:01 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 57) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:57:01 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000) 05:57:01 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 48) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:57:01 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) [ 2086.990653] CPU: 1 PID: 9693 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2087.001601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.002357] Call Trace: [ 2087.002614] dump_stack+0x107/0x167 [ 2087.002952] should_fail.cold+0x5/0xa [ 2087.003305] ? io_timeout_prep+0x693/0x8b0 [ 2087.003707] should_failslab+0x5/0x20 [ 2087.004065] __kmalloc+0x72/0x390 [ 2087.004389] ? __hrtimer_init+0x12c/0x270 [ 2087.004788] io_timeout_prep+0x693/0x8b0 [ 2087.005181] io_submit_sqes+0x54d8/0x8610 [ 2087.005609] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.006074] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.006547] ? lock_downgrade+0x6d0/0x6d0 [ 2087.006938] ? find_held_lock+0x2c/0x110 [ 2087.007325] ? io_submit_sqes+0x8610/0x8610 [ 2087.007731] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2087.008188] ? wait_for_completion_io+0x270/0x270 [ 2087.008640] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.009076] ? vfs_write+0x354/0xb10 [ 2087.010656] FAULT_INJECTION: forcing a failure. [ 2087.010656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2087.013454] ? fput_many+0x2f/0x1a0 [ 2087.013468] ? ksys_write+0x1a9/0x260 [ 2087.013481] ? __ia32_sys_read+0xb0/0xb0 [ 2087.013497] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.013519] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.022154] do_syscall_64+0x33/0x40 [ 2087.022472] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.022903] RIP: 0033:0x7f30a2e99b19 [ 2087.023231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.024773] RSP: 002b:00007f30a03ee188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2087.025822] RAX: ffffffffffffffda RBX: 00007f30a2fad020 RCX: 00007f30a2e99b19 [ 2087.027393] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 [ 2087.028946] RBP: 00007f30a03ee1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.030525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2087.032089] R13: 00007ffcb9e7c18f R14: 00007f30a03ee300 R15: 0000000000022000 [ 2087.033686] CPU: 0 PID: 9694 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2087.034434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.035301] Call Trace: [ 2087.035611] dump_stack+0x107/0x167 [ 2087.036042] should_fail.cold+0x5/0xa [ 2087.036416] _copy_from_user+0x2e/0x1b0 [ 2087.036878] get_timespec64+0x75/0x190 [ 2087.037356] ? put_timespec64+0x130/0x130 [ 2087.037809] ? kasan_unpoison_shadow+0x33/0x50 [ 2087.038340] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2087.038885] io_timeout_prep+0x3c5/0x8b0 [ 2087.039326] io_submit_sqes+0x54d8/0x8610 [ 2087.039797] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.040311] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.040824] ? lock_downgrade+0x6d0/0x6d0 [ 2087.041302] ? find_held_lock+0x2c/0x110 [ 2087.041782] ? io_submit_sqes+0x8610/0x8610 [ 2087.042254] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2087.042773] ? wait_for_completion_io+0x270/0x270 [ 2087.043283] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.043771] ? vfs_write+0x354/0xb10 [ 2087.044170] ? fput_many+0x2f/0x1a0 [ 2087.044513] ? ksys_write+0x1a9/0x260 [ 2087.044986] ? __ia32_sys_read+0xb0/0xb0 [ 2087.045420] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.045905] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.046386] do_syscall_64+0x33/0x40 [ 2087.046777] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.047256] RIP: 0033:0x7f285a8beb19 [ 2087.047619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.049291] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2087.050018] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2087.050684] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2087.051328] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.052005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2087.052642] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:57:01 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0) 05:57:01 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) r3 = creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x2010, r3, 0x8000000) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) r7 = syz_io_uring_setup(0x3ca0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r10}}, 0x10000) syz_io_uring_submit(r4, r6, &(0x7f0000000980)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@ll={0x11, 0x1, 0x0, 0x1, 0x3f, 0x6, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000300)="f41737e8ce51163c9227633f3db5e64ebb4d342133bf440f2c9317ea03dcbd9bec00cbec61dec79fb386b6b9d6010bdffe22a16202640798909a50d699dd0031decad178790090f2dd99a1f663b5d92279ecf9cf55f56f8aa845c1a281460d4024ba9150df6bedc836d37fa88e16287478639293608a95a26f7c01521d316776f5c277c8004476085fe6bd8711082a361af6dc9a8de7d89bfb0cdc3750b8", 0x9e}, {&(0x7f00000003c0)="04945709357400567bd5ddc80e2700a7dcce7d33183efc845bfbf4d90fbedb90a99e719617a615ca29586b3eec4b084c619c6b7e9c446d5fe5cd2c20355bbd076fb3dfad3b52b2ea437500b373bcade4e6dc56735478e9a4ff84aa1d34dcd20b9d2785760f8ea109244481dcac579631b4a839dc67dde2848859683ded6ed5ce186a093b44addb6d01aa926dc05feb84aad9d8a4212ee9db8c65", 0x9a}, {&(0x7f0000000240)="7ebe682a400a46d83565f6bc30a0de9b445f5f95a0f56e30addd9292ce5208e27372d8553e0910d24137a31a0247024d6fba35c1e8971b7db39bf5d5785bb6ebf714d957e8d116580f4b30c2a87e5bd41722fa4948d112720432dd74526587bf5cd457f4214fad195efebe6b8e6773e06da1193658ebc241bac3", 0x7a}, {&(0x7f0000000580)="11ef2dbc09182bf2a6e048946b0313306d64bbef7cbf36e53e6cd5f4fac2ed836534c5916a03404e5e23bfda8772ec2b94f4943e722b5d5304f90af9f3662d594e0dcff40708dc689d51481ba456d32bfccbbef71ca9cf4d670aa0763f634a32b0213c498e8d274f10b97f03425b4753de44d93e02fbc0b623d6f9a59b9b56a08e62245bd43e803507584963b57ba42f2ad901c637d5b56263618b3fef013b", 0x9f}], 0x4, &(0x7f0000000640)=[{0x50, 0x3a, 0xffffffff, "04f5d10c07ee312ebf0c7772c954e16ecaba050624c0e85bbb00ae4a75e31d6621ac8f4e5cc2cbf6367bb9eb351df1a0e58098415b5b06f5edcbc1c1d2a365"}, {0xd8, 0x119, 0x5, "50c377451da30643800e10ad8020925bab873857af09f09609a62d2818a2346daabe533075eb04e705664e9ecc31e43f36ffe683e2dd54e08075956d5efcab61dfdadb46fc5bd6934f247c4c23e9d876bfb55d396e0a506f3c0b225c34d09be3d75a9bb690459fff51c8050b8a9a88c64841e47eb0b54069bcb5709c6c4495f02a92ceadfded6228287374139f974572af9f645e29ab8fdf105654021fd23fbb1bd7a95bd13208b5ff4f4c5fb6d4d1d4fd3ad873f02c491446bc4f4d944e6aed1f"}, {0x20, 0x10e, 0x2, "f976c4ff462a16b2b676304e6f744c"}, {0xe0, 0x6, 0xffffffff, "f8f3870eb1c8da8034207785ffc46a83e85c152176dda0ba668b8ec130f27f80f7749ad273988ed3b92b005ad3498754462145c8105d1c3b56534442a3b60a4bffc50e645c191f2c7b8b567cd5ac40c01cc68f84c123b6ef2b2e870811588814bbc833e5fd54ca33549f822f88f5a4fa194222b6975cb9c5030ecfab779ff332954e0e4dfa50183ee8c6d67d3ae44bfb49b22fbf2dc0fa0659beab87adb973aa782eed22e9362dd747d53f88b68d88845f4e53bd68085211c2a3c6b3996e581d12bd395e6324f626db1b23b9"}, {0xe8, 0x104, 0x80, "7da122644479ea2f909346f7de8b9623db923c3088dada67c2391b3ca2e83879c0bffd4eecab5c12cba41002af972158eaec3a9c319ccf59479c22b1e7b38f1256e983dbe78a035a8423ceb65e2e16d930fd08fe08b560be85ec46a6da62c9bc93c6a27224272bf51e00274becd04677f657028eb786d3716dab555dc11ee41563f64541b1f39ee0a69d5ed1df1c2aacdcf7f049dab4bd6ae03b34e9005e36a0f4a462fa75a598aa3d99503263187d4b20af96070326a9e4c99ef53c7613f24dab928529aeb0d04fe24f197e5df9f2df4590"}], 0x310}, 0x0, 0x4, 0x0, {0x0, r10}}, 0x81) r11 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r11, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 05:57:15 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0) 05:57:15 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 62) 05:57:15 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8, 0x10, r0, 0x0) syz_io_uring_setup(0x4839, &(0x7f0000000180)={0x0, 0xc269, 0x8, 0x1, 0x4f, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000240)=0x0) io_uring_enter(0xffffffffffffffff, 0x494d, 0xa853, 0x3, &(0x7f0000000300)={[0x4]}, 0x8) syz_io_uring_submit(r3, r4, &(0x7f0000000280)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x2}}, 0x5) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:15 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8000000) 05:57:15 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 58) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:57:15 executing program 2: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x20008, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000180)={0x0, 0xc003, 0x0, 0x40000000, 0x16}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_FALLOCATE={0x11, 0x3, 0x0, @fd_index, 0x3, 0x0, 0x3, 0x0, 0x1}, 0xfffffff7) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xfc, 0x7b, 0x1, 0x2, 0x0, 0x4, 0x20342, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000080), 0x5}, 0x2, 0x1, 0x8, 0x6, 0x4179, 0x1, 0xd5a9, 0x0, 0xa205, 0x0, 0x40}, 0xffffffffffffffff, 0x0, r0, 0x1b) tee(0xffffffffffffffff, r5, 0x0, 0xd) 05:57:15 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x1, 0x1f, 0xff, 0x38, 0x0, 0x259, 0x4400, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x2, 0x2, 0x20, 0x0, 0x1000, 0x800, 0x3e, 0x0, 0x7, 0x0, 0x101}, 0xffffffffffffffff, 0x4000000007, r0, 0xb) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r4, 0x0, 0x0, 0x0) syz_io_uring_setup(0x16b3, &(0x7f0000000240)={0x0, 