program:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x8882, 0x0) (fail_nth: 9)

[   71.570522][ T5086] Bluetooth: hci0: command tx timeout
[   72.606994][ T5101] FAULT_INJECTION: forcing a failure.
[   72.606994][ T5101] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   72.618804][ T5101] CPU: 0 UID: 0 PID: 5101 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-07462-g1868f9d0260e #0
[   72.624164][ T5101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.628692][ T5101] Call Trace:
[   72.630683][ T5101]  <TASK>
[   72.632574][ T5101]  dump_stack_lvl+0x241/0x360
[   72.635747][ T5101]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.638149][ T5101]  ? __pfx__printk+0x10/0x10
[   72.640039][ T5101]  ? snprintf+0xda/0x120
[   72.641804][ T5101]  should_fail_ex+0x3b0/0x4e0
[   72.643836][ T5101]  _copy_to_user+0x2f/0xb0
[   72.645771][ T5101]  simple_read_from_buffer+0xca/0x150
[   72.647944][ T5101]  proc_fail_nth_read+0x1e9/0x250
[   72.649966][ T5101]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   72.652263][ T5101]  ? rw_verify_area+0x55e/0x6f0
[   72.654351][ T5101]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   72.657004][ T5101]  vfs_read+0x201/0xbc0
[   72.659192][ T5101]  ? __pfx_lock_release+0x10/0x10
[   72.661900][ T5101]  ? do_sys_openat2+0x17a/0x1d0
[   72.664107][ T5101]  ? __pfx_vfs_read+0x10/0x10
[   72.666052][ T5101]  ? __fget_files+0x3f3/0x470
[   72.668063][ T5101]  ? __fdget_pos+0x24e/0x320
[   72.670007][ T5101]  ksys_read+0x1a0/0x2c0
[   72.671797][ T5101]  ? __pfx_ksys_read+0x10/0x10
[   72.673902][ T5101]  ? do_syscall_64+0x100/0x230
[   72.676169][ T5101]  ? do_syscall_64+0xb6/0x230
[   72.678162][ T5101]  do_syscall_64+0xf3/0x230
[   72.680057][ T5101]  ? clear_bhb_loop+0x35/0x90
[   72.682011][ T5101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.684328][ T5101] RIP: 0033:0x7f145197c93c
[   72.686112][ T5101] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   72.693934][ T5101] RSP: 002b:00007f1452852030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   72.698446][ T5101] RAX: ffffffffffffffda RBX: 00007f1451b35f80 RCX: 00007f145197c93c
[   72.702092][ T5101] RDX: 000000000000000f RSI: 00007f14528520a0 RDI: 0000000000000004
[   72.705344][ T5101] RBP: 00007f1452852090 R08: 0000000000000000 R09: 0000000000000000
[   72.708605][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.711889][ T5101] R13: 0000000000000000 R14: 00007f1451b35f80 R15: 00007ffd70304738
[   72.715293][ T5101]  </TASK>
[   72.881564][ T5101] ------------[ cut here ]------------
[   72.884178][ T5101] kernel BUG at include/linux/scatterlist.h:171!
[   72.886846][ T5101] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   72.889994][ T5101] CPU: 0 UID: 0 PID: 5101 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-07462-g1868f9d0260e #0
[   72.895497][ T5101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.900412][ T5101] RIP: 0010:perf_trace_dma_map_sg+0xf34/0xf40
[   72.902927][ T5101] Code: 00 00 00 fc ff df e9 60 fc ff ff e8 c6 81 17 00 48 c7 c7 40 84 94 8e 4c 89 f6 e8 a7 70 72 03 e9 e3 f2 ff ff e8 ad 81 17 00 90 <0f> 0b e8 b5 eb 41 0a 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90
[   72.910159][ T5101] RSP: 0000:ffffc9000308e9e0 EFLAGS: 00010093
[   72.912368][ T5101] RAX: ffffffff817d3d73 RBX: ffffe8ffffc40d6d RCX: ffff88801fb54880
[   72.915187][ T5101] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   72.918204][ T5101] RBP: ffffc9000308eb40 R08: ffffffff817d33c4 R09: 322e66313a30303a
[   72.921550][ T5101] R10: dffffc0000000000 R11: fffff91ffff881ae R12: ffff888000ae26a8
