20202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a08", 0x19, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:09 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(0x0, 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:46:09 executing program 7: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a08", 0x19, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 369.336376] loop7: detected capacity change from 0 to 264192 [ 369.348120] loop1: detected capacity change from 0 to 264192 [ 369.396671] audit: type=1326 audit(1768610769.888:40): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4901 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6ac7004b19 code=0x0 00:46:09 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:09 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(0x0, 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 369.445279] isofs_fill_super: root inode is not a directory. Corrupted media? [ 369.483191] isofs_fill_super: root inode is not a directory. Corrupted media? 00:46:09 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:09 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:10 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:10 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:10 executing program 3: io_setup(0xfff, &(0x7f0000000040)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(0x0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r0, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:46:10 executing program 7: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r1, 0x0}]) [ 369.667426] loop1: detected capacity change from 0 to 264192 00:46:10 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:10 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 369.745163] isofs_fill_super: get root inode failed 00:46:10 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:19 executing program 7: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809", 0x14, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:19 executing program 3: io_setup(0xfff, &(0x7f0000000040)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(0x0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r0, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:46:19 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:19 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0xfffffffffffffff7}, 0x0, 0xfffffffffffffe00, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}) fdatasync(0xffffffffffffffff) 00:46:19 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:19 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x81, 0x9, 0x7, 0xf1, 0x0, 0x3, 0x92, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1000, 0x0, @perf_bp={&(0x7f0000000000), 0x7}, 0x40080, 0x1, 0x200, 0x2, 0x1ff, 0x3, 0xfff, 0x0, 0x6, 0x0, 0x200}, 0x0, 0x1, 0xffffffffffffffff, 0xb) pread64(r0, &(0x7f0000000180)=""/249, 0xf9, 0x4) syz_open_dev$vcsn(&(0x7f0000000140), 0x9, 0x200000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) recvmmsg$unix(r1, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r5, 0x0) recvmmsg$unix(r4, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000280)={{0x1, 0x1, 0xffffffffffffff8a, r4, {0xf97}}, './cgroup.cpu/cgroup.procs\x00'}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000100)='.,/\x00') fsmount(r0, 0x0, 0x1) 00:46:19 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x81, 0x9, 0x7, 0xf1, 0x0, 0x3, 0x92, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1000, 0x0, @perf_bp={&(0x7f0000000000), 0x7}, 0x40080, 0x1, 0x200, 0x2, 0x1ff, 0x3, 0xfff, 0x0, 0x6, 0x0, 0x200}, 0x0, 0x1, 0xffffffffffffffff, 0xb) pread64(r0, &(0x7f0000000180)=""/249, 0xf9, 0x4) syz_open_dev$vcsn(&(0x7f0000000140), 0x9, 0x200000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) recvmmsg$unix(r1, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r5, 0x0) recvmmsg$unix(r4, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000280)={{0x1, 0x1, 0xffffffffffffff8a, r4, {0xf97}}, './cgroup.cpu/cgroup.procs\x00'}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000100)='.,/\x00') fsmount(r0, 0x0, 0x1) 00:46:19 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 379.125301] audit: type=1326 audit(1768610779.616:41): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4939 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6ac7004b19 code=0x0 [ 379.144472] loop1: detected capacity change from 0 to 264192 [ 379.149708] loop7: detected capacity change from 0 to 264192 00:46:19 executing program 3: io_setup(0xfff, &(0x7f0000000040)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(0x0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r0, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) [ 379.208537] isofs_fill_super: root inode is not a directory. Corrupted media? 00:46:19 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:19 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x0, 0x0) 00:46:19 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:19 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:19 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000001b40), 0x9}}, {{0x0, 0x0, &(0x7f0000000200), 0x1}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0xfb}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890) shutdown(0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4) shutdown(0xffffffffffffffff, 0x1) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040), 0x3, 0x4c890) shutdown(r0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c) shutdown(r0, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) [ 379.347139] isofs_fill_super: get root inode failed 00:46:29 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:29 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:29 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0xfffffffffffffff7}, 0x0, 0xfffffffffffffe00, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}) fdatasync(0xffffffffffffffff) 00:46:29 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000001b40), 0x9}}, {{0x0, 0x0, &(0x7f0000000200), 0x1}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0xfb}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890) shutdown(0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4) shutdown(0xffffffffffffffff, 0x1) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040), 0x3, 0x4c890) shutdown(r0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c) shutdown(r0, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 00:46:29 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:29 executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x6, 0x0) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x8, 0x9, 0x3, 0xce, 0x0, 0x6, 0x21040, 0x6, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fff, 0x1, @perf_config_ext={0x4, 0x8000}, 0x800, 0xfe, 0x6, 0x8, 0x7fffffff, 0xff, 0x7, 0x0, 0x9, 0x0, 0x28}, 0x0, 0x1, r0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) copy_file_range(r1, 0x0, r2, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) pidfd_getfd(r3, r3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x1ff) r4 = creat(&(0x7f0000000080)='./file1\x00', 0x4c) open_by_handle_at(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="0000e9e9de8c000000"], 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000140)) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 00:46:29 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:29 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x0, 0x0) [ 389.411009] loop1: detected capacity change from 0 to 264192 [ 389.448379] audit: type=1326 audit(1768610789.937:42): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4985 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6ac7004b19 code=0x0 00:46:29 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:29 executing program 6: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 389.491510] isofs_fill_super: get root inode failed [ 389.500944] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO 00:46:29 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff) perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4) bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000001b40), 0x9}}, {{0x0, 0x0, &(0x7f0000000200), 0x1}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0xfb}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890) shutdown(0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4) shutdown(0xffffffffffffffff, 0x1) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003040), 0x3, 0x4c890) shutdown(r0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c) shutdown(r0, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 00:46:30 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:30 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:30 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:30 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x0, 0x0) [ 389.675032] loop1: detected capacity change from 0 to 264192 [ 389.738233] ISOFS: Unable to identify CD-ROM format. 