0x5058, 0x2, 0x3, 0x2c6, 0x0, r4}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000300)=0x0, &(0x7f0000000340)) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:15 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 49) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) [ 2101.647772] FAULT_INJECTION: forcing a failure. [ 2101.647772] name failslab, interval 1, probability 0, space 0, times 0 [ 2101.649060] CPU: 1 PID: 9720 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2101.649698] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2101.650452] Call Trace: [ 2101.650712] dump_stack+0x107/0x167 [ 2101.651058] should_fail.cold+0x5/0xa [ 2101.651407] ? create_object.isra.0+0x3a/0xa20 [ 2101.651806] should_failslab+0x5/0x20 [ 2101.652144] kmem_cache_alloc+0x5b/0x310 [ 2101.652496] create_object.isra.0+0x3a/0xa20 [ 2101.652869] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2101.653301] __kmalloc+0x16e/0x390 [ 2101.653618] io_timeout_prep+0x693/0x8b0 [ 2101.653977] io_submit_sqes+0x54d8/0x8610 [ 2101.654349] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.654777] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.655191] ? lock_downgrade+0x6d0/0x6d0 [ 2101.655539] ? find_held_lock+0x2c/0x110 [ 2101.655889] ? io_submit_sqes+0x8610/0x8610 [ 2101.656110] FAULT_INJECTION: forcing a failure. [ 2101.656110] name failslab, interval 1, probability 0, space 0, times 0 [ 2101.656272] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2101.657704] ? wait_for_completion_io+0x270/0x270 [ 2101.658126] ? rcu_read_lock_any_held+0x75/0xa0 [ 2101.658519] ? vfs_write+0x354/0xb10 [ 2101.658835] ? fput_many+0x2f/0x1a0 [ 2101.659152] ? ksys_write+0x1a9/0x260 [ 2101.659475] ? __ia32_sys_read+0xb0/0xb0 [ 2101.659821] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2101.660269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2101.660712] do_syscall_64+0x33/0x40 [ 2101.661036] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2101.661467] RIP: 0033:0x7f30a2e99b19 [ 2101.661798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2101.663350] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2101.664003] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2101.664603] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2101.665210] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2101.665825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2101.666427] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 2101.667056] CPU: 0 PID: 9729 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2101.667692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2101.668384] Call Trace: [ 2101.668675] dump_stack+0x107/0x167 [ 2101.668988] should_fail.cold+0x5/0xa [ 2101.669315] ? io_timeout_prep+0x693/0x8b0 [ 2101.669773] should_failslab+0x5/0x20 [ 2101.670103] __kmalloc+0x72/0x390 [ 2101.670405] ? __hrtimer_init+0x12c/0x270 [ 2101.670821] io_timeout_prep+0x693/0x8b0 [ 2101.671182] io_submit_sqes+0x54d8/0x8610 [ 2101.671599] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.672042] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.672469] ? lock_downgrade+0x6d0/0x6d0 [ 2101.672888] ? find_held_lock+0x2c/0x110 [ 2101.673245] ? io_submit_sqes+0x8610/0x8610 [ 2101.673713] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2101.674131] ? wait_for_completion_io+0x270/0x270 [ 2101.674547] ? rcu_read_lock_any_held+0x75/0xa0 [ 2101.675004] ? vfs_write+0x354/0xb10 [ 2101.675325] ? fput_many+0x2f/0x1a0 [ 2101.675639] ? ksys_write+0x1a9/0x260 [ 2101.675966] ? __ia32_sys_read+0xb0/0xb0 [ 2101.676317] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2101.676765] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2101.677217] do_syscall_64+0x33/0x40 [ 2101.677462] FAULT_INJECTION: forcing a failure. [ 2101.677462] name failslab, interval 1, probability 0, space 0, times 0 [ 2101.677542] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2101.678923] RIP: 0033:0x7f3842280b19 [ 2101.679247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2101.680789] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2101.681440] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2101.682066] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2101.682666] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2101.683271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2101.683872] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2101.684500] CPU: 1 PID: 9728 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2101.685106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2101.685817] Call Trace: [ 2101.686057] dump_stack+0x107/0x167 [ 2101.686381] should_fail.cold+0x5/0xa [ 2101.686718] ? io_timeout_prep+0x693/0x8b0 [ 2101.687082] should_failslab+0x5/0x20 [ 2101.687406] __kmalloc+0x72/0x390 [ 2101.687705] ? __hrtimer_init+0x12c/0x270 [ 2101.688063] io_timeout_prep+0x693/0x8b0 [ 2101.688419] io_submit_sqes+0x54d8/0x8610 [ 2101.688804] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.689235] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.689663] ? lock_downgrade+0x6d0/0x6d0 [ 2101.690025] ? find_held_lock+0x2c/0x110 [ 2101.690380] ? io_submit_sqes+0x8610/0x8610 [ 2101.690761] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2101.691183] ? wait_for_completion_io+0x270/0x270 [ 2101.691599] ? rcu_read_lock_any_held+0x75/0xa0 [ 2101.692002] ? vfs_write+0x354/0xb10 [ 2101.692327] ? fput_many+0x2f/0x1a0 [ 2101.692646] ? ksys_write+0x1a9/0x260 [ 2101.692976] ? __ia32_sys_read+0xb0/0xb0 [ 2101.693329] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2101.693800] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2101.694244] do_syscall_64+0x33/0x40 [ 2101.694561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2101.701962] RIP: 0033:0x7f285a8beb19 [ 2101.702290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2101.703852] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2101.704509] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2101.705121] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2101.705727] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2101.706323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2101.706918] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:57:16 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) r1 = syz_io_uring_setup(0x3f8e, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x3, 0x0, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:16 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0) 05:57:16 executing program 1: r0 = mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="0000000005c024b7dbb34afadaeee865fbc3e9cb7c3351e0db05ebad7088e73f90e833b80a38ccb99a7ef11f987c99"]) io_uring_enter(r5, 0x277d, 0xfa2e, 0x2, &(0x7f0000000180)={[0x9]}, 0x8) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) mq_notify(r0, &(0x7f0000000240)={0x0, 0x1b, 0x1, @tid=r6}) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:16 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x4000000, 0x0, 0x0) 05:57:16 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r4, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r4, 0x2401, 0x7) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:16 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 50) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:57:16 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 63) 05:57:16 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000) 05:57:16 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x8000000, 0x0, 0x0) [ 2102.034978] FAULT_INJECTION: forcing a failure. [ 2102.034978] name failslab, interval 1, probability 0, space 0, times 0 [ 2102.036072] CPU: 1 PID: 9760 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2102.036649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.037344] Call Trace: [ 2102.037577] dump_stack+0x107/0x167 [ 2102.037911] should_fail.cold+0x5/0xa [ 2102.038240] ? create_object.isra.0+0x3a/0xa20 [ 2102.038633] should_failslab+0x5/0x20 [ 2102.038963] kmem_cache_alloc+0x5b/0x310 [ 2102.039319] create_object.isra.0+0x3a/0xa20 [ 2102.039695] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2102.040140] __kmalloc+0x16e/0x390 [ 2102.040445] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 2102.040892] io_timeout_prep+0x693/0x8b0 [ 2102.041252] io_submit_sqes+0x54d8/0x8610 [ 2102.041634] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.042064] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.042484] ? lock_downgrade+0x6d0/0x6d0 [ 2102.042836] ? find_held_lock+0x2c/0x110 [ 2102.043195] ? io_submit_sqes+0x8610/0x8610 [ 2102.043571] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2102.043988] ? wait_for_completion_io+0x270/0x270 [ 2102.044404] ? rcu_read_lock_any_held+0x75/0xa0 [ 2102.044811] ? vfs_write+0x354/0xb10 [ 2102.045143] ? fput_many+0x2f/0x1a0 [ 2102.045466] ? ksys_write+0x1a9/0x260 [ 2102.045806] ? __ia32_sys_read+0xb0/0xb0 [ 2102.046036] FAULT_INJECTION: forcing a failure. [ 2102.046036] name failslab, interval 1, probability 0, space 0, times 0 [ 2102.046164] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.046183] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.047993] do_syscall_64+0x33/0x40 [ 2102.048321] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.048756] RIP: 0033:0x7f285a8beb19 [ 2102.049082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.050642] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2102.051294] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2102.051895] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2102.052499] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2102.053105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2102.053724] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 