[   72.926011][ T5101] R13: 0000000000000038 R14: 0000000000000008 R15: ffff88804b9e1781
[   72.929903][ T5101] FS:  00007f14528526c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000
[   72.933435][ T5101] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.936015][ T5101] CR2: 00007f14519dc900 CR3: 000000001ffb0000 CR4: 0000000000350ef0
[   72.939143][ T5101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.942075][ T5101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.945243][ T5101] Call Trace:
[   72.946618][ T5101]  <TASK>
[   72.948041][ T5101]  ? __die_body+0x5f/0xb0
[   72.950133][ T5101]  ? die+0x9e/0xc0
[   72.951943][ T5101]  ? do_trap+0x15a/0x3a0
[   72.953684][ T5101]  ? perf_trace_dma_map_sg+0xf34/0xf40
[   72.955917][ T5101]  ? do_error_trap+0x1dc/0x2c0
[   72.957825][ T5101]  ? perf_trace_dma_map_sg+0xf34/0xf40
[   72.960049][ T5101]  ? __pfx_do_error_trap+0x10/0x10
[   72.962295][ T5101]  ? report_bug+0x3cd/0x500
[   72.964300][ T5101]  ? handle_invalid_op+0x34/0x40
[   72.966843][ T5101]  ? perf_trace_dma_map_sg+0xf34/0xf40
[   72.969499][ T5101]  ? exc_invalid_op+0x38/0x50
[   72.971504][ T5101]  ? asm_exc_invalid_op+0x1a/0x20
[   72.973554][ T5101]  ? perf_trace_dma_map_sg+0x584/0xf40
[   72.975758][ T5101]  ? perf_trace_dma_map_sg+0xf33/0xf40
[   72.978002][ T5101]  ? perf_trace_dma_map_sg+0xf34/0xf40
[   72.980168][ T5101]  ? __pfx_perf_trace_dma_map_sg+0x10/0x10
[   72.982515][ T5101]  ? iommu_dma_map_sg+0x8c3/0xef0
[   72.984776][ T5101]  ? sg_next+0x84/0xb0
[   72.986790][ T5101]  ? __finalise_sg+0x74c/0x880
[   72.989673][ T5101]  trace_dma_map_sg+0x1da/0x240
[   72.991586][ T5101]  __dma_map_sg_attrs+0x106/0x1a0
[   72.993639][ T5101]  dma_map_sg_attrs+0x34/0x50
[   72.995556][ T5101]  ata_qc_issue+0x4cf/0xf40
[   72.997423][ T5101]  __ata_scsi_queuecmd+0x9fb/0x1030
[   72.999419][ T5101]  ? __pfx_ata_scsi_rw_xlat+0x10/0x10
[   73.001552][ T5101]  ata_scsi_queuecmd+0x3bb/0x530
[   73.003514][ T5101]  scsi_queue_rq+0x1d7c/0x2e90
[   73.005661][ T5101]  blk_mq_dispatch_rq_list+0xb89/0x1b30
[   73.009124][ T5101]  ? sbitmap_find_bit+0x435/0x4c0
[   73.011323][ T5101]  ? sbitmap_get+0x1f7/0x3f0
[   73.013265][ T5101]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[   73.015728][ T5101]  ? __blk_mq_alloc_driver_tag+0x32d/0x730
[   73.018198][ T5101]  __blk_mq_sched_dispatch_requests+0xb8a/0x1840
[   73.020878][ T5101]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[   73.023855][ T5101]  ? blk_mq_run_hw_queue+0x136/0xae0
[   73.026393][ T5101]  ? __pfx_lock_release+0x10/0x10
[   73.028700][ T5101]  blk_mq_sched_dispatch_requests+0xcb/0x140
[   73.031231][ T5101]  ? blk_mq_run_hw_queue+0x40c/0xae0
[   73.033467][ T5101]  blk_mq_run_hw_queue+0x9a5/0xae0
[   73.035612][ T5101]  blk_mq_flush_plug_list+0x1127/0x1890
[   73.037966][ T5101]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[   73.040791][ T5101]  __blk_flush_plug+0x420/0x500
[   73.043186][ T5101]  ? __pfx___blk_flush_plug+0x10/0x10
[   73.045617][ T5101]  blk_finish_plug+0x5e/0x80
[   73.047433][ T5101]  read_pages+0x644/0x840
[   73.049146][ T5101]  ? __pfx_read_pages+0x10/0x10
[   73.051116][ T5101]  ? filemap_add_folio+0x26d/0x650
[   73.053367][ T5101]  ? release_fault_lock+0x163/0x230
[   73.055550][ T5101]  ? release_fault_lock+0xa6/0x230
[   73.057775][ T5101]  page_cache_ra_unbounded+0x24c/0x8a0
[   73.060376][ T5101]  do_sync_mmap_readahead+0x499/0x970
[   73.062678][ T5101]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[   73.064979][ T5101]  ? count_memcg_event_mm+0x90/0x420