00:46:40 executing program 6: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:40 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0xfffffffffffffff7}, 0x0, 0xfffffffffffffe00, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:46:40 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:40 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}]) 00:46:40 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:40 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:40 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:40 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 400.513592] loop1: detected capacity change from 0 to 264192 00:46:41 executing program 6: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 400.618842] ISOFS: Unable to identify CD-ROM format. 00:46:41 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}]) 00:46:41 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:41 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0xfffffffffffffff7}, 0x0, 0xfffffffffffffe00, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:46:41 executing program 7: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:41 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:41 executing program 2: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:41 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:41 executing program 0: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 400.892985] loop2: detected capacity change from 0 to 264192 00:46:41 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0xfffffffffffffff7}, 0x0, 0xfffffffffffffe00, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:46:41 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:41 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}]) 00:46:41 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 401.074076] ISOFS: Unable to identify CD-ROM format. 00:46:51 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3f, 0xfffffffffffffff7}, 0x0, 0xfffffffffffffe00, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:46:51 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:51 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, 0x0]) 00:46:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:51 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:46:51 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:51 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:51 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:51 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 410.958700] loop1: detected capacity change from 0 to 264192 00:46:51 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) uname(&(0x7f0000000400)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x6, 0x0) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x8, 0x9, 0x3, 0xce, 0x0, 0x6, 0x21040, 0x6, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7fff, 0x1, @perf_config_ext={0x4, 0x8000}, 0x800, 0xfe, 0x6, 0x8, 0x7fffffff, 0xff, 0x7, 0x0, 0x9, 0x0, 0x28}, 0x0, 0x1, r0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) copy_file_range(r1, 0x0, r2, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) pidfd_getfd(r3, r3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x1ff) r4 = creat(&(0x7f0000000080)='./file1\x00', 0x4c) open_by_handle_at(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="0000e9e9de8c000000"], 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000140)) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58) 00:46:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:46:51 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2, 0x7, 0x5, 0x9, 0x0, 0x5, 0x23000, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x2, @perf_config_ext={0x0, 0x6}, 0x20840, 0x25, 0x5, 0x5, 0x10000, 0x3f, 0x7, 0x0, 0x4, 0x0, 0x2}, 0x0, 0x9, r0, 0xd) r1 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) shmat(r1, &(0x7f0000ffc000/0x1000)=nil, 0x4000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r2 = gettid() process_vm_writev(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r3) fork() perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x40, 0x0, 0xfc, 0x6, 0x0, 0x5, 0x2, 0xc, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000100), 0x6}, 0x4, 0xffffffff80000000, 0x0, 0x5, 0xa56, 0x4, 0x77, 0x0, 0x0, 0x0, 0x4}, r2, 0xc, r3, 0x9) [ 411.076979] ISOFS: Unable to identify CD-ROM format. [ 411.099945] program syz-executor.7 is using a deprecated SCSI ioctl, please convert it to SG_IO 00:47:01 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:01 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 1) 00:47:01 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) (fail_nth: 1) 00:47:01 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:01 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:01 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:01 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, 0x0]) 00:47:01 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 421.239596] loop1: detected capacity change from 0 to 264192 [ 421.255559] FAULT_INJECTION: forcing a failure. [ 421.255559] name failslab, interval 1, probability 0, space 0, times 1 [ 421.257392] CPU: 0 UID: 0 PID: 5108 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 421.257422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 421.257435] Call Trace: [ 421.257443] [ 421.257452] dump_stack_lvl+0xfa/0x120 [ 421.257504] should_fail_ex+0x4d7/0x5e0 [ 421.257546] ? vm_area_dup+0x25/0x700 [ 421.257582] should_failslab+0xc2/0x120 [ 421.257608] kmem_cache_alloc_noprof+0x80/0x760 [ 421.257652] ? vm_area_dup+0x25/0x700 [ 421.257687] vm_area_dup+0x25/0x700 [ 421.257726] __split_vma+0x179/0xdc0 [ 421.257762] ? __pfx___split_vma+0x10/0x10 [ 421.257798] ? get_page_from_freelist+0x507/0x3180 [ 421.257830] ? lock_release+0xc8/0x270 [ 421.257863] ? kernel_init_pages+0x12/0xc0 [ 421.257888] ? get_page_from_freelist+0x21a5/0x3180 [ 421.257928] vms_gather_munmap_vmas+0x178/0xc80 [ 421.257970] do_vmi_align_munmap+0x265/0x550 [ 421.258007] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 421.258041] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 421.258088] ? mtree_range_walk+0x74a/0xb90 [ 421.258130] ? mas_walk+0x6ba/0x8c0 [ 421.258166] do_vmi_munmap+0x1eb/0x3c0 [ 421.258203] do_munmap+0xb6/0xf0 [ 421.258230] ? __pfx_do_munmap+0x10/0x10 [ 421.258267] ? may_expand_vm+0xe8/0x440 [ 421.258306] mremap_to+0x242/0x450 [ 421.258344] __do_sys_mremap+0xb2d/0x1540 [ 421.258383] ? ksys_write+0x187/0x240 [ 421.258406] ? lock_release+0xc8/0x270 [ 421.258436] ? __pfx___do_sys_mremap+0x10/0x10 [ 421.258481] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 421.258510] ? __fget_files+0x20d/0x3b0 [ 421.258552] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 421.258583] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 421.258622] do_syscall_64+0xbf/0x420 [ 421.258651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.258676] RIP: 0033:0x7f0ac06b9b19 [ 421.258694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 421.258736] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 421.258759] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 421.258774] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 421.258788] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 421.258803] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 421.258816] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 421.258850] [ 421.293989] FAULT_INJECTION: forcing a failure. [ 421.293989] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 421.300218] CPU: 1 UID: 0 PID: 5102 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 421.300250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 421.300263] Call Trace: [ 421.300271] [ 421.300280] dump_stack_lvl+0xfa/0x120 [ 421.300314] should_fail_ex+0x4d7/0x5e0 [ 421.300354] _copy_from_user+0x30/0xd0 [ 421.300392] io_submit_one+0x8e/0x1a90 [ 421.300424] ? perf_trace_lock+0xbb/0x4f0 [ 421.300453] ? __lock_acquire+0x451/0x2250 [ 421.300487] ? __pfx_io_submit_one+0x10/0x10 [ 421.300519] ? lock_acquire+0x15e/0x2d0 [ 421.300545] ? __might_fault+0xe0/0x190 [ 421.300569] ? find_held_lock+0x2b/0x80 [ 421.300603] ? __might_fault+0x138/0x190 [ 421.300624] ? lock_release+0xc8/0x270 [ 421.300652] ? __might_fault+0xe0/0x190 [ 421.300679] __x64_sys_io_submit+0x182/0x2e0 [ 421.300711] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 421.300740] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 421.300781] ? ksys_write+0x1a3/0x240 [ 421.300804] ? __pfx_ksys_write+0x10/0x10 [ 421.300835] do_syscall_64+0xbf/0x420 [ 421.300863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.300886] RIP: 0033:0x7f5bcfb34b19 [ 421.300904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 421.300925] RSP: 002b:00007f5bcd0aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 421.300947] RAX: ffffffffffffffda RBX: 00007f5bcfc47f60 RCX: 00007f5bcfb34b19 [ 421.300961] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007f5bcd049000 [ 421.300975] RBP: 00007f5bcd0aa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 421.300988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.301001] R13: 00007ffd9f3252cf R14: 00007f5bcd0aa300 R15: 0000000000022000 [ 421.301033] 00:47:01 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:01 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:01 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 421.414217] ISOFS: Unable to identify CD-ROM format. 