2102.054357] CPU: 0 PID: 9762 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2102.054954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.055657] Call Trace: [ 2102.055894] dump_stack+0x107/0x167 [ 2102.056219] should_fail.cold+0x5/0xa [ 2102.056559] ? io_timeout_prep+0x693/0x8b0 [ 2102.056946] should_failslab+0x5/0x20 [ 2102.057280] __kmalloc+0x72/0x390 [ 2102.057584] io_timeout_prep+0x693/0x8b0 [ 2102.057956] ? __sanitizer_cov_trace_switch+0x37/0x80 [ 2102.058400] io_submit_sqes+0x54d8/0x8610 [ 2102.058776] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.059204] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.059619] ? lock_downgrade+0x6d0/0x6d0 [ 2102.059977] ? find_held_lock+0x2c/0x110 [ 2102.060333] ? io_submit_sqes+0x8610/0x8610 [ 2102.060711] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2102.061131] ? wait_for_completion_io+0x270/0x270 [ 2102.061549] ? rcu_read_lock_any_held+0x75/0xa0 [ 2102.061967] ? vfs_write+0x354/0xb10 [ 2102.062287] ? fput_many+0x2f/0x1a0 [ 2102.062609] ? ksys_write+0x1a9/0x260 [ 2102.062941] ? __ia32_sys_read+0xb0/0xb0 [ 2102.063298] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.063746] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.064267] do_syscall_64+0x33/0x40 [ 2102.064645] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.065089] RIP: 0033:0x7f30a2e99b19 [ 2102.065407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.066973] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2102.067617] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2102.068232] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2102.068832] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 05:57:16 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 59) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 2102.069433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2102.070054] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 05:57:16 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)=0x0) r5 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r3, r6, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xd, 0x11, r0, 0x10000000) r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000240)=@IORING_OP_FADVISE={0x18, 0x3, 0x0, @fd, 0x6, 0x0, 0x9, 0x1, 0x1, {0x0, r9}}, 0x200) pread64(r8, 0x0, 0x0, 0x0) r10 = syz_io_uring_setup(0x3ca0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r10, 0x9, 0x0, 0x0) syz_io_uring_submit(r11, r12, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r13}}, 0x10000) syz_io_uring_submit(r3, r7, &(0x7f0000000180)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r8, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r13}}, 0x5) r14 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r14, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2102.110288] FAULT_INJECTION: forcing a failure. [ 2102.110288] name failslab, interval 1, probability 0, space 0, times 0 [ 2102.111296] CPU: 1 PID: 9768 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2102.111873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.112565] Call Trace: [ 2102.112798] dump_stack+0x107/0x167 [ 2102.113111] should_fail.cold+0x5/0xa [ 2102.113438] ? io_timeout_prep+0x693/0x8b0 [ 2102.113815] should_failslab+0x5/0x20 [ 2102.114142] __kmalloc+0x72/0x390 [ 2102.114441] ? __hrtimer_init+0x12c/0x270 [ 2102.114802] io_timeout_prep+0x693/0x8b0 [ 2102.115161] io_submit_sqes+0x54d8/0x8610 [ 2102.115537] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.115966] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.116385] ? lock_downgrade+0x6d0/0x6d0 [ 2102.116738] ? find_held_lock+0x2c/0x110 [ 2102.117098] ? io_submit_sqes+0x8610/0x8610 [ 2102.117473] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2102.117898] ? wait_for_completion_io+0x270/0x270 [ 2102.118313] ? rcu_read_lock_any_held+0x75/0xa0 [ 2102.118709] ? vfs_write+0x354/0xb10 [ 2102.119030] ? fput_many+0x2f/0x1a0 [ 2102.119343] ? ksys_write+0x1a9/0x260 [ 2102.119669] ? __ia32_sys_read+0xb0/0xb0 [ 2102.120023] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.120468] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.120910] do_syscall_64+0x33/0x40 [ 2102.121231] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.121683] RIP: 0033:0x7f3842280b19 [ 2102.122002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.123571] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2102.124225] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2102.124831] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2102.125436] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2102.126053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2102.126660] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 05:57:16 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 05:57:16 executing program 6: r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_setup(0x22, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000002a40)) r4 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000002a40)=0x0) syz_io_uring_submit(r3, r5, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000280)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)="a8a4d0d67c897601de5513ca37be1096616910500f95ec07b3d2d7f6911c13a0bd271c6db8942b99edceecd1795e409b57", 0x31, 0xc0000022, 0x1}, 0x6) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) accept(0xffffffffffffffff, &(0x7f0000000300)=@in6={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000380)=0x80) syz_io_uring_setup(0x31f0, &(0x7f00000003c0)={0x0, 0x80e3, 0x10, 0x0, 0x14e, 0x0, r4}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000480)) syz_io_uring_setup(0x4702, &(0x7f00000004c0)={0x0, 0xb2b5, 0x4, 0x2, 0xb3, 0x0, r4}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000540), &(0x7f0000000580)=0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000600)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x4, &(0x7f00000005c0)={0x0, 0x989680}, 0x1, 0x1, 0x80538b1aab281467, {0x0, r9}}, 0x5) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f0000000180)={'ip6gre0\x00', 0x0, 0x4, 0x3f, 0x1f, 0x4, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x10, 0x8, 0x7fffffff, 0x2}}) 05:57:16 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4307, 0x81000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a78, &(0x7f0000000080)={0x0, 0x2de9, 0x20}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB='\t\x00'/16]) signalfd(r4, &(0x7f0000000180)={[0x100000000]}, 0x8) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:16 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0) 05:57:16 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) io_uring_enter(r0, 0x1139, 0xf164, 0x1, &(0x7f0000000000), 0x8) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:16 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 51) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:57:16 executing program 6: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x9}}, './file0\x00'}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)=""/26, 0x1a}, {&(0x7f0000000500)=""/4096, 0x1000}], 0x2) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x3}}, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(&(0x7f0000000100)='./file1\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r3, 0x0) setresuid(r3, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x100000, &(0x7f0000001500)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@uname={'uname', 0x3d, '\x00'}}, {@posixacl}, {@access_user}, {@access_any}, {@access_client}], [{@uid_gt={'uid>', 0xffffffffffffffff}}, {@fsname={'fsname', 0x3d, '\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x364}}, {@uid_eq={'uid', 0x3d, r3}}, {@audit}, {@subj_user={'subj_user', 0x3d, '&:+\''}}, {@subj_role={'subj_role', 0x3d, '-'}}, {@fsname}, {@permit_directio}, {@rootcontext={'rootcontext', 0x3d, 'root'}}]}}) syz_open_procfs(r2, &(0x7f0000000280)='net/mcfilter\x00') perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x1, 0x7, 0xd4, 0x40, 0x0, 0x100, 0x40, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0xd336, 0x401}, 0x2000, 0xd6, 0x8, 0x1, 0x1, 0x3, 0x5, 0x0, 0x6cec479f, 0x0, 0x6f52}, r2, 0x4, 0xffffffffffffffff, 0x9) r4 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x100000e, 0x13, r4, 0x0) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r4, 0x8000000) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x40871, r1, 0x0) syz_io_uring_submit(r8, r6, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x4, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1}, 0x100) syz_io_uring_submit(r7, r6, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r4, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:16 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000) [ 2102.507858] FAULT_INJECTION: forcing a failure. [ 2102.507858] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2102.508961] CPU: 0 PID: 9799 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2102.509545] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.510264] Call Trace: [ 2102.510499] dump_stack+0x107/0x167 [ 2102.510812] should_fail.cold+0x5/0xa [ 2102.511145] _copy_from_user+0x2e/0x1b0 [ 2102.511493] get_timespec64+0x75/0x190 [ 2102.511830] ? put_timespec64+0x130/0x130 [ 2102.512191] ? kasan_unpoison_shadow+0x33/0x50 [ 2102.512584] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2102.513024] io_timeout_prep+0x3c5/0x8b0 [ 2102.513383] io_submit_sqes+0x54d8/0x8610 [ 2102.513787] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.514214] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2102.514631] ? lock_downgrade+0x6d0/0x6d0 [ 2102.514989] ? find_held_lock+0x2c/0x110 [ 2102.515343] ? io_submit_sqes+0x8610/0x8610 [ 2102.515723] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2102.516138] ? wait_for_completion_io+0x270/0x270 [ 2102.516554] ? rcu_read_lock_any_held+0x75/0xa0 [ 2102.516952] ? vfs_write+0x354/0xb10 [ 2102.517272] ? fput_many+0x2f/0x1a0 [ 2102.517585] ? ksys_write+0x1a9/0x260 [ 2102.517932] ? __ia32_sys_read+0xb0/0xb0 [ 2102.518284] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.518731] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.519173] do_syscall_64+0x33/0x40 [ 2102.519492] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.519931] RIP: 0033:0x7f285a8beb19 [ 2102.520250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.521808] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2102.522471] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2102.523084] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2102.523686] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2102.524290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2102.524890] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 [ 2116.752742] FAULT_INJECTION: forcing a failure. [ 2116.752742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2116.753815] CPU: 0 PID: 9821 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2116.754415] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.755105] Call Trace: [ 2116.755336] dump_stack+0x107/0x167 [ 2116.755646] should_fail.cold+0x5/0xa [ 2116.755975] _copy_from_user+0x2e/0x1b0 [ 2116.756324] get_timespec64+0x75/0x190 [ 2116.756657] ? put_timespec64+0x130/0x130 [ 2116.757015] ? kasan_unpoison_shadow+0x33/0x50 [ 2116.757411] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2116.757848] io_timeout_prep+0x3c5/0x8b0 [ 2116.758229] io_submit_sqes+0x54d8/0x8610 [ 2116.758605] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2116.759024] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2116.759441] ? lock_downgrade+0x6d0/0x6d0 [ 2116.759791] ? find_held_lock+0x2c/0x110 [ 2116.760138] ? io_submit_sqes+0x8610/0x8610 [ 2116.760511] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2116.760921] ? wait_for_completion_io+0x270/0x270 [ 2116.761331] ? rcu_read_lock_any_held+0x75/0xa0 [ 2116.761724] ? vfs_write+0x354/0xb10 [ 2116.762064] ? fput_many+0x2f/0x1a0 [ 2116.762380] ? ksys_write+0x1a9/0x260 [ 2116.762706] ? __ia32_sys_read+0xb0/0xb0 [ 2116.763054] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.763497] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.763936] do_syscall_64+0x33/0x40 [ 2116.764262] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.764706] RIP: 0033:0x7f3842280b19 [ 2116.765031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.766591] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2116.767230] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 05:57:31 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 64) 05:57:31 executing program 3: perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x100000000000000) 05:57:31 executing program 7: mq_open(&(0x7f0000000040)='@\x00', 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x200000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 52) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) 05:57:31 executing program 6: ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x80, 0x0, 0x0, 0x4307, 0x10014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x10000}, 0x0, 0x5, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x6000)=nil, 0x6000, 0x1800007, 0x2010, r1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) readv(r0, &(0x7f0000000740)=[{&(0x7f0000000240)=""/83, 0x53}, {&(0x7f0000000300)=""/81, 0x51}, {&(0x7f0000000000)=""/5, 0x5}, {&(0x7f0000000380)=""/133, 0x85}, {&(0x7f0000000440)=""/51, 0x33}], 0x5) mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x6000)=nil, 0x6000, 0x4, 0x8010, r1, 0x8000000) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x40, 0x2, 0x1, 0x7, 0x0, 0x1000, 0xc00, 0xa, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xd60, 0x2, @perf_config_ext={0x6, 0xebe}, 0x2049, 0x7, 0x1100, 0x8, 0x8, 0x0, 0x81, 0x0, 0x100, 0x0, 0xffffffff80000000}, 0xffffffffffffffff, 0x4, r0, 0x1) 05:57:31 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x4010, r0, 0x0) r4 = syz_io_uring_setup(0x3ca0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x10000) syz_io_uring_submit(r3, r2, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x3ff) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r8, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:31 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 60) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) 05:57:31 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x100000000000000, 0x0, 0x0) 05:57:31 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2116.767824] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2116.768421] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2116.769015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2116.769610] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2116.781583] FAULT_INJECTION: forcing a failure. [ 2116.781583] name failslab, interval 1, probability 0, space 0, times 0 [ 2116.782743] CPU: 0 PID: 9826 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2116.783327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.784022] Call Trace: [ 2116.784254] dump_stack+0x107/0x167 [ 2116.784568] should_fail.cold+0x5/0xa [ 2116.784904] ? io_timeout_prep+0x693/0x8b0 [ 2116.785274] should_failslab+0x5/0x20 [ 2116.785600] __kmalloc+0x72/0x390 [ 2116.785900] ? __hrtimer_init+0x12c/0x270 [ 2116.786282] io_timeout_prep+0x693/0x8b0 [ 2116.786636] io_submit_sqes+0x54d8/0x8610 [ 2116.787016] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2116.787449] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2116.787868] ? lock_downgrade+0x6d0/0x6d0 [ 2116.788223] ? find_held_lock+0x2c/0x110 [ 2116.788576] ? io_submit_sqes+0x8610/0x8610 [ 2116.788966] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2116.789397] ? wait_for_completion_io+0x270/0x270 [ 2116.789826] ? rcu_read_lock_any_held+0x75/0xa0 [ 2116.790258] ? vfs_write+0x354/0xb10 [ 2116.790578] ? fput_many+0x2f/0x1a0 [ 2116.790889] ? ksys_write+0x1a9/0x260 [ 2116.791213] ? __ia32_sys_read+0xb0/0xb0 [ 2116.791560] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.792002] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.792439] do_syscall_64+0x33/0x40 [ 2116.792756] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.793192] RIP: 0033:0x7f30a2e99b19 [ 2116.793509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.795068] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2116.795710] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2116.796306] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2116.796901] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2116.797497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2116.798121] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 2116.817839] FAULT_INJECTION: forcing a failure. [ 2116.817839] name failslab, interval 1, probability 0, space 0, times 0 [ 2116.819016] CPU: 1 PID: 9828 Comm: syz-executor.7 Not tainted 5.10.226 #1 [ 2116.819644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.820430] Call Trace: [ 2116.820713] dump_stack+0x107/0x167 [ 2116.821091] should_fail.cold+0x5/0xa [ 2116.821476] ? io_timeout_prep+0x693/0x8b0 [ 2116.821886] should_failslab+0x5/0x20 [ 2116.822271] __kmalloc+0x72/0x390 [ 2116.822597] ? __hrtimer_init+0x12c/0x270 [ 2116.822998] io_timeout_prep+0x693/0x8b0 [ 2116.823388] io_submit_sqes+0x54d8/0x8610 [ 2116.823786] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2116.824223] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2116.824648] ? lock_downgrade+0x6d0/0x6d0 [ 2116.825006] ? find_held_lock+0x2c/0x110 [ 2116.825357] ? io_submit_sqes+0x8610/0x8610 [ 2116.825733] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2116.826162] ? wait_for_completion_io+0x270/0x270 [ 2116.826575] ? rcu_read_lock_any_held+0x75/0xa0 [ 2116.826982] ? vfs_write+0x354/0xb10 [ 2116.827307] ? fput_many+0x2f/0x1a0 [ 2116.827619] ? ksys_write+0x1a9/0x260 [ 2116.827956] ? __ia32_sys_read+0xb0/0xb0 [ 2116.828307] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.828752] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.829204] do_syscall_64+0x33/0x40 [ 2116.829521] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.829961] RIP: 0033:0x7f285a8beb19 [ 2116.830316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.831854] RSP: 002b:00007f2857e34188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2116.832511] RAX: ffffffffffffffda RBX: 00007f285a9d1f60 RCX: 00007f285a8beb19 [ 2116.833116] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000005 [ 2116.833721] RBP: 00007f2857e341d0 R08: 0000000000000000 R09: 0000000000000000 [ 2116.834360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2116.834965] R13: 00007ffe445b882f R14: 00007f2857e34300 R15: 0000000000022000 05:57:31 executing program 1: mq_open(&(0x7f0000000040)='@\x00', 0x0, 0x4, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0xd66, 