[   73.067127][ T5101]  ? __filemap_get_folio+0x949/0xbd0
[   73.069410][ T5101]  filemap_fault+0x820/0x1750
[   73.071513][ T5101]  ? __pfx_filemap_fault+0x10/0x10
[   73.074070][ T5101]  ? handle_pte_fault+0x2202/0x7010
[   73.077105][ T5101]  ? __pfx_lock_release+0x10/0x10
[   73.079583][ T5101]  ? pte_offset_map_nolock+0x137/0x1f0
[   73.081832][ T5101]  __do_fault+0x135/0x460
[   73.083589][ T5101]  ? handle_pte_fault+0x2202/0x7010
[   73.085765][ T5101]  handle_pte_fault+0x3228/0x7010
[   73.087806][ T5101]  ? __pfx_validate_chain+0x10/0x10
[   73.089988][ T5101]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[   73.092272][ T5101]  ? mark_lock+0x9a/0x360
[   73.094036][ T5101]  ? __pfx_handle_pte_fault+0x10/0x10
[   73.096288][ T5101]  ? __lock_acquire+0x1384/0x2050
[   73.099790][ T5101]  ? reacquire_held_locks+0x3eb/0x690
[   73.103555][ T5101]  ? lock_vma_under_rcu+0x2f9/0x6e0
[   73.105825][ T5101]  ? __pfx_reacquire_held_locks+0x10/0x10
[   73.108180][ T5101]  handle_mm_fault+0x1106/0x1bb0
[   73.110264][ T5101]  ? __pfx_handle_mm_fault+0x10/0x10
[   73.112398][ T5101]  ? lock_vma_under_rcu+0x592/0x6e0
[   73.114451][ T5101]  ? exc_page_fault+0x113/0x8c0
[   73.116463][ T5101]  exc_page_fault+0x459/0x8c0
[   73.118499][ T5101]  asm_exc_page_fault+0x26/0x30
[   73.120577][ T5101] RIP: 0033:0x7f1451951958
[   73.122430][ T5101] Code: 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 62 e2 7d 28 7a ce 89 f8 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 b8 01 00 00 <62> e1 fe 28 6f 17 62 a1 f5 20 ef da 62 a1 6d 20 da db 62 b2 66 20
[   73.131958][ T5101] RSP: 002b:00007f145284f8b8 EFLAGS: 00010283
[   73.134475][ T5101] RAX: 0000000000000900 RBX: 00007f145284fe30 RCX: 0000000000000000
[   73.137705][ T5101] RDX: 00007f1452851f78 RSI: 0000000000000025 RDI: 00007f14519dc900
[   73.140933][ T5101] RBP: 00000000fbad8004 R08: 0000000000000000 R09: 0000000000000000
[   73.144446][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f145284fe10
[   73.148581][ T5101] R13: 00007f1452851f78 R14: 00007f1451b35f80 R15: 00007ffd70304738
[   73.152459][ T5101]  </TASK>
[   73.153699][ T5101] Modules linked in:
[   73.155410][ T5101] ---[ end trace 0000000000000000 ]---
[   73.157655][ T5101] RIP: 0010:perf_trace_dma_map_sg+0xf34/0xf40
[   73.160074][ T5101] Code: 00 00 00 fc ff df e9 60 fc ff ff e8 c6 81 17 00 48 c7 c7 40 84 94 8e 4c 89 f6 e8 a7 70 72 03 e9 e3 f2 ff ff e8 ad 81 17 00 90 <0f> 0b e8 b5 eb 41 0a 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90
[   73.168731][ T5101] RSP: 0000:ffffc9000308e9e0 EFLAGS: 00010093
[   73.171971][ T5101] RAX: ffffffff817d3d73 RBX: ffffe8ffffc40d6d RCX: ffff88801fb54880
[   73.175293][ T5101] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   73.178495][ T5101] RBP: ffffc9000308eb40 R08: ffffffff817d33c4 R09: 322e66313a30303a
[   73.181752][ T5101] R10: dffffc0000000000 R11: fffff91ffff881ae R12: ffff888000ae26a8
[   73.185365][ T5101] R13: 0000000000000038 R14: 0000000000000008 R15: ffff88804b9e1781
[   73.189976][ T5101] FS:  00007f14528526c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000
[   73.194102][ T5101] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.196728][ T5101] CR2: 00007f14519dc900 CR3: 000000001ffb0000 CR4: 0000000000350ef0
[   73.199911][ T5101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   73.203008][ T5101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   73.206278][ T5101] Kernel panic - not syncing: Fatal exception
[   73.208984][ T5101] Kernel Offset: disabled
[   73.211035][ T5101] Rebooting in 86400 seconds..