00:47:01 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, 0x0]) 00:47:01 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 2) 00:47:01 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 1) 00:47:02 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300), 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:02 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:02 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:02 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) (fail_nth: 2) [ 421.611145] FAULT_INJECTION: forcing a failure. [ 421.611145] name failslab, interval 1, probability 0, space 0, times 0 [ 421.619863] CPU: 0 UID: 0 PID: 5123 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 421.619897] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 421.619910] Call Trace: [ 421.619918] [ 421.619927] dump_stack_lvl+0xfa/0x120 [ 421.619960] should_fail_ex+0x4d7/0x5e0 [ 421.619999] ? vm_area_dup+0x25/0x700 [ 421.620032] should_failslab+0xc2/0x120 [ 421.620057] kmem_cache_alloc_noprof+0x80/0x760 [ 421.620099] ? vm_area_dup+0x25/0x700 [ 421.620131] vm_area_dup+0x25/0x700 [ 421.620166] __split_vma+0x179/0xdc0 [ 421.620200] ? __pfx___split_vma+0x10/0x10 [ 421.620228] ? get_page_from_freelist+0x507/0x3180 [ 421.620257] ? lock_release+0xc8/0x270 [ 421.620287] ? kernel_init_pages+0x12/0xc0 [ 421.620311] ? get_page_from_freelist+0x21a5/0x3180 [ 421.620348] vms_gather_munmap_vmas+0x178/0xc80 [ 421.620387] do_vmi_align_munmap+0x265/0x550 [ 421.620422] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 421.620454] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 421.620498] ? mtree_range_walk+0x74a/0xb90 [ 421.620538] ? mas_walk+0x6ba/0x8c0 [ 421.620572] do_vmi_munmap+0x1eb/0x3c0 [ 421.620607] do_munmap+0xb6/0xf0 [ 421.620633] ? __pfx_do_munmap+0x10/0x10 [ 421.620667] ? may_expand_vm+0xe8/0x440 [ 421.620703] mremap_to+0x242/0x450 [ 421.620739] __do_sys_mremap+0xb2d/0x1540 [ 421.620783] ? ksys_write+0x187/0x240 [ 421.620804] ? lock_release+0xc8/0x270 [ 421.620832] ? __pfx___do_sys_mremap+0x10/0x10 [ 421.620874] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 421.620901] ? __fget_files+0x20d/0x3b0 [ 421.620941] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 421.620969] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 421.621006] do_syscall_64+0xbf/0x420 [ 421.621033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.621055] RIP: 0033:0x7f2a1774eb19 [ 421.621073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 421.621093] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 421.621115] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 421.621130] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 421.621143] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 421.621156] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 421.621169] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 421.621201] 00:47:02 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 3) 00:47:02 executing program 4: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 421.771025] FAULT_INJECTION: forcing a failure. [ 421.771025] name failslab, interval 1, probability 0, space 0, times 0 [ 421.772716] CPU: 1 UID: 0 PID: 5131 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 421.772744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 421.772757] Call Trace: [ 421.772765] [ 421.772780] dump_stack_lvl+0xfa/0x120 [ 421.772812] should_fail_ex+0x4d7/0x5e0 [ 421.772852] ? io_submit_one+0xfa/0x1a90 [ 421.772880] should_failslab+0xc2/0x120 [ 421.772905] kmem_cache_alloc_noprof+0x80/0x760 [ 421.772947] ? io_submit_one+0xfa/0x1a90 [ 421.772973] io_submit_one+0xfa/0x1a90 [ 421.773004] ? perf_trace_lock+0xbb/0x4f0 [ 421.773033] ? __lock_acquire+0x451/0x2250 [ 421.773066] ? __pfx_io_submit_one+0x10/0x10 [ 421.773098] ? lock_acquire+0x15e/0x2d0 [ 421.773124] ? __might_fault+0xe0/0x190 [ 421.773152] ? lock_release+0xc8/0x270 [ 421.773179] ? __might_fault+0xe0/0x190 [ 421.773206] __x64_sys_io_submit+0x182/0x2e0 [ 421.773238] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 421.773267] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 421.773300] ? ksys_write+0x1a3/0x240 [ 421.773322] ? __pfx_ksys_write+0x10/0x10 [ 421.773353] do_syscall_64+0xbf/0x420 [ 421.773380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.773403] RIP: 0033:0x7f5bcfb34b19 [ 421.773421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 421.773441] RSP: 002b:00007f5bcd0aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 421.773463] RAX: ffffffffffffffda RBX: 00007f5bcfc47f60 RCX: 00007f5bcfb34b19 [ 421.773478] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007f5bcd049000 [ 421.773491] RBP: 00007f5bcd0aa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 421.773504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.773516] R13: 00007ffd9f3252cf R14: 00007f5bcd0aa300 R15: 0000000000022000 [ 421.773548] 00:47:02 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300), 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:02 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 421.820948] FAULT_INJECTION: forcing a failure. [ 421.820948] name failslab, interval 1, probability 0, space 0, times 0 [ 421.822576] CPU: 0 UID: 0 PID: 5134 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 421.822604] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 421.822617] Call Trace: [ 421.822625] [ 421.822634] dump_stack_lvl+0xfa/0x120 [ 421.822666] should_fail_ex+0x4d7/0x5e0 [ 421.822706] ? mas_preallocate+0xb3d/0xd90 [ 421.822745] should_failslab+0xc2/0x120 [ 421.822777] kmem_cache_alloc_noprof+0x80/0x760 [ 421.822819] ? mas_preallocate+0xb3d/0xd90 [ 421.822846] mas_preallocate+0xb3d/0xd90 [ 421.822880] ? __pfx_mas_preallocate+0x10/0x10 [ 421.822921] ? lockdep_init_map_type+0x4b/0x220 [ 421.822960] __split_vma+0x304/0xdc0 [ 421.822995] ? __pfx___split_vma+0x10/0x10 [ 421.823022] ? get_page_from_freelist+0x507/0x3180 [ 421.823052] ? lock_release+0xc8/0x270 [ 421.823080] ? kernel_init_pages+0x12/0xc0 [ 421.823104] ? get_page_from_freelist+0x21a5/0x3180 [ 421.823141] vms_gather_munmap_vmas+0x178/0xc80 [ 421.823181] do_vmi_align_munmap+0x265/0x550 [ 421.823216] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 421.823247] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 421.823291] ? mtree_range_walk+0x74a/0xb90 [ 421.823331] ? mas_walk+0x6ba/0x8c0 [ 421.823365] do_vmi_munmap+0x1eb/0x3c0 [ 421.823400] do_munmap+0xb6/0xf0 [ 421.823426] ? __pfx_do_munmap+0x10/0x10 [ 421.823461] ? may_expand_vm+0xe8/0x440 [ 421.823497] mremap_to+0x242/0x450 [ 421.823533] __do_sys_mremap+0xb2d/0x1540 [ 421.823570] ? ksys_write+0x187/0x240 [ 421.823591] ? lock_release+0xc8/0x270 [ 421.823619] ? __pfx___do_sys_mremap+0x10/0x10 [ 421.823661] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 421.823689] ? __fget_files+0x20d/0x3b0 [ 421.823729] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 421.823758] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 421.823794] do_syscall_64+0xbf/0x420 [ 421.823822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.823845] RIP: 0033:0x7f0ac06b9b19 [ 421.823862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 421.823882] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 421.823904] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 421.823919] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 421.823932] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 421.823945] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 421.823958] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 421.823990] [ 421.904016] loop1: detected capacity change from 0 to 264192 [ 421.991875] ISOFS: Unable to identify CD-ROM format. 