0x0, &(0x7f0000000300)="9d24527801e3021f3c38faf91e67782348fbae62bc2b1bf442a8a1517750e7dc3a8e76b30d98f046ff759bc780c6de0c8f1dde0ea3b7dd470d1b8d1da7ae8a4d5a571df0ad08858b3c115dddf9d340e797993acce5497f14f3d097c2f195174573f5320a5b22ba156126dc18e6eb60ee0e58d3c33fdf12191c19d62c3873ecfa2f932fcff0a1d643f8510d1b94dfd8c99a6d268f4e421165ab51a4a80119d34480346730119d8f2880c94ca0823197ac6019a637c7b52198b491327e60a3bfbc6d9bf0de24cf28ce7cbd6ac2d2bf23f089af1fcffc3bad1bb069d6c2ea7a2a41f8bf2ba9e4290e3346be0687ebfc9c71c0", 0x4, 0x0, 0x0, {0x3}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:31 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000001c0), 0xf}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x398c, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000000300)=0x0, &(0x7f0000000200)=0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r3, r4+60000000}}, 0x0) creat(0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000540)) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pread64(r5, 0x0, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000280), 0xfffffffffffffff8, 0x341000) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd=r5, 0x1, 0x0, 0x2, 0x3, 0x1}, 0xd7) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), &(0x7f00000003c0)=@md5={0x1, "d918b7094622e1122ecf9f6ae8657bd3"}, 0x11, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) finit_module(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x2) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 05:57:31 executing program 5: r0 = mq_open(0x0, 0x40, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140)={r4, r5+10000000}, 0x1, 0x0, 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000540)) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 65) 05:57:31 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x0, 0x7fffffff}]}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0x1}, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 61) sigaltstack(&(0x7f0000ffa000/0x3000)=nil, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) [ 2117.140793] FAULT_INJECTION: forcing a failure. [ 2117.140793] name failslab, interval 1, probability 0, space 0, times 0 [ 2117.141900] CPU: 0 PID: 9843 Comm: syz-executor.5 Not tainted 5.10.226 #1 [ 2117.142493] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2117.143195] Call Trace: [ 2117.143427] dump_stack+0x107/0x167 [ 2117.143740] should_fail.cold+0x5/0xa [ 2117.144069] ? create_object.isra.0+0x3a/0xa20 [ 2117.144459] should_failslab+0x5/0x20 [ 2117.144792] kmem_cache_alloc+0x5b/0x310 [ 2117.145151] create_object.isra.0+0x3a/0xa20 [ 2117.145523] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2117.145957] __kmalloc+0x16e/0x390 [ 2117.146295] io_timeout_prep+0x693/0x8b0 [ 2117.146645] io_submit_sqes+0x54d8/0x8610 [ 2117.147020] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2117.147440] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2117.147856] ? lock_downgrade+0x6d0/0x6d0 [ 2117.148207] ? find_held_lock+0x2c/0x110 [ 2117.148553] ? io_submit_sqes+0x8610/0x8610 [ 2117.148927] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2117.149337] ? wait_for_completion_io+0x270/0x270 [ 2117.149748] ? rcu_read_lock_any_held+0x75/0xa0 [ 2117.150154] ? vfs_write+0x354/0xb10 [ 2117.150480] ? fput_many+0x2f/0x1a0 [ 2117.150789] ? ksys_write+0x1a9/0x260 [ 2117.151120] ? __ia32_sys_read+0xb0/0xb0 [ 2117.151469] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2117.151918] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2117.152358] do_syscall_64+0x33/0x40 [ 2117.152676] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2117.153108] RIP: 0033:0x7f30a2e99b19 [ 2117.153424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2117.154979] RSP: 002b:00007f30a040f188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2117.155619] RAX: ffffffffffffffda RBX: 00007f30a2facf60 RCX: 00007f30a2e99b19 [ 2117.156215] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2117.156810] RBP: 00007f30a040f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2117.157419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2117.158023] R13: 00007ffcb9e7c18f R14: 00007f30a040f300 R15: 0000000000022000 [ 2117.196360] FAULT_INJECTION: forcing a failure. [ 2117.196360] name failslab, interval 1, probability 0, space 0, times 0 [ 2117.197535] CPU: 1 PID: 9847 Comm: syz-executor.0 Not tainted 5.10.226 #1 [ 2117.198146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2117.198838] Call Trace: [ 2117.199075] dump_stack+0x107/0x167 [ 2117.199386] should_fail.cold+0x5/0xa [ 2117.199713] ? create_object.isra.0+0x3a/0xa20 [ 2117.200108] should_failslab+0x5/0x20 [ 2117.200441] kmem_cache_alloc+0x5b/0x310 [ 2117.200791] create_object.isra.0+0x3a/0xa20 [ 2117.201177] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2117.201613] __kmalloc+0x16e/0x390 [ 2117.201925] io_timeout_prep+0x693/0x8b0 [ 2117.202295] io_submit_sqes+0x54d8/0x8610 [ 2117.202678] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2117.203110] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2117.203527] ? lock_downgrade+0x6d0/0x6d0 [ 2117.203881] ? find_held_lock+0x2c/0x110 [ 2117.204232] ? io_submit_sqes+0x8610/0x8610 [ 2117.204610] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2117.205037] ? wait_for_completion_io+0x270/0x270 [ 2117.205451] ? rcu_read_lock_any_held+0x75/0xa0 [ 2117.205847] ? vfs_write+0x354/0xb10 [ 2117.206181] ? fput_many+0x2f/0x1a0 [ 2117.206492] ? ksys_write+0x1a9/0x260 [ 2117.206820] ? __ia32_sys_read+0xb0/0xb0 [ 2117.207178] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2117.207624] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2117.208069] do_syscall_64+0x33/0x40 [ 2117.208389] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2117.208823] RIP: 0033:0x7f3842280b19 [ 2117.209146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2117.210719] RSP: 002b:00007f383f7f6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2117.211377] RAX: ffffffffffffffda RBX: 00007f3842393f60 RCX: 00007f3842280b19 [ 2117.211990] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2117.212595] RBP: 00007f383f7f61d0 R08: 0000000000000000 R09: 0000000000000000 [ 2117.213198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2117.213810] R13: 00007ffcde4da82f R14: 00007f383f7f6300 R15: 0000000000022000 [ 2139.112494] systemd-timesyn invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2139.115019] CPU: 1 PID: 129 Comm: systemd-timesyn Not tainted 5.10.226 #1 [ 2139.115598] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2139.116299] Call Trace: [ 2139.116535] dump_stack+0x107/0x167 [ 2139.116853] dump_header+0x106/0x655 [ 2139.117177] oom_kill_process.cold+0x10/0x15 [ 2139.117564] out_of_memory+0x1149/0x1440 [ 2139.117921] ? oom_killer_disable+0x280/0x280 [ 2139.118310] ? mutex_trylock+0x237/0x2b0 [ 2139.118792] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2139.119308] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2139.119817] ? lock_acquire+0xf7/0x470 [ 2139.120154] ? warn_alloc+0x190/0x190 [ 2139.120497] __alloc_pages_nodemask+0x51d/0x600 [ 2139.120897] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2139.121409] ? find_get_entry+0x2c8/0x740 [ 2139.121772] alloc_pages_current+0x187/0x280 [ 2139.122149] __page_cache_alloc+0x2d2/0x360 [ 2139.122522] pagecache_get_page+0x2c7/0xc80 [ 2139.123428] filemap_fault+0x177d/0x2210 [ 2139.124323] ? read_cache_page_gfp+0x30/0x30 [ 2139.125288] ? replace_page_cache_page+0x1200/0x1200 [ 2139.126394] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2139.127558] ext4_filemap_fault+0x87/0xc0 [ 2139.128444] __do_fault+0x113/0x410 [ 2139.129244] handle_mm_fault+0x1e53/0x3500 [ 2139.130155] ? __pmd_alloc+0x5e0/0x5e0 [ 2139.131022] ? vmacache_find+0x55/0x2a0 [ 2139.131867] ? vmacache_update+0xce/0x140 [ 2139.132774] do_user_addr_fault+0x56e/0xc60 [ 2139.133719] exc_page_fault+0xa2/0x1a0 [ 2139.134565] ? asm_exc_page_fault+0x8/0x30 [ 2139.138950] asm_exc_page_fault+0x1e/0x30 [ 2139.139869] RIP: 0033:0x7fe7acdb0116 [ 2139.140711] Code: Unable to access opcode bytes at RIP 0x7fe7acdb00ec. [ 2139.142547] RSP: 002b:00007ffc0f6e7ff0 EFLAGS: 00010293 [ 2139.143700] RAX: 0000000000000001 RBX: 0000556ac8d56310 RCX: 00007fe7acdb0116 [ 2139.145315] RDX: 0000000000000008 RSI: 0000556ac8d5bea0 RDI: 0000000000000004 [ 2139.146854] RBP: ffffffffffffffff R08: 0000000000000000 R09: 0000556ac8d55b60 [ 2139.148410] R10: 00000000ffffffff R11: 0000000000000293 R12: 0000000000000001 [ 2139.149963] R13: 0000000000000008 R14: 0000000000000065 R15: 0000000000000000 [ 2139.152052] Mem-Info: [ 2139.152598] active_anon:14500 inactive_anon:59370 isolated_anon:0 [ 2139.152598] active_file:0 inactive_file:8 isolated_file:0 [ 2139.152598] unevictable:0 dirty:0 writeback:0 [ 2139.152598] slab_reclaimable:8321 slab_unreclaimable:256128 [ 2139.152598] mapped:69634 shmem:114 pagetables:961 bounce:0 [ 2139.152598] free:2818 free_pcp:112 free_cma:0 [ 2139.159054] Node 0 active_anon:58000kB inactive_anon:237480kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:456kB writeback_tmp:0kB kernel_stack:3584kB all_unreclaimable? yes [ 2139.161306] Node 0 DMA free:6508kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2139.163587] lowmem_reserve[]: 0 1616 1616 1616 [ 2139.164081] Node 0 DMA32 free:4764kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:58000kB inactive_anon:237480kB active_file:252kB inactive_file:0kB unevictable:0kB writepending:0kB present:2080640kB managed:1660468kB mlocked:0kB pagetables:3844kB bounce:0kB free_pcp:448kB local_pcp:248kB free_cma:0kB [ 2139.166579] lowmem_reserve[]: 0 0 0 0 [ 