00:47:11 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 2) 00:47:11 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300), 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:11 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 4) 00:47:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:11 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) (fail_nth: 3) 00:47:11 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:11 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 00:47:11 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(0xffffffffffffffff, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 431.275604] loop1: detected capacity change from 0 to 264192 00:47:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:11 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 5) [ 431.345165] FAULT_INJECTION: forcing a failure. [ 431.345165] name failslab, interval 1, probability 0, space 0, times 0 [ 431.352476] CPU: 0 UID: 0 PID: 5164 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 431.352493] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 431.352501] Call Trace: [ 431.352506] [ 431.352511] dump_stack_lvl+0xfa/0x120 [ 431.352532] should_fail_ex+0x4d7/0x5e0 [ 431.352556] ? vm_area_dup+0x25/0x700 [ 431.352576] should_failslab+0xc2/0x120 [ 431.352591] kmem_cache_alloc_noprof+0x80/0x760 [ 431.352614] ? vm_area_dup+0x25/0x700 [ 431.352632] vm_area_dup+0x25/0x700 [ 431.352651] __split_vma+0x179/0xdc0 [ 431.352671] ? __pfx___split_vma+0x10/0x10 [ 431.352691] ? __pfx_mas_prev+0x10/0x10 [ 431.352712] vms_gather_munmap_vmas+0x340/0xc80 [ 431.352733] do_vmi_align_munmap+0x265/0x550 [ 431.352752] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 431.352768] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 431.352809] ? mas_walk+0x6ba/0x8c0 [ 431.352828] do_vmi_munmap+0x1eb/0x3c0 [ 431.352847] do_munmap+0xb6/0xf0 [ 431.352862] ? __pfx_do_munmap+0x10/0x10 [ 431.352881] ? may_expand_vm+0xe8/0x440 [ 431.352900] mremap_to+0x242/0x450 [ 431.352920] __do_sys_mremap+0xb2d/0x1540 [ 431.352939] ? ksys_write+0x187/0x240 [ 431.352952] ? lock_release+0xc8/0x270 [ 431.352970] ? __pfx___do_sys_mremap+0x10/0x10 [ 431.352993] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 431.353008] ? __fget_files+0x20d/0x3b0 [ 431.353031] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 431.353047] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 431.353067] do_syscall_64+0xbf/0x420 [ 431.353082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.353095] RIP: 0033:0x7f0ac06b9b19 [ 431.353105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 431.353117] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 431.353130] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 431.353138] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 431.353146] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 431.353153] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 431.353160] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 431.353178] [ 431.368117] ISOFS: Unable to identify CD-ROM format. 00:47:21 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 3) 00:47:21 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(0xffffffffffffffff, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:21 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000", 0x50, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:21 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) (fail_nth: 4) 00:47:21 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:21 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 6) 00:47:21 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:21 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) [ 441.498116] FAULT_INJECTION: forcing a failure. [ 441.498116] name failslab, interval 1, probability 0, space 0, times 0 [ 441.499105] CPU: 0 UID: 0 PID: 5176 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 441.499120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 441.499128] Call Trace: [ 441.499132] [ 441.499137] dump_stack_lvl+0xfa/0x120 [ 441.499158] should_fail_ex+0x4d7/0x5e0 [ 441.499180] ? mas_preallocate+0xb3d/0xd90 [ 441.499196] should_failslab+0xc2/0x120 [ 441.499210] kmem_cache_alloc_noprof+0x80/0x760 [ 441.499233] ? mas_preallocate+0xb3d/0xd90 [ 441.499248] mas_preallocate+0xb3d/0xd90 [ 441.499266] ? __pfx_mas_preallocate+0x10/0x10 [ 441.499288] ? lockdep_init_map_type+0x4b/0x220 [ 441.499309] __split_vma+0x304/0xdc0 [ 441.499328] ? __pfx___split_vma+0x10/0x10 [ 441.499343] ? get_page_from_freelist+0x507/0x3180 [ 441.499359] ? lock_release+0xc8/0x270 [ 441.499374] ? kernel_init_pages+0x12/0xc0 [ 441.499388] ? get_page_from_freelist+0x21a5/0x3180 [ 441.499407] vms_gather_munmap_vmas+0x178/0xc80 [ 441.499429] do_vmi_align_munmap+0x265/0x550 [ 441.499448] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 441.499464] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 441.499488] ? mtree_range_walk+0x74a/0xb90 [ 441.499509] ? mas_walk+0x6ba/0x8c0 [ 441.499528] do_vmi_munmap+0x1eb/0x3c0 [ 441.499546] do_munmap+0xb6/0xf0 [ 441.499561] ? __pfx_do_munmap+0x10/0x10 [ 441.499579] ? may_expand_vm+0xe8/0x440 [ 441.499599] mremap_to+0x242/0x450 [ 441.499618] __do_sys_mremap+0xb2d/0x1540 [ 441.499638] ? ksys_write+0x187/0x240 [ 441.499650] ? lock_release+0xc8/0x270 [ 441.499666] ? __pfx___do_sys_mremap+0x10/0x10 [ 441.499688] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 441.499703] ? __fget_files+0x20d/0x3b0 [ 441.499725] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 441.499741] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 441.499761] do_syscall_64+0xbf/0x420 [ 441.499780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.499793] RIP: 0033:0x7f2a1774eb19 [ 441.499803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 441.499813] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 441.499826] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 441.499833] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 441.499841] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 441.499848] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 441.499854] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 441.499872] [ 441.536126] loop1: detected capacity change from 0 to 264192 00:47:22 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 7) [ 441.569468] FAULT_INJECTION: forcing a failure. [ 441.569468] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 441.585996] FAULT_INJECTION: forcing a failure. [ 441.585996] name failslab, interval 1, probability 0, space 0, times 0 [ 441.586955] CPU: 0 UID: 0 PID: 5189 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 441.586971] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 441.586978] Call Trace: [ 441.586982] [ 441.586987] dump_stack_lvl+0xfa/0x120 [ 441.587007] should_fail_ex+0x4d7/0x5e0 [ 441.587030] ? mas_preallocate+0xb3d/0xd90 [ 441.587044] should_failslab+0xc2/0x120 [ 441.587059] kmem_cache_alloc_noprof+0x80/0x760 [ 441.587082] ? mas_preallocate+0xb3d/0xd90 [ 441.587097] mas_preallocate+0xb3d/0xd90 [ 441.587115] ? __pfx_mas_preallocate+0x10/0x10 [ 441.587137] ? lockdep_init_map_type+0x4b/0x220 [ 441.587159] __split_vma+0x304/0xdc0 [ 441.587178] ? __pfx___split_vma+0x10/0x10 [ 441.587198] ? __pfx_mas_prev+0x10/0x10 [ 441.587217] vms_gather_munmap_vmas+0x340/0xc80 [ 441.587238] do_vmi_align_munmap+0x265/0x550 [ 441.587257] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 441.587274] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 441.587309] ? mas_walk+0x6ba/0x8c0 [ 441.587327] do_vmi_munmap+0x1eb/0x3c0 [ 441.587346] do_munmap+0xb6/0xf0 [ 441.587361] ? __pfx_do_munmap+0x10/0x10 [ 441.587379] ? may_expand_vm+0xe8/0x440 [ 441.587398] mremap_to+0x242/0x450 [ 441.587418] __do_sys_mremap+0xb2d/0x1540 [ 441.587437] ? ksys_write+0x187/0x240 [ 441.587449] ? lock_release+0xc8/0x270 [ 441.587465] ? __pfx___do_sys_mremap+0x10/0x10 [ 441.587487] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 441.587502] ? __fget_files+0x20d/0x3b0 [ 441.587524] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 441.587540] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 441.587559] do_syscall_64+0xbf/0x420 [ 441.587575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.587588] RIP: 0033:0x7f0ac06b9b19 [ 441.587597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 441.587608] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 441.587621] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 441.587629] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 441.587636] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 441.587643] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 441.587649] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 441.587667] [ 441.609797] CPU: 0 UID: 0 PID: 5184 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 441.609814] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 441.609822] Call Trace: [ 441.609826] [ 441.609830] dump_stack_lvl+0xfa/0x120 [ 441.609845] should_fail_ex+0x4d7/0x5e0 [ 441.609865] _copy_from_user+0x30/0xd0 [ 441.609885] io_submit_one+0x8e/0x1a90 [ 441.609903] ? perf_trace_lock+0xbb/0x4f0 [ 441.609918] ? __lock_acquire+0x451/0x2250 [ 441.609936] ? __pfx_io_submit_one+0x10/0x10 [ 441.609954] ? lock_acquire+0x15e/0x2d0 [ 441.609968] ? __might_fault+0xe0/0x190 [ 441.609980] ? find_held_lock+0x2b/0x80 [ 441.609998] ? __might_fault+0x138/0x190 [ 441.610009] ? lock_release+0xc8/0x270 [ 441.610024] ? __might_fault+0xe0/0x190 [ 441.610039] __x64_sys_io_submit+0x182/0x2e0 [ 441.610056] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 441.610071] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 441.610088] ? ksys_write+0x1a3/0x240 [ 441.610099] ? __pfx_ksys_write+0x10/0x10 [ 441.610116] do_syscall_64+0xbf/0x420 [ 441.610130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.610142] RIP: 0033:0x7f5bcfb34b19 [ 441.610151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 441.610162] RSP: 002b:00007f5bcd0aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 441.610173] RAX: ffffffffffffffda RBX: 00007f5bcfc47f60 RCX: 00007f5bcfb34b19 [ 441.610181] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007f5bcd049000 [ 441.610188] RBP: 00007f5bcd0aa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 441.610195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.610202] R13: 00007ffd9f3252cf R14: 00007f5bcd0aa300 R15: 0000000000022000 [ 441.610219] [ 441.639185] ISOFS: Logical zone size(0) < hardware blocksize(1024) 00:47:22 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 4) 00:47:22 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 00:47:22 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:22 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 8) 00:47:22 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:22 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) (fail_nth: 5) 00:47:22 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 5) 00:47:22 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000", 0x50, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:22 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 9) [ 441.794230] FAULT_INJECTION: forcing a failure. [ 441.794230] name failslab, interval 1, probability 0, space 0, times 0 [ 441.797971] CPU: 0 UID: 0 PID: 5203 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 441.797992] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 441.797999] Call Trace: [ 441.798004] [ 441.798009] dump_stack_lvl+0xfa/0x120 [ 441.798029] should_fail_ex+0x4d7/0x5e0 [ 441.798052] ? vm_area_dup+0x25/0x700 [ 441.798070] should_failslab+0xc2/0x120 [ 441.798085] kmem_cache_alloc_noprof+0x80/0x760 [ 441.798107] ? vm_area_dup+0x25/0x700 [ 441.798125] vm_area_dup+0x25/0x700 [ 441.798144] __split_vma+0x179/0xdc0 [ 441.798162] ? __pfx___split_vma+0x10/0x10 [ 441.798183] ? __pfx_mas_prev+0x10/0x10 [ 441.798203] vms_gather_munmap_vmas+0x340/0xc80 [ 441.798224] do_vmi_align_munmap+0x265/0x550 [ 441.798243] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 441.798259] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 441.798294] ? mas_walk+0x6ba/0x8c0 [ 441.798313] do_vmi_munmap+0x1eb/0x3c0 [ 441.798332] do_munmap+0xb6/0xf0 [ 441.798345] ? __pfx_do_munmap+0x10/0x10 [ 441.798364] ? may_expand_vm+0xe8/0x440 [ 441.798383] mremap_to+0x242/0x450 [ 441.798403] __do_sys_mremap+0xb2d/0x1540 [ 441.798422] ? ksys_write+0x187/0x240 [ 441.798434] ? lock_release+0xc8/0x270 [ 441.798451] ? __pfx___do_sys_mremap+0x10/0x10 [ 441.798474] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 441.798489] ? __fget_files+0x20d/0x3b0 [ 441.798511] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 441.798527] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 441.798546] do_syscall_64+0xbf/0x420 [ 441.798561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.798574] RIP: 0033:0x7f2a1774eb19 [ 441.798585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 441.798596] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 441.798608] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 441.798616] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 441.798624] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 441.798631] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 441.798638] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 441.798655] [ 441.861185] FAULT_INJECTION: forcing a failure. [ 441.861185] name failslab, interval 1, probability 0, space 0, times 0 [ 441.863832] CPU: 0 UID: 0 PID: 5205 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 441.863849] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 441.863856] Call Trace: [ 441.863861] [ 441.863866] dump_stack_lvl+0xfa/0x120 [ 441.863886] should_fail_ex+0x4d7/0x5e0 [ 441.863909] ? io_submit_one+0xfa/0x1a90 [ 441.863924] should_failslab+0xc2/0x120 [ 441.863940] kmem_cache_alloc_noprof+0x80/0x760 [ 441.863962] ? io_submit_one+0xfa/0x1a90 [ 441.863976] io_submit_one+0xfa/0x1a90 [ 441.863992] ? perf_trace_lock+0xbb/0x4f0 [ 441.864008] ? __lock_acquire+0x451/0x2250 [ 441.864026] ? __pfx_io_submit_one+0x10/0x10 [ 441.864044] ? lock_acquire+0x15e/0x2d0 [ 441.864058] ? __might_fault+0xe0/0x190 [ 441.864073] ? lock_release+0xc8/0x270 [ 441.864088] ? __might_fault+0xe0/0x190 [ 441.864103] __x64_sys_io_submit+0x182/0x2e0 [ 441.864120] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 441.864136] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 441.864153] ? ksys_write+0x1a3/0x240 [ 441.864166] ? __pfx_ksys_write+0x10/0x10 [ 441.864183] do_syscall_64+0xbf/0x420 [ 441.864199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.864212] RIP: 0033:0x7f5bcfb34b19 [ 441.864222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 441.864233] RSP: 002b:00007f5bcd0aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 441.864245] RAX: ffffffffffffffda RBX: 00007f5bcfc47f60 RCX: 00007f5bcfb34b19 [ 441.864253] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007f5bcd049000 [ 441.864260] RBP: 00007f5bcd0aa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 441.864267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.864274] R13: 00007ffd9f3252cf R14: 00007f5bcd0aa300 R15: 0000000000022000 [ 441.864291] 00:47:31 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 6) 00:47:31 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:47:31 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(0xffffffffffffffff, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:31 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) (fail_nth: 6) 00:47:31 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:47:31 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:31 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000", 0x50, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:31 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 10) 00:47:31 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 7) 00:47:31 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 11) [ 451.220827] loop1: detected capacity change from 0 to 264192 [ 451.270012] FAULT_INJECTION: forcing a failure. [ 451.270012] name failslab, interval 1, probability 0, space 0, times 0 [ 451.271550] CPU: 0 UID: 0 PID: 5232 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 451.271567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 451.271575] Call Trace: [ 451.271579] [ 451.271584] dump_stack_lvl+0xfa/0x120 [ 451.271609] should_fail_ex+0x4d7/0x5e0 [ 451.271631] ? mas_preallocate+0xb3d/0xd90 [ 451.271650] should_failslab+0xc2/0x120 [ 451.271664] kmem_cache_alloc_noprof+0x80/0x760 [ 451.271687] ? mas_preallocate+0xb3d/0xd90 [ 451.271701] mas_preallocate+0xb3d/0xd90 [ 451.271719] ? __pfx_mas_preallocate+0x10/0x10 [ 451.271741] ? lockdep_init_map_type+0x4b/0x220 [ 451.271762] __split_vma+0x304/0xdc0 [ 451.271781] ? __pfx___split_vma+0x10/0x10 [ 451.271801] ? __pfx_mas_prev+0x10/0x10 [ 451.271820] vms_gather_munmap_vmas+0x340/0xc80 [ 451.271842] do_vmi_align_munmap+0x265/0x550 [ 451.271861] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 451.271877] ? __alloc_frozen_pages_noprof+0x441/0x25b0 [ 451.271912] ? mas_walk+0x6ba/0x8c0 [ 451.271931] do_vmi_munmap+0x1eb/0x3c0 [ 451.271949] do_munmap+0xb6/0xf0 [ 451.271964] ? __pfx_do_munmap+0x10/0x10 [ 451.271982] ? may_expand_vm+0xe8/0x440 [ 451.272002] mremap_to+0x242/0x450 [ 451.272021] __do_sys_mremap+0xb2d/0x1540 [ 451.272040] ? ksys_write+0x187/0x240 [ 451.272053] ? lock_release+0xc8/0x270 [ 451.272068] ? __pfx___do_sys_mremap+0x10/0x10 [ 451.272091] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 451.272105] ? __fget_files+0x20d/0x3b0 [ 451.272128] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 451.272144] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 451.272163] do_syscall_64+0xbf/0x420 [ 451.272179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.272191] RIP: 0033:0x7f2a1774eb19 [ 451.272201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 451.272212] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 451.272225] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 451.272233] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 451.272240] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 451.272247] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 451.272254] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 451.272271] 00:47:31 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:31 executing program 4: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) [ 451.296083] FAULT_INJECTION: forcing a failure. [ 451.296083] name failslab, interval 1, probability 0, space 0, times 0 [ 451.297749] CPU: 0 UID: 0 PID: 5234 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 451.297765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 451.297777] Call Trace: [ 451.297781] [ 451.297786] dump_stack_lvl+0xfa/0x120 [ 451.297801] should_fail_ex+0x4d7/0x5e0 [ 451.297821] ? mas_preallocate+0xb3d/0xd90 [ 451.297835] should_failslab+0xc2/0x120 [ 451.297848] kmem_cache_alloc_noprof+0x80/0x760 [ 451.297870] ? mas_preallocate+0xb3d/0xd90 [ 451.297884] mas_preallocate+0xb3d/0xd90 [ 451.297901] ? kernel_text_address+0x5b/0xc0 [ 451.297918] ? __pfx_mas_preallocate+0x10/0x10 [ 451.297939] ? __asan_memset+0x24/0x50 [ 451.297950] ? init_multi_vma_prep+0x306/0x650 [ 451.297968] commit_merge+0x253/0xe50 [ 451.297985] ? lock_is_held_type+0x9e/0x120 [ 451.297997] ? __pfx_commit_merge+0x10/0x10 [ 451.298018] ? mas_prev_slot+0x465/0x18b0 [ 451.298032] ? lock_is_held_type+0x9e/0x120 [ 451.298045] vma_expand+0x5e6/0xde0 [ 451.298064] ? __pfx_vma_expand+0x10/0x10 [ 451.298081] ? can_vma_merge_right+0xa5/0x430 [ 451.298099] vma_merge_new_range+0x5d5/0x860 [ 451.298119] copy_vma+0x38d/0xa30 [ 451.298139] ? __pfx_copy_vma+0x10/0x10 [ 451.298154] ? percpu_counter_add_batch+0x126/0x240 [ 451.298178] ? __mt_destroy+0xa8/0x3f0 [ 451.298201] ? __pfx_perf_trace_lock+0x10/0x10 [ 451.298223] copy_vma_and_data+0x1d2/0x7f0 [ 451.298241] ? lock_release+0xc8/0x270 [ 451.298256] ? __pfx_copy_vma_and_data+0x10/0x10 [ 451.298275] ? avc_has_perm_noaudit+0x141/0x390 [ 451.298293] ? selinux_vm_enough_memory+0x107/0x160 [ 451.298313] ? __pfx_percpu_counter_add_batch+0x10/0x10 [ 451.298337] ? lock_is_held_type+0x9e/0x120 [ 451.298350] move_vma+0x5af/0x1930 [ 451.298369] ? mtree_load+0x349/0xb40 [ 451.298382] ? __pfx_move_vma+0x10/0x10 [ 451.298401] ? mm_get_unmapped_area_vmflags+0xda/0x140 [ 451.298415] ? cap_mmap_addr+0x4e/0x130 [ 451.298432] ? selinux_mmap_addr+0x2d/0x110 [ 451.298447] ? security_mmap_addr+0x6e/0x80 [ 451.298460] ? __get_unmapped_area+0x1a0/0x3a0 [ 451.298476] ? vrm_set_new_addr+0x210/0x2a0 [ 451.298496] mremap_to+0x1c3/0x450 [ 451.298515] __do_sys_mremap+0xb2d/0x1540 [ 451.298535] ? ksys_write+0x187/0x240 [ 451.298546] ? lock_release+0xc8/0x270 [ 451.298561] ? __pfx___do_sys_mremap+0x10/0x10 [ 451.298583] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 451.298597] ? __fget_files+0x20d/0x3b0 [ 451.298619] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 451.298633] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 451.298653] do_syscall_64+0xbf/0x420 [ 451.298667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.298679] RIP: 0033:0x7f0ac06b9b19 [ 451.298688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 451.298699] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 451.298711] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 451.298718] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 451.298725] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 451.298732] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 451.298739] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 451.298757] [ 451.324372] ISOFS: Logical zone size(0) < hardware blocksize(1024) 00:47:31 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) (fail_nth: 7) 00:47:31 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:47:31 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 451.398974] FAULT_INJECTION: forcing a failure. [ 451.398974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 451.400172] CPU: 0 UID: 0 PID: 5239 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 451.400187] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 451.400195] Call Trace: [ 451.400199] [ 451.400204] dump_stack_lvl+0xfa/0x120 [ 451.400224] should_fail_ex+0x4d7/0x5e0 [ 451.400246] _copy_to_user+0x32/0xd0 [ 451.400267] simple_read_from_buffer+0xe0/0x180 [ 451.400289] proc_fail_nth_read+0x18a/0x240 [ 451.400306] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 451.400322] ? security_file_permission+0x22/0x90 [ 451.400337] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 451.400352] vfs_read+0x1eb/0xc70 [ 451.400373] ? __pfx___mutex_lock+0x10/0x10 [ 451.400385] ? __fget_files+0x34/0x3b0 [ 451.400398] ? __pfx_vfs_read+0x10/0x10 [ 451.400417] ? lock_release+0xc8/0x270 [ 451.400436] ? __fget_files+0x20d/0x3b0 [ 451.400455] ksys_read+0x121/0x240 [ 451.400465] ? __pfx_ksys_read+0x10/0x10 [ 451.400482] do_syscall_64+0xbf/0x420 [ 451.400498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.400510] RIP: 0033:0x7f5bcfae769c [ 451.400520] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 451.400531] RSP: 002b:00007f5bcd0aa170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 451.400544] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5bcfae769c [ 451.400552] RDX: 000000000000000f RSI: 00007f5bcd0aa1e0 RDI: 0000000000000005 [ 451.400559] RBP: 00007f5bcd0aa1d0 R08: 0000000000000000 R09: 0000000000000000 [ 451.400566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.400572] R13: 00007ffd9f3252cf R14: 00007f5bcd0aa300 R15: 0000000000022000 [ 451.400590] 00:47:42 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 8) 00:47:42 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 12) 00:47:42 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:47:42 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700"/120, 0x78, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:42 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:47:42 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300), 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:42 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:42 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 462.091441] loop1: detected capacity change from 0 to 264192 [ 462.122828] loop4: detected capacity change from 0 to 264192 00:47:42 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 13) [ 462.140463] ISOFS: Logical zone size(0) < hardware blocksize(1024) 00:47:42 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:42 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 9) [ 462.225858] ISOFS: Unable to identify CD-ROM format. 00:47:42 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700"/120, 0x78, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:42 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[0x0, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:47:42 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0xa, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:47:42 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 14) 00:47:42 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 462.321490] loop1: detected capacity change from 0 to 264192 00:47:42 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 15) 00:47:42 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 462.416184] FAULT_INJECTION: forcing a failure. [ 462.416184] name failslab, interval 1, probability 0, space 0, times 0 [ 462.419911] CPU: 0 UID: 0 PID: 5291 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 462.419929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 462.419937] Call Trace: [ 462.419941] [ 462.419946] dump_stack_lvl+0xfa/0x120 [ 462.419968] should_fail_ex+0x4d7/0x5e0 [ 462.419992] ? vm_area_dup+0x25/0x700 [ 462.420012] should_failslab+0xc2/0x120 [ 462.420026] kmem_cache_alloc_noprof+0x80/0x760 [ 462.420043] ? vma_expand+0x69f/0xde0 [ 462.420064] ? vm_area_dup+0x25/0x700 [ 462.420081] vm_area_dup+0x25/0x700 [ 462.420101] __split_vma+0x179/0xdc0 [ 462.420117] ? lock_acquire+0x15e/0x2d0 [ 462.420134] ? __pfx___split_vma+0x10/0x10 [ 462.420148] ? lock_is_held_type+0x9e/0x120 [ 462.420164] ? get_old_pud+0xc4/0x390 [ 462.420183] ? move_page_tables+0xf0e/0x28b0 [ 462.420205] vms_gather_munmap_vmas+0x178/0xc80 [ 462.420226] do_vmi_align_munmap+0x265/0x550 [ 462.420245] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 462.420271] ? mtree_range_walk+0x74a/0xb90 [ 462.420293] ? mas_walk+0x6ba/0x8c0 [ 462.420311] do_vmi_munmap+0x1eb/0x3c0 [ 462.420330] move_vma+0xa1f/0x1930 [ 462.420351] ? __pfx_move_vma+0x10/0x10 [ 462.420378] ? vrm_set_new_addr+0x210/0x2a0 [ 462.420398] mremap_to+0x1c3/0x450 [ 462.420417] __do_sys_mremap+0xb2d/0x1540 [ 462.420437] ? ksys_write+0x187/0x240 [ 462.420449] ? lock_release+0xc8/0x270 [ 462.420464] ? __pfx___do_sys_mremap+0x10/0x10 [ 462.420487] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 462.420502] ? __fget_files+0x20d/0x3b0 [ 462.420525] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 462.420541] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 462.420561] do_syscall_64+0xbf/0x420 [ 462.420576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.420590] RIP: 0033:0x7f0ac06b9b19 [ 462.420600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 462.420612] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 462.420624] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 462.420632] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 462.420640] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 462.420647] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 462.420654] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 462.420672] [ 462.426087] ISOFS: Logical zone size(0) < hardware blocksize(1024) 00:47:52 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 16) 00:47:52 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 10) 00:47:52 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:52 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[0x0, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:47:52 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:52 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0xf, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:47:52 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700"/120, 0x78, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:52 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 471.610171] loop1: detected capacity change from 0 to 264192 00:47:52 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(0xffffffffffffffff, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:52 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 17) [ 471.655264] ISOFS: Logical zone size(0) < hardware blocksize(1024) [ 471.671904] FAULT_INJECTION: forcing a failure. [ 471.671904] name failslab, interval 1, probability 0, space 0, times 0 [ 471.674849] CPU: 0 UID: 0 PID: 5314 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 471.674866] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 471.674874] Call Trace: [ 471.674878] [ 471.674883] dump_stack_lvl+0xfa/0x120 [ 471.674903] should_fail_ex+0x4d7/0x5e0 [ 471.674925] ? mas_preallocate+0xb3d/0xd90 [ 471.674940] should_failslab+0xc2/0x120 [ 471.674955] kmem_cache_alloc_noprof+0x80/0x760 [ 471.674978] ? mas_preallocate+0xb3d/0xd90 [ 471.674993] mas_preallocate+0xb3d/0xd90 [ 471.675011] ? __pfx_mas_preallocate+0x10/0x10 [ 471.675033] ? lockdep_init_map_type+0x4b/0x220 [ 471.675055] __split_vma+0x304/0xdc0 [ 471.675074] ? __pfx___split_vma+0x10/0x10 [ 471.675088] ? lock_is_held_type+0x9e/0x120 [ 471.675102] ? get_old_pud+0xc4/0x390 [ 471.675122] ? move_page_tables+0xf0e/0x28b0 [ 471.675143] vms_gather_munmap_vmas+0x178/0xc80 [ 471.675164] do_vmi_align_munmap+0x265/0x550 [ 471.675183] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 471.675209] ? mtree_range_walk+0x74a/0xb90 [ 471.675230] ? mas_walk+0x6ba/0x8c0 [ 471.675258] do_vmi_munmap+0x1eb/0x3c0 [ 471.675276] move_vma+0xa1f/0x1930 [ 471.675298] ? __pfx_move_vma+0x10/0x10 [ 471.675325] ? vrm_set_new_addr+0x210/0x2a0 [ 471.675345] mremap_to+0x1c3/0x450 [ 471.675363] __do_sys_mremap+0xb2d/0x1540 [ 471.675383] ? ksys_write+0x187/0x240 [ 471.675395] ? lock_release+0xc8/0x270 [ 471.675411] ? __pfx___do_sys_mremap+0x10/0x10 [ 471.675433] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 471.675448] ? __fget_files+0x20d/0x3b0 [ 471.675470] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 471.675485] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 471.675505] do_syscall_64+0xbf/0x420 [ 471.675520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.675533] RIP: 0033:0x7f0ac06b9b19 [ 471.675543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 471.675554] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 471.675567] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 471.675575] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 471.675582] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 471.675589] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 471.675596] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 471.675614] [ 471.754157] loop1: detected capacity change from 0 to 264192 00:47:52 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[0x0, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:47:52 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018", 0x8c, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:52 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 18) 00:47:52 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 11) [ 471.777622] FAULT_INJECTION: forcing a failure. [ 471.777622] name failslab, interval 1, probability 0, space 0, times 0 [ 471.781621] CPU: 0 UID: 0 PID: 5325 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 471.781637] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 471.781645] Call Trace: [ 471.781649] [ 471.781654] dump_stack_lvl+0xfa/0x120 [ 471.781674] should_fail_ex+0x4d7/0x5e0 [ 471.781696] ? mas_preallocate+0xb3d/0xd90 [ 471.781711] should_failslab+0xc2/0x120 [ 471.781725] kmem_cache_alloc_noprof+0x80/0x760 [ 471.781748] ? mas_preallocate+0xb3d/0xd90 [ 471.781762] mas_preallocate+0xb3d/0xd90 [ 471.781784] ? kernel_text_address+0x5b/0xc0 [ 471.781801] ? __pfx_mas_preallocate+0x10/0x10 [ 471.781823] ? __asan_memset+0x24/0x50 [ 471.781834] ? init_multi_vma_prep+0x306/0x650 [ 471.781852] commit_merge+0x253/0xe50 [ 471.781870] ? lock_is_held_type+0x9e/0x120 [ 471.781882] ? __pfx_commit_merge+0x10/0x10 [ 471.781903] ? mas_prev_slot+0x465/0x18b0 [ 471.781918] ? lock_is_held_type+0x9e/0x120 [ 471.781931] vma_expand+0x5e6/0xde0 [ 471.781949] ? __pfx_vma_expand+0x10/0x10 [ 471.781966] ? can_vma_merge_right+0xa5/0x430 [ 471.781985] vma_merge_new_range+0x5d5/0x860 [ 471.782005] copy_vma+0x38d/0xa30 [ 471.782025] ? __pfx_copy_vma+0x10/0x10 [ 471.782040] ? percpu_counter_add_batch+0x126/0x240 [ 471.782064] ? __mt_destroy+0xa8/0x3f0 [ 471.782087] ? __pfx_perf_trace_lock+0x10/0x10 [ 471.782110] copy_vma_and_data+0x1d2/0x7f0 [ 471.782129] ? lock_release+0xc8/0x270 [ 471.782145] ? __pfx_copy_vma_and_data+0x10/0x10 [ 471.782164] ? avc_has_perm_noaudit+0x141/0x390 [ 471.782182] ? selinux_vm_enough_memory+0x107/0x160 [ 471.782202] ? __pfx_percpu_counter_add_batch+0x10/0x10 [ 471.782226] ? lock_is_held_type+0x9e/0x120 [ 471.782240] move_vma+0x5af/0x1930 [ 471.782258] ? mtree_load+0x349/0xb40 [ 471.782271] ? __pfx_move_vma+0x10/0x10 [ 471.782290] ? mm_get_unmapped_area_vmflags+0xda/0x140 [ 471.782305] ? cap_mmap_addr+0x4e/0x130 [ 471.782323] ? selinux_mmap_addr+0x2d/0x110 [ 471.782338] ? security_mmap_addr+0x6e/0x80 [ 471.782352] ? __get_unmapped_area+0x1a0/0x3a0 [ 471.782368] ? vrm_set_new_addr+0x210/0x2a0 [ 471.782388] mremap_to+0x1c3/0x450 [ 471.782410] __do_sys_mremap+0xb2d/0x1540 [ 471.782431] ? ksys_write+0x187/0x240 [ 471.782444] ? lock_release+0xc8/0x270 [ 471.782459] ? __pfx___do_sys_mremap+0x10/0x10 [ 471.782481] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 471.782496] ? __fget_files+0x20d/0x3b0 [ 471.782518] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 471.782534] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 471.782553] do_syscall_64+0xbf/0x420 [ 471.782568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.782581] RIP: 0033:0x7f2a1774eb19 [ 471.782591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 471.782602] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 471.782614] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 471.782622] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 471.782629] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 471.782637] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 471.782643] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 471.782661] 00:47:52 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x41, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:47:52 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:47:52 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 19) [ 471.860263] isofs_fill_super: get root inode failed [ 471.887885] FAULT_INJECTION: forcing a failure. [ 471.887885] name failslab, interval 1, probability 0, space 0, times 0 00:47:52 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:47:52 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018", 0x8c, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 471.892773] CPU: 0 UID: 0 PID: 5329 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 471.892791] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 471.892799] Call Trace: [ 471.892803] [ 471.892808] dump_stack_lvl+0xfa/0x120 [ 471.892828] should_fail_ex+0x4d7/0x5e0 [ 471.892850] ? vm_area_dup+0x25/0x700 [ 471.892869] should_failslab+0xc2/0x120 [ 471.892883] kmem_cache_alloc_noprof+0x80/0x760 [ 471.892906] ? vm_area_dup+0x25/0x700 [ 471.892924] vm_area_dup+0x25/0x700 [ 471.892943] __split_vma+0x179/0xdc0 [ 471.892961] ? __pfx___split_vma+0x10/0x10 [ 471.892981] ? __pfx_mas_prev+0x10/0x10 [ 471.893001] vms_gather_munmap_vmas+0x340/0xc80 [ 471.893022] do_vmi_align_munmap+0x265/0x550 [ 471.893041] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 471.893078] ? mas_walk+0x6ba/0x8c0 [ 471.893096] do_vmi_munmap+0x1eb/0x3c0 [ 471.893115] move_vma+0xa1f/0x1930 [ 471.893137] ? __pfx_move_vma+0x10/0x10 [ 471.893164] ? vrm_set_new_addr+0x210/0x2a0 [ 471.893183] mremap_to+0x1c3/0x450 [ 471.893202] __do_sys_mremap+0xb2d/0x1540 [ 471.893222] ? ksys_write+0x187/0x240 [ 471.893234] ? lock_release+0xc8/0x270 [ 471.893250] ? __pfx___do_sys_mremap+0x10/0x10 [ 471.893273] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 471.893288] ? __fget_files+0x20d/0x3b0 [ 471.893310] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 471.893326] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 471.893345] do_syscall_64+0xbf/0x420 [ 471.893360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.893373] RIP: 0033:0x7f0ac06b9b19 [ 471.893383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 471.893394] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 471.893406] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 471.893414] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 471.893421] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 471.893428] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 471.893435] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 471.893452] 00:47:52 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018", 