2139.166959] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 1*32kB (U) 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6508kB [ 2139.168253] Node 0 DMA32: 564*4kB (UME) 157*8kB (UM) 47*16kB (M) 5*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4424kB [ 2139.169449] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2139.170169] 122 total pagecache pages [ 2139.170497] 0 pages in swap cache [ 2139.170813] Swap cache stats: add 0, delete 0, find 0/0 [ 2139.171294] Free swap = 0kB [ 2139.171552] Total swap = 0kB [ 2139.171808] 524158 pages RAM [ 2139.172083] 0 pages HighMem/MovableOnly [ 2139.172430] 105064 pages reserved [ 2139.172762] Unreclaimable slab info: [ 2139.173287] Name Used Total [ 2139.173798] pid_3 3KB 3KB [ 2139.174269] pid_2 44KB 52KB [ 2139.174737] fib6_nodes 28KB 28KB [ 2139.175205] ip6_dst_cache 41KB 41KB [ 2139.177413] PINGv6 63KB 63KB [ 2139.178012] RAWv6 189KB 189KB [ 2139.178459] UDPLITEv6 62KB 62KB [ 2139.179046] UDPv6 62KB 62KB [ 2139.179496] TCPv6 62KB 62KB [ 2139.180086] scsi_sense_cache 8KB 8KB [ 2139.180796] sd_ext_cdb 3KB 3KB [ 2139.181270] virtio_scsi_cmd 16KB 16KB [ 2139.181726] sgpool-128 59KB 59KB [ 2139.182191] sgpool-64 63KB 63KB [ 2139.182652] sgpool-32 128KB 220KB [ 2139.183119] sgpool-16 15KB 15KB [ 2139.183567] sgpool-8 19KB 37KB [ 2139.184092] io_kiocb 1045KB 1608KB [ 2139.184540] mqueue_inode_cache 62KB 62KB [ 2139.185014] nfs_commit_data 15KB 15KB [ 2139.185461] nfs_write_data 47KB 47KB [ 2139.185929] jbd2_inode 11KB 11KB [ 2139.186378] ext4_system_zone 7KB 7KB [ 2139.186835] ext4_io_end_vec 7KB 7KB [ 2139.187301] ext4_bio_post_read_ctx 15KB 15KB [ 2139.187790] dio 15KB 15KB [ 2139.188254] bio-2 4KB 4KB [ 2139.188702] fasync_cache 7KB 7KB [ 2139.189170] pid_namespace 7KB 7KB [ 2139.189622] posix_timers_cache 15KB 15KB [ 2139.190094] rpc_buffers 31KB 31KB [ 2139.190542] rpc_tasks 3KB 3KB [ 2139.191022] UNIX 206KB 352KB [ 2139.191478] UDP-Lite 63KB 63KB [ 2139.191942] tcp_bind_bucket 8KB 8KB [ 2139.192393] ip_fib_trie 8KB 8KB [ 2139.192840] ip_fib_alias 15KB 15KB [ 2139.193306] ip_dst_cache 36KB 36KB [ 2139.193760] RAW 62KB 62KB [ 2139.194225] UDP 283KB 283KB [ 2139.194686] request_sock_TCP 15KB 15KB [ 2139.195152] TCP 60KB 60KB [ 2139.195604] hugetlbfs_inode_cache 30KB 30KB [ 2139.196097] bio-1 11KB 11KB [ 2139.196545] eventpoll_pwq 19KB 19KB [ 2139.197011] eventpoll_epi 51KB 51KB [ 2139.197472] inotify_inode_mark 42KB 42KB [ 2139.198036] request_queue 60KB 60KB [ 2139.198484] blkdev_ioc 15KB 15KB [ 2139.199122] bio-0 88KB 88KB [ 2139.199729] biovec-max 1190KB 1190KB [ 2139.200306] biovec-64 173KB 189KB [ 2139.200933] biovec-16 22KB 22KB [ 2139.201487] user_namespace 31KB 31KB [ 2139.202118] uid_cache 8KB 8KB [ 2139.202747] dmaengine-unmap-2 4KB 4KB [ 2139.203275] audit_buffer 7KB 7KB [ 2139.203929] skbuff_fclone_cache 105KB 105KB [ 2139.204458] skbuff_head_cache 1770KB 1770KB [ 2139.205066] file_lock_cache 70KB 70KB [ 2139.205643] file_lock_ctx 7KB 7KB [ 2139.206175] fsnotify_mark_connector 20KB 20KB [ 2139.206801] net_namespace 115KB 115KB [ 2139.207339] task_delay_info 81KB 81KB [ 2139.207920] taskstats 46KB 46KB [ 2139.208421] proc_dir_entry 355KB 382KB [ 2139.209020] pde_opener 35KB 35KB [ 2139.209612] seq_file 34KB 45KB [ 2139.210151] sigqueue 70KB 70KB [ 2139.210665] shmem_inode_cache 1287KB 1289KB [ 2139.211187] kernfs_iattrs_cache 223KB 223KB [ 2139.211711] kernfs_node_cache 5268KB 5268KB [ 2139.212234] mnt_cache 189KB 189KB [ 2139.212764] filp 886KB 1297KB [ 2139.213299] names_cache 3884KB 4105KB [ 2139.214430] hashtab_node 274KB 274KB [ 2139.214983] ebitmap_node 1149KB 1149KB [ 2139.215506] avtab_node 4976KB 4976KB [ 2139.216727] avc_node 31KB 31KB [ 2139.217281] lsm_inode_cache 3185KB 3245KB [ 2139.218493] lsm_file_cache 115KB 148KB [ 2139.219045] key_jar 47KB 47KB [ 2139.219565] uts_namespace 15KB 15KB [ 2139.220121] nsproxy 11KB 11KB [ 2139.220674] vm_area_struct 694KB 908KB [ 2139.221218] fs_cache 51KB 72KB [ 2139.221740] files_cache 255KB 255KB [ 2139.222956] signal_cache 305KB 339KB [ 2139.223484] sighand_cache 330KB 330KB [ 2139.224030] task_struct 918KB 1207KB [ 2139.224561] cred_jar 95KB 132KB [ 2139.225110] anon_vma_chain 228KB 228KB [ 2139.225634] anon_vma 195KB 219KB [ 2139.226178] pid 75KB 86KB [ 2139.226692] Acpi-Operand 97KB 126KB [ 2139.227256] Acpi-ParseExt 27KB 27KB [ 2139.227782] Acpi-Parse 173KB 189KB [ 2139.228344] Acpi-State 133KB 149KB [ 2139.229547] Acpi-Namespace 20KB 20KB [ 2139.230106] numa_policy 3KB 3KB [ 2139.231317] trace_event_file 176KB 176KB [ 2139.231842] ftrace_event_field 280KB 280KB [ 2139.232393] pool_workqueue 32KB 32KB [ 2139.232937] task_group 16KB 16KB [ 2139.233484] mm_struct 260KB 283KB [ 2139.234039] vmap_area 191KB 224KB [ 2139.234558] page->ptl 212KB 212KB [ 2139.235126] kmemleak_scan_area 156KB 199KB [ 2139.236367] kmemleak_object 788409KB 788409KB [ 2139.236921] kmalloc-8k 4688KB 4864KB [ 2139.237463] kmalloc-4k 5656KB 7072KB [ 2139.238685] kmalloc-2k 3892KB 4512KB [ 2139.239639] kmalloc-1k 2170KB 3456KB [ 2139.240571] kmalloc-512 30740KB 30740KB [ 2139.241506] kmalloc-256 1250KB 1264KB [ 2139.242447] kmalloc-192 484KB 512KB [ 2139.243616] kmalloc-128 449KB 528KB [ 2139.244918] kmalloc-96 866KB 2604KB [ 2139.246085] kmalloc-64 1387KB 1508KB [ 2139.247268] kmalloc-32 95000KB 95000KB [ 2139.248426] kmalloc-16 325KB 360KB [ 2139.249597] kmalloc-8 300KB 302KB [ 2139.250761] kmem_cache_node 47KB 47KB [ 2139.251932] kmem_cache 75KB 75KB [ 2139.253093] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-timesyncd.service,task=systemd-timesyn,pid=129,uid=101 [ 2139.257819] Out of memory (oom_kill_allocating_task): Killed process 129 (systemd-timesyn) total-vm:88376kB, anon-rss:692kB, file-rss:0kB, shmem-rss:0kB, UID:101 pgtables:76kB oom_score_adj:0 [ 2139.292235] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-250 [ 2139.294514] CPU: 0 PID: 102 Comm: systemd-journal Not tainted 5.10.226 #1 [ 2139.295105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2139.295824] Call Trace: [ 2139.296062] dump_stack+0x107/0x167 [ 2139.296390] dump_header+0x106/0x655 [ 2139.296714] oom_kill_process.cold+0x10/0x15 [ 2139.297101] out_of_memory+0x1149/0x1440 [ 2139.297467] ? oom_killer_disable+0x280/0x280 [ 2139.297856] ? mutex_trylock+0x237/0x2b0 [ 2139.298206] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2139.298777] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2139.299288] ? lock_acquire+0xf7/0x470 [ 2139.299638] ? warn_alloc+0x190/0x190 [ 2139.299984] __alloc_pages_nodemask+0x51d/0x600 [ 2139.300384] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2139.300910] ? find_get_entry+0x2c8/0x740 [ 2139.301275] alloc_pages_current+0x187/0x280 [ 2139.301663] __page_cache_alloc+0x2d2/0x360 [ 2139.302039] pagecache_get_page+0x2c7/0xc80 [ 2139.302413] filemap_fault+0x177d/0x2210 [ 2139.302830] ? read_cache_page_gfp+0x30/0x30 [ 2139.303213] ? replace_page_cache_page+0x1200/0x1200 [ 2139.303657] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2139.304117] ext4_filemap_fault+0x87/0xc0 [ 2139.304473] __do_fault+0x113/0x410 [ 2139.304800] handle_mm_fault+0x1e53/0x3500 [ 2139.305172] ? __pmd_alloc+0x5e0/0x5e0 [ 2139.305513] ? vmacache_find+0x55/0x2a0 [ 2139.305864] ? vmacache_update+0xce/0x140 [ 2139.306229] do_user_addr_fault+0x56e/0xc60 [ 2139.306612] exc_page_fault+0xa2/0x1a0 [ 2139.306998] ? asm_exc_page_fault+0x8/0x30 [ 2139.307361] asm_exc_page_fault+0x1e/0x30 [ 2139.307713] RIP: 0033:0x7fe4f737d116 [ 2139.308047] Code: Unable to access opcode bytes at RIP 0x7fe4f737d0ec. [ 2139.308602] RSP: 002b:00007ffeb4825440 EFLAGS: 00010293 [ 2139.309069] RAX: 0000000000000001 RBX: 00005568c5134360 RCX: 00007fe4f737d116 [ 2139.309675] RDX: 0000000000000014 RSI: 00005568c513a8e0 RDI: 0000000000000008 [ 2139.310288] RBP: ffffffffffffffff R08: 0000000000000000 R09: 00007ffeb48ef080 [ 2139.311385] R10: 00000000ffffffff R11: 0000000000000293 R12: 0000000000000001 [ 2139.312928] R13: 0000000000000014 R14: 0000000000000000 R15: 0000000000000000 [ 2139.314608] Mem-Info: [ 2139.315172] active_anon:14500 inactive_anon:59202 isolated_anon:0 [ 2139.315172] active_file:0 inactive_file:8 isolated_file:0 [ 2139.315172] unevictable:0 dirty:0 writeback:0 [ 2139.315172] slab_reclaimable:8321 slab_unreclaimable:256128 [ 2139.315172] mapped:69634 shmem:114 pagetables:961 bounce:0 [ 2139.315172] free:2767 free_pcp:233 free_cma:0 [ 2139.322067] Node 0 active_anon:58000kB inactive_anon:236808kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:456kB writeback_tmp:0kB kernel_stack:3552kB all_unreclaimable? no [ 2139.327079] Node 0 DMA free:6508kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2139.332795] lowmem_reserve[]: 0 1616 1616 1616 [ 2139.333844] Node 0 DMA32 free:4560kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:58000kB inactive_anon:236892kB active_file:48kB inactive_file:0kB unevictable:0kB writepending:0kB present:2080640kB managed:1660468kB mlocked:0kB pagetables:3844kB bounce:0kB free_pcp:932kB local_pcp:272kB free_cma:0kB [ 2139.340114] lowmem_reserve[]: 0 0 0 0 [ 2139.340498] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 1*32kB (U) 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6508kB [ 2139.341884] Node 0 DMA32: 622*4kB (UME) 154*8kB (UM) 46*16kB (UM) 5*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4616kB [ 2139.343236] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2139.344070] 122 total pagecache pages [ 2139.344436] 0 pages in swap cache [ 2139.344774] Swap cache stats: add 0, delete 0, find 0/0 [ 2139.345316] Free swap = 0kB [ 2139.345604] Total swap = 0kB [ 2139.345929] 524158 pages RAM [ 2139.346215] 0 pages HighMem/MovableOnly [ 2139.346596] 105064 pages reserved [ 2139.346992] Unreclaimable slab info: [ 2139.347381] Name Used Total [ 2139.347989] pid_3 3KB 3KB [ 2139.348547] pid_2 44KB 52KB [ 2139.349142] fib6_nodes 28KB 28KB [ 2139.349696] ip6_dst_cache 41KB 41KB [ 2139.350283] PINGv6 63KB 63KB [ 2139.350826] RAWv6 189KB 189KB [ 2139.351367] UDPLITEv6 62KB 62KB [ 2139.351891] UDPv6 62KB 62KB [ 2139.352411] TCPv6 62KB 62KB [ 2139.353972] scsi_sense_cache 8KB 8KB [ 2139.354500] sd_ext_cdb 3KB 3KB [ 2139.355148] virtio_scsi_cmd 16KB 16KB [ 2139.355682] sgpool-128 59KB 59KB [ 2139.356205] sgpool-64 63KB 63KB [ 2139.356719] sgpool-32 128KB 220KB [ 2139.357244] sgpool-16 15KB 15KB [ 2139.357758] sgpool-8 19KB 37KB [ 2139.358344] io_kiocb 1045KB 1608KB [ 2139.358887] mqueue_inode_cache 62KB 62KB [ 2139.359400] nfs_commit_data 15KB 15KB [ 2139.359939] nfs_write_data 47KB 47KB [ 2139.360447] jbd2_inode 11KB 11KB [ 2139.360986] ext4_system_zone 7KB 7KB [ 2139.361489] ext4_io_end_vec 7KB 7KB [ 2139.362026] ext4_bio_post_read_ctx 15KB 15KB [ 2139.362578] dio 15KB 15KB [ 2139.363074] bio-2 4KB 4KB [ 2139.363525] fasync_cache 7KB 7KB [ 2139.364009] pid_namespace 7KB 7KB [ 2139.364460] posix_timers_cache 15KB 15KB [ 2139.364948] rpc_buffers 31KB 31KB [ 2139.365399] rpc_tasks 3KB 3KB [ 2139.365849] UNIX 206KB 352KB [ 2139.366334] UDP-Lite 63KB 63KB [ 2139.366802] tcp_bind_bucket 8KB 8KB [ 2139.367292] ip_fib_trie 8KB 8KB [ 2139.367743] ip_fib_alias 15KB 15KB [ 2139.368228] ip_dst_cache 36KB 36KB [ 2139.368685] RAW 62KB 62KB [ 2139.369168] UDP 283KB 283KB [ 2139.369622] request_sock_TCP 15KB 15KB [ 2139.370094] TCP 60KB 60KB [ 2139.370556] hugetlbfs_inode_cache 30KB 30KB [ 2139.371076] bio-1 11KB 11KB [ 2139.371538] eventpoll_pwq 19KB 19KB [ 2139.372018] eventpoll_epi 51KB 51KB [ 2139.372480] inotify_inode_mark 42KB 42KB [ 2139.372959] request_queue 60KB 60KB [ 2139.373422] blkdev_ioc 15KB 15KB [ 2139.373893] bio-0 88KB 88KB [ 2139.374344] biovec-max 1190KB 1190KB [ 2139.374822] biovec-64 173KB 189KB [ 2139.375295] biovec-16 22KB 22KB [ 2139.375757] user_namespace 31KB 31KB [ 2139.376229] uid_cache 8KB 8KB [ 2139.376691] dmaengine-unmap-2 4KB 4KB [ 2139.377162] audit_buffer 7KB 7KB [ 2139.377625] skbuff_fclone_cache 105KB 105KB [ 2139.378115] skbuff_head_cache 1785KB 1785KB [ 2139.378566] file_lock_cache 70KB 70KB [ 2139.379063] file_lock_ctx 7KB 7KB [ 2139.379525] fsnotify_mark_connector 20KB 20KB [ 2139.380053] net_namespace 115KB 115KB [ 2139.380504] task_delay_info 81KB 81KB [ 2139.380989] taskstats 46KB 46KB [ 2139.381441] proc_dir_entry 355KB 382KB [ 2139.381920] pde_opener 35KB 35KB [ 2139.382372] seq_file 34KB 45KB [ 2139.382848] sigqueue 70KB 70KB [ 2139.383322] shmem_inode_cache 1287KB 1289KB [ 2139.383773] kernfs_iattrs_cache 223KB 223KB [ 2139.384271] kernfs_node_cache 5268KB 5268KB [ 2139.384723] mnt_cache 189KB 189KB [ 2139.385227] filp 886KB 1297KB [ 2139.385680] names_cache 3884KB 4105KB [ 2139.386164] hashtab_node 274KB 274KB [ 2139.386621] ebitmap_node 1149KB 1149KB [ 2139.387112] avtab_node 4976KB 4976KB [ 2139.387568] avc_node 31KB 31KB [ 2139.388048] lsm_inode_cache 3185KB 3245KB [ 2139.388513] lsm_file_cache 115KB 148KB [ 2139.388987] key_jar 47KB 47KB [ 2139.389452] uts_namespace 15KB 15KB [ 2139.389924] nsproxy 11KB 11KB [ 2139.390410] vm_area_struct 694KB 908KB [ 2139.390901] fs_cache 51KB 72KB [ 2139.391363] files_cache 255KB 255KB [ 2139.391813] signal_cache 305KB 339KB [ 2139.392285] sighand_cache 330KB 330KB [ 2139.392751] task_struct 918KB 1207KB [ 2139.393226] cred_jar 95KB 132KB [ 2139.393687] anon_vma_chain 228KB 228KB [ 2139.394161] anon_vma 193KB 215KB [ 2139.394630] pid 75KB 86KB [ 2139.395110] Acpi-Operand 97KB 126KB [ 2139.395572] Acpi-ParseExt 27KB 27KB [ 2139.396045] Acpi-Parse 173KB 189KB [ 2139.396496] Acpi-State 133KB 149KB [ 2139.396985] Acpi-Namespace 20KB 20KB [ 2139.397436] numa_policy 3KB 3KB [ 2139.397919] trace_event_file 176KB 176KB [ 2139.398369] ftrace_event_field 280KB 280KB [ 2139.398850] pool_workqueue 32KB 32KB [ 2139.399324] task_group 16KB 16KB [ 2139.399785] mm_struct 260KB 283KB [ 2139.400260] vmap_area 191KB 224KB [ 2139.400710] page->ptl 212KB 212KB [ 2139.401197] kmemleak_scan_area 156KB 199KB [ 2139.401655] kmemleak_object 788500KB 788500KB [ 2139.402155] kmalloc-8k 4688KB 4864KB [ 2139.402631] kmalloc-4k 5656KB 7072KB [ 2139.403130] kmalloc-2k 3892KB 4512KB [ 2139.403596] kmalloc-1k 2170KB 3456KB [ 2139.404078] kmalloc-512 30788KB 30788KB [ 2139.404531] kmalloc-256 1250KB 1264KB [ 2139.405019] kmalloc-192 484KB 512KB [ 2139.405481] kmalloc-128 449KB 528KB [ 2139.406077] kmalloc-96 870KB 2604KB [ 2139.406539] kmalloc-64 1394KB 1508KB [ 2139.407028] kmalloc-32 95000KB 95000KB [ 2139.407495] kmalloc-16 325KB 360KB [ 2139.407968] kmalloc-8 300KB 302KB [ 2139.408429] kmem_cache_node 47KB 47KB [ 2139.408899] kmem_cache 75KB 75KB [ 2139.409361] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=102,uid=0 [ 2139.410886] Out of memory (oom_kill_allocating_task): Killed process 102 (systemd-journal) total-vm:31940kB, anon-rss:868kB, file-rss:0kB, shmem-rss:4kB, UID:0 pgtables:88kB oom_score_adj:-250 [ 2140.141061] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2140.141939] CPU: 1 PID: 262 Comm: syz-fuzzer Not tainted 5.10.226 #1 [ 2140.142473] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2140.143203] Call Trace: [ 2140.143444] dump_stack+0x107/0x167 [ 2140.143774] dump_header+0x106/0x655 [ 2140.144110] oom_kill_process.cold+0x10/0x15 [ 2140.144508] out_of_memory+0x1149/0x1440 [ 2140.144875] ? oom_killer_disable+0x280/0x280 [ 2140.145278] ? mutex_trylock+0x237/0x2b0 [ 2140.145637] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2140.146165] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2140.146699] ? lock_acquire+0xf7/0x470 [ 2140.147053] ? warn_alloc+0x190/0x190 [ 2140.147418] __alloc_pages_nodemask+0x51d/0x600 [ 2140.147837] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2140.148374] ? find_get_entry+0x2c8/0x740 [ 2140.148756] alloc_pages_current+0x187/0x280 [ 2140.149138] __page_cache_alloc+0x2d2/0x360 [ 2140.149507] pagecache_get_page+0x2c7/0xc80 [ 2140.149878] filemap_fault+0x177d/0x2210 [ 2140.150230] ? read_cache_page_gfp+0x30/0x30 [ 2140.150611] ? replace_page_cache_page+0x1200/0x1200 [ 2140.151041] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2140.151491] ext4_filemap_fault+0x87/0xc0 [ 2140.151842] __do_fault+0x113/0x410 [ 2140.152155] handle_mm_fault+0x1e53/0x3500 [ 2140.152516] ? find_held_lock+0x2c/0x110 [ 2140.152862] ? __pmd_alloc+0x5e0/0x5e0 [ 2140.153199] ? vmacache_find+0x55/0x2a0 [ 2140.153544] do_user_addr_fault+0x56e/0xc60 [ 2140.153917] exc_page_fault+0xa2/0x1a0 [ 2140.154251] ? asm_exc_page_fault+0x8/0x30 [ 2140.154614] asm_exc_page_fault+0x1e/0x30 [ 2140.154980] RIP: 0033:0x440310 [ 2140.155267] Code: Unable to access opcode bytes at RIP 0x4402e6. [ 2140.155801] RSP: 002b:000000c00008de48 EFLAGS: 00010206 [ 2140.156276] RAX: 000000c000020800 RBX: 000000c000080380 RCX: 0000000000000000 [ 2140.156901] RDX: 0000000001f20db8 RSI: 000000c00008de20 RDI: 0000000000000001 [ 2140.157528] RBP: 000000c00008df28 R08: 000000000000085b R09: 00007ffce6d0d080 [ 2140.158156] R10: 00007ffce6d0d090 R11: 000000000036dc8e R12: 0000000000000003 [ 2140.158794] R13: 000000c000001500 R14: 000001f8804fdb7a R15: 000000000000bb1e [ 2140.159466] Mem-Info: [ 2140.159706] active_anon:14498 inactive_anon:58969 isolated_anon:0 [ 2140.159706] active_file:0 inactive_file:3 isolated_file:0 [ 2140.159706] unevictable:0 dirty:0 writeback:0 [ 2140.159706] slab_reclaimable:8321 slab_unreclaimable:256484 [ 2140.159706] mapped:69644 shmem:114 pagetables:924 bounce:0 [ 2140.159706] free:2783 free_pcp:123 free_cma:0 [ 2140.162437] Node 0 active_anon:57992kB inactive_anon:235876kB active_file:0kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278576kB dirty:0kB writeback:0kB shmem:456kB writeback_tmp:0kB kernel_stack:3488kB all_unreclaimable? no [ 2140.164452] Node 0 DMA free:6508kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2140.166637] lowmem_reserve[]: 0 1616 1616 1616 [ 2140.167068] Node 0 DMA32 free:4624kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:57992kB inactive_anon:235876kB active_file:220kB inactive_file:80kB unevictable:0kB writepending:0kB present:2080640kB managed:1660468kB mlocked:0kB pagetables:3696kB bounce:0kB free_pcp:492kB local_pcp:248kB free_cma:0kB [ 2140.169456] lowmem_reserve[]: 0 0 0 0 [ 2140.169803] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 1*32kB (U) 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6508kB [ 2140.171058] Node 0 DMA32: 731*4kB (UME) 154*8kB (M) 34*16kB (UM) 3*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4796kB [ 2140.172818] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2140.173636] 147 total pagecache pages [ 2140.173990] 0 pages in swap cache [ 2140.174296] Swap cache stats: add 0, delete 0, find 0/0 [ 2140.174771] Free swap = 0kB [ 2140.175059] Total swap = 0kB [ 2140.175326] 524158 pages RAM [ 2140.175579] 0 pages HighMem/MovableOnly [ 2140.175928] 105064 pages reserved [ 2140.176218] Unreclaimable slab info: [ 2140.176529] Name Used Total [ 2140.177009] pid_3 3KB 3KB [ 2140.177455] pid_2 44KB 52KB [ 2140.177925] fib6_nodes 28KB 28KB [ 2140.178370] ip6_dst_cache 41KB 41KB [ 2140.178833] PINGv6 63KB 63KB [ 2140.179319] RAWv6 189KB 189KB [ 2140.179791] UDPLITEv6 62KB 62KB [ 2140.180276] UDPv6 62KB 62KB [ 2140.180749] TCPv6 62KB 62KB [ 