0x8c, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:52 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 20) 00:47:52 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 12) [ 472.007146] FAULT_INJECTION: forcing a failure. [ 472.007146] name failslab, interval 1, probability 0, space 0, times 0 [ 472.015286] CPU: 0 UID: 0 PID: 5339 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 472.015304] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 472.015311] Call Trace: [ 472.015315] [ 472.015320] dump_stack_lvl+0xfa/0x120 [ 472.015341] should_fail_ex+0x4d7/0x5e0 [ 472.015363] ? mas_preallocate+0xb3d/0xd90 [ 472.015378] should_failslab+0xc2/0x120 [ 472.015393] kmem_cache_alloc_noprof+0x80/0x760 [ 472.015416] ? mas_preallocate+0xb3d/0xd90 [ 472.015430] mas_preallocate+0xb3d/0xd90 [ 472.015449] ? __pfx_mas_preallocate+0x10/0x10 [ 472.015471] ? lockdep_init_map_type+0x4b/0x220 [ 472.015492] __split_vma+0x304/0xdc0 [ 472.015511] ? __pfx___split_vma+0x10/0x10 [ 472.015525] ? lock_is_held_type+0x9e/0x120 [ 472.015540] ? get_old_pud+0xc4/0x390 [ 472.015559] ? move_page_tables+0xf0e/0x28b0 [ 472.015580] vms_gather_munmap_vmas+0x178/0xc80 [ 472.015602] do_vmi_align_munmap+0x265/0x550 [ 472.015620] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 472.015646] ? mtree_range_walk+0x74a/0xb90 [ 472.015668] ? mas_walk+0x6ba/0x8c0 [ 472.015686] do_vmi_munmap+0x1eb/0x3c0 [ 472.015705] move_vma+0xa1f/0x1930 [ 472.015726] ? __pfx_move_vma+0x10/0x10 [ 472.015753] ? vrm_set_new_addr+0x210/0x2a0 [ 472.015777] mremap_to+0x1c3/0x450 [ 472.015795] __do_sys_mremap+0xb2d/0x1540 [ 472.015815] ? ksys_write+0x187/0x240 [ 472.015827] ? lock_release+0xc8/0x270 [ 472.015842] ? __pfx___do_sys_mremap+0x10/0x10 [ 472.015865] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 472.015879] ? __fget_files+0x20d/0x3b0 [ 472.015901] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 472.015917] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 472.015937] do_syscall_64+0xbf/0x420 [ 472.015951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.015964] RIP: 0033:0x7f0ac06b9b19 [ 472.015974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 472.015985] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 472.015998] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 472.016006] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 472.016013] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 472.016020] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 472.016027] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 472.016044] 00:47:52 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000", 0x96, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:47:52 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:48:01 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(0xffffffffffffffff, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:48:01 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:01 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018", 0x8c, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:01 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 21) 00:48:01 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000", 0x96, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:01 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 13) 00:48:01 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:48:01 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 481.057848] FAULT_INJECTION: forcing a failure. [ 481.057848] name failslab, interval 1, probability 0, space 0, times 0 [ 481.060872] CPU: 0 UID: 0 PID: 5357 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 481.060888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 481.060896] Call Trace: [ 481.060900] [ 481.060904] dump_stack_lvl+0xfa/0x120 [ 481.060925] should_fail_ex+0x4d7/0x5e0 [ 481.060947] ? mas_preallocate+0xb3d/0xd90 [ 481.060963] should_failslab+0xc2/0x120 [ 481.060978] kmem_cache_alloc_noprof+0x80/0x760 [ 481.061001] ? mas_preallocate+0xb3d/0xd90 [ 481.061015] mas_preallocate+0xb3d/0xd90 [ 481.061033] ? __pfx_mas_preallocate+0x10/0x10 [ 481.061060] ? lockdep_init_map_type+0x4b/0x220 [ 481.061081] __split_vma+0x304/0xdc0 [ 481.061101] ? __pfx___split_vma+0x10/0x10 [ 481.061121] ? __pfx_mas_prev+0x10/0x10 [ 481.061140] vms_gather_munmap_vmas+0x340/0xc80 [ 481.061161] do_vmi_align_munmap+0x265/0x550 [ 481.061180] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 481.061216] ? mas_walk+0x6ba/0x8c0 [ 481.061235] do_vmi_munmap+0x1eb/0x3c0 [ 481.061253] move_vma+0xa1f/0x1930 [ 481.061276] ? __pfx_move_vma+0x10/0x10 [ 481.061303] ? vrm_set_new_addr+0x210/0x2a0 [ 481.061322] mremap_to+0x1c3/0x450 [ 481.061341] __do_sys_mremap+0xb2d/0x1540 [ 481.061360] ? ksys_write+0x187/0x240 [ 481.061373] ? lock_release+0xc8/0x270 [ 481.061388] ? __pfx___do_sys_mremap+0x10/0x10 [ 481.061410] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 481.061425] ? __fget_files+0x20d/0x3b0 [ 481.061447] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 481.061463] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 481.061482] do_syscall_64+0xbf/0x420 [ 481.061497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.061511] RIP: 0033:0x7f0ac06b9b19 [ 481.061520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 481.061532] RSP: 002b:00007f0abdc2f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 481.061544] RAX: ffffffffffffffda RBX: 00007f0ac07ccf60 RCX: 00007f0ac06b9b19 [ 481.061552] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 481.061559] RBP: 00007f0abdc2f1d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 481.061566] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 481.061573] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 481.061591] [ 481.071124] loop1: detected capacity change from 0 to 264192 00:48:01 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 22) [ 481.118622] loop4: detected capacity change from 0 to 264192 00:48:01 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 23) 00:48:01 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r1, 0x0}]) 00:48:01 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:01 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 14) [ 481.202584] isofs_fill_super: get root inode failed 00:48:01 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700"/120, 0x78, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 481.272406] isofs_fill_super: get root inode failed [ 481.276243] loop4: detected capacity change from 0 to 264192 00:48:01 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:01 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0xa, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 481.323922] ISOFS: Logical zone size(0) < hardware blocksize(1024) 00:48:13 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 15) 00:48:13 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 24) 00:48:13 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000", 0x96, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:13 executing program 3: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000", 0x96, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:13 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(0xffffffffffffffff, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:48:13 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x5, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:13 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:48:13 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 492.559876] FAULT_INJECTION: forcing a failure. [ 492.559876] name failslab, interval 1, probability 0, space 0, times 0 [ 492.565845] CPU: 1 UID: 0 PID: 5395 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 492.565883] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 492.565898] Call Trace: [ 492.565909] [ 492.565924] dump_stack_lvl+0xfa/0x120 [ 492.565965] should_fail_ex+0x4d7/0x5e0 [ 492.566012] ? vm_area_dup+0x25/0x700 [ 492.566052] should_failslab+0xc2/0x120 [ 492.566082] kmem_cache_alloc_noprof+0x80/0x760 [ 492.566118] ? vma_expand+0x69f/0xde0 [ 492.566164] ? vm_area_dup+0x25/0x700 [ 492.566203] vm_area_dup+0x25/0x700 [ 492.566246] __split_vma+0x179/0xdc0 [ 492.566284] ? lock_acquire+0x15e/0x2d0 [ 492.566318] ? __pfx___split_vma+0x10/0x10 [ 492.566350] ? lock_is_held_type+0x9e/0x120 [ 492.566382] ? get_old_pud+0xc4/0x390 [ 492.566425] ? move_page_tables+0xf0e/0x28b0 [ 492.566474] vms_gather_munmap_vmas+0x178/0xc80 [ 492.566522] do_vmi_align_munmap+0x265/0x550 [ 492.566564] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 492.566623] ? mtree_range_walk+0x74a/0xb90 [ 492.566671] ? mas_walk+0x6ba/0x8c0 [ 492.566713] do_vmi_munmap+0x1eb/0x3c0 [ 492.566756] move_vma+0xa1f/0x1930 [ 492.566827] ? __pfx_move_vma+0x10/0x10 [ 492.566889] ? vrm_set_new_addr+0x210/0x2a0 [ 492.566934] mremap_to+0x1c3/0x450 [ 492.566977] __do_sys_mremap+0xb2d/0x1540 [ 492.567021] ? ksys_write+0x187/0x240 [ 492.567047] ? lock_release+0xc8/0x270 [ 492.567082] ? __pfx___do_sys_mremap+0x10/0x10 [ 492.567133] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 492.567166] ? __fget_files+0x20