2140.181242] scsi_sense_cache 8KB 8KB [ 2140.181706] sd_ext_cdb 3KB 3KB [ 2140.182192] virtio_scsi_cmd 16KB 16KB [ 2140.182677] sgpool-128 59KB 59KB [ 2140.183164] sgpool-64 63KB 63KB [ 2140.183617] sgpool-32 220KB 220KB [ 2140.184082] sgpool-16 37KB 37KB [ 2140.184527] sgpool-8 30KB 37KB [ 2140.185037] io_kiocb 1045KB 1608KB [ 2140.185481] mqueue_inode_cache 62KB 62KB [ 2140.185951] nfs_commit_data 15KB 15KB [ 2140.186401] nfs_write_data 47KB 47KB [ 2140.186887] jbd2_inode 11KB 11KB [ 2140.187353] ext4_system_zone 7KB 7KB [ 2140.187819] ext4_io_end_vec 7KB 7KB [ 2140.188306] ext4_bio_post_read_ctx 15KB 15KB [ 2140.188817] dio 15KB 15KB [ 2140.189303] bio-2 4KB 4KB [ 2140.189774] fasync_cache 7KB 7KB [ 2140.190264] pid_namespace 7KB 7KB [ 2140.190734] posix_timers_cache 15KB 15KB [ 2140.191219] rpc_buffers 31KB 31KB [ 2140.191662] rpc_tasks 3KB 3KB [ 2140.192127] UNIX 206KB 352KB [ 2140.192573] UDP-Lite 63KB 63KB [ 2140.193037] tcp_bind_bucket 8KB 8KB [ 2140.193485] ip_fib_trie 8KB 8KB [ 2140.193948] ip_fib_alias 15KB 15KB [ 2140.194392] ip_dst_cache 36KB 36KB [ 2140.194857] RAW 62KB 62KB [ 2140.195339] UDP 283KB 283KB [ 2140.195804] request_sock_TCP 15KB 15KB [ 2140.196283] TCP 60KB 60KB [ 2140.196728] hugetlbfs_inode_cache 30KB 30KB [ 2140.197221] bio-1 11KB 11KB [ 2140.197666] eventpoll_pwq 19KB 19KB [ 2140.198129] eventpoll_epi 51KB 51KB [ 2140.198573] inotify_inode_mark 42KB 42KB [ 2140.199052] request_queue 60KB 60KB [ 2140.199496] blkdev_ioc 15KB 15KB [ 2140.199957] bio-0 172KB 172KB [ 2140.200401] biovec-max 1219KB 1219KB [ 2140.200846] biovec-64 283KB 283KB [ 2140.201312] biovec-16 37KB 37KB [ 2140.201757] user_namespace 31KB 31KB [ 2140.202219] uid_cache 8KB 8KB [ 2140.202672] dmaengine-unmap-2 4KB 4KB [ 2140.203143] audit_buffer 7KB 7KB [ 2140.203589] skbuff_fclone_cache 105KB 105KB [ 2140.204065] skbuff_head_cache 1848KB 1848KB [ 2140.204509] file_lock_cache 70KB 70KB [ 2140.204972] file_lock_ctx 7KB 7KB [ 2140.205416] fsnotify_mark_connector 20KB 20KB [ 2140.205921] net_namespace 115KB 115KB [ 2140.206364] task_delay_info 81KB 81KB [ 2140.206838] taskstats 46KB 46KB [ 2140.207357] proc_dir_entry 355KB 382KB [ 2140.207856] pde_opener 35KB 35KB [ 2140.208384] seq_file 34KB 45KB [ 2140.208903] sigqueue 70KB 70KB [ 2140.209403] shmem_inode_cache 1287KB 1289KB [ 2140.209913] kernfs_iattrs_cache 223KB 223KB [ 2140.210423] kernfs_node_cache 5268KB 5268KB [ 2140.210947] mnt_cache 189KB 189KB [ 2140.211471] filp 748KB 1252KB [ 2140.212000] names_cache 2647KB 2885KB [ 2140.212507] hashtab_node 274KB 274KB [ 2140.213036] ebitmap_node 1149KB 1149KB [ 2140.213544] avtab_node 4976KB 4976KB [ 2140.214071] avc_node 31KB 31KB [ 2140.214585] lsm_inode_cache 3185KB 3245KB [ 2140.215124] lsm_file_cache 115KB 148KB [ 2140.215625] key_jar 47KB 47KB [ 2140.216137] uts_namespace 15KB 15KB [ 2140.216631] nsproxy 11KB 11KB [ 2140.217166] vm_area_struct 694KB 908KB [ 2140.217660] fs_cache 51KB 72KB [ 2140.218179] files_cache 255KB 255KB [ 2140.218693] signal_cache 305KB 339KB [ 2140.219156] sighand_cache 330KB 330KB [ 2140.219603] task_struct 918KB 1207KB [ 2140.220066] cred_jar 90KB 132KB [ 2140.220509] anon_vma_chain 228KB 228KB [ 2140.220976] anon_vma 188KB 207KB [ 2140.221429] pid 75KB 86KB [ 2140.221895] Acpi-Operand 97KB 126KB [ 2140.222339] Acpi-ParseExt 27KB 27KB [ 2140.223079] Acpi-Parse 173KB 189KB [ 2140.223544] Acpi-State 133KB 149KB [ 2140.224007] Acpi-Namespace 20KB 20KB [ 2140.224452] numa_policy 3KB 3KB [ 2140.224916] trace_event_file 176KB 176KB [ 2140.225359] ftrace_event_field 280KB 280KB [ 2140.225808] pool_workqueue 32KB 32KB [ 2140.226273] task_group 16KB 16KB [ 2140.226771] mm_struct 260KB 283KB [ 2140.227238] vmap_area 191KB 224KB [ 2140.227682] page->ptl 212KB 212KB [ 2140.228146] kmemleak_scan_area 156KB 199KB [ 2140.228601] kmemleak_object 790361KB 790361KB [ 2140.229079] kmalloc-8k 4688KB 4864KB [ 2140.229545] kmalloc-4k 5504KB 7072KB [ 2140.230016] kmalloc-2k 3892KB 4512KB [ 2140.230472] kmalloc-1k 2170KB 3456KB [ 2140.230989] kmalloc-512 31044KB 31044KB [ 2140.231434] kmalloc-256 1250KB 1264KB [ 2140.231901] kmalloc-192 484KB 512KB [ 2140.232354] kmalloc-128 449KB 528KB [ 2140.232900] kmalloc-96 880KB 2604KB [ 2140.233350] kmalloc-64 1416KB 1508KB [ 2140.233793] kmalloc-32 95224KB 95224KB [ 2140.234260] kmalloc-16 325KB 360KB [ 2140.234717] kmalloc-8 300KB 302KB [ 2140.235251] kmem_cache_node 47KB 47KB [ 2140.235756] kmem_cache 75KB 75KB [ 2140.236283] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=syz-fuzzer,pid=262,uid=0 [ 2140.237826] Out of memory (oom_kill_allocating_task): Killed process 253 (syz-fuzzer) total-vm:1238484kB, anon-rss:261556kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:944kB oom_score_adj:0 [ 2140.873593] systemd[1]: systemd-timesyncd.service: A process of this unit has been killed by the OOM killer. [ 2140.893149] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL [ 2140.930147] systemd[1]: systemd-journald.service: Failed with result 'oom-kill'. [ 2140.967369] systemd[1]: systemd-journald.service: Consumed 6.555s CPU time. [ 2140.978310] systemd[1]: systemd-timesyncd.service: Main process exited, code=killed, status=9/KILL [ 2140.985031] systemd[1]: systemd-timesyncd.service: Failed with result 'oom-kill'. [ 2141.023453] systemd[1]: systemd-timesyncd.service: Consumed 3.526s CPU time. [ 2141.037446] oom_reaper: reaped process 9834 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2141.091899] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. [ 2141.097171] systemd[1]: systemd-timesyncd.service: Scheduled restart job, restart counter is at 1. [ 2141.147506] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 2141.207058] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 2141.207783] systemd[1]: Stopped Network Time Synchronization. [ 2141.208703] systemd[1]: systemd-timesyncd.service: Consumed 3.526s CPU time. [ 2141.269045] systemd[1]: Starting Network Time Synchronization... [ 2141.278662] systemd[1]: ssh.service: Failed with result 'oom-kill'. [ 2141.279998] systemd[1]: ssh.service: Unit process 247 (sshd) remains running after unit stopped. [ 2141.281100] systemd[1]: ssh.service: Unit process 272 (syz-executor.1) remains running after unit stopped. [ 2141.308711] systemd[1]: ssh.service: Consumed 28min 26.214s CPU time. [ 2141.476187] systemd[1]: Started Load/Save RF Kill Switch Status. [ 2141.477620] systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1. [ 2141.481213] systemd[1]: Stopped OpenBSD Secure Shell server. [ 2141.483816] systemd[1]: ssh.service: Consumed 28min 26.244s CPU time. [ 2141.491282] systemd[1]: ssh.service: Found left-over process 247 (sshd) in control group while starting unit. Ignoring. [ 2141.492252] systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [ 2141.493450] systemd[1]: ssh.service: Found left-over process 272 (syz-executor.1) in control group while starting unit. Ignoring. [ 2141.497111] systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [ 2141.527631] systemd[1]: Starting OpenBSD Secure Shell server... [ 2141.542503] systemd[1]: systemd-journal-flush.service: Succeeded. [ 2141.557746] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 2141.568584] systemd[1]: Stopped Journal Service. [ 2141.569273] systemd[1]: systemd-journald.service: Consumed 6.555s CPU time. [ 2141.651685] systemd[1]: Starting Journal Service... [ 2142.083156] systemd-journald[9869]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 2142.207750] systemd[1]: Started OpenBSD Secure Shell server. [ 2142.451926] systemd[1]: Started Network Time Synchronization. [ 2142.680827] systemd[1]: Started Journal Service. [ 2142.747359] systemd-journald[9869]: Received client request to flush runtime journal. VM DIAGNOSIS: 05:57:56 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffffff8167a1ec RDX=1ffffd40001b7c49 RSI=0000000000000000 RDI=0000000000000000 RBP=ffffea0000dbe240 RSP=ffff888008937c90 R8 =0000000000000000 R9 =ffffea0000dbe247 R10=0000000000000000 R11=0000000000000001 R12=dead000000000100 R13=0000000000000000 R14=dead000000000100 R15=ffff8880491af010 RIP=ffffffff814098b4 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1c0a49ff00 CR3=000000003e5aa000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000000000000000ff XMM02=000000000000000000000000000000ff XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=0000000000000000000000ffff000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=206e692029312e726f74756365786500 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=000055b8f0882780 RCX=0000000000000000 RDX=fffffffffffffdc8 RSI=00007ffdd3d60390 RDI=000055b8f0882780 RBP=00007ffdd3d60390 RSP=00007ffdd3d60308 R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=00007f7390064d2a R13=0000000000000000 R14=0000000000000001 R15=0000000000000000 RIP=00007f738fc0a063 RFL=00000082 [--S----] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f738f4a9900 00000000 00000000 GS =0000 0000000000000000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055b8f0888010 CR3=0000000008ffa000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=25252525252525252525252525252525 XMM01=0000000000ff000000000000000000ff XMM02=0000000000ff000000000000000000ff XMM03=00656369767265732e6873732f656369 XMM04=2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e XMM05=6e692f6374652f20230a6d6f72662068 XMM06=7320736920656c69662073696854202e XMM07=00000000000000000000000000000000 XMM08=636f72702f0064696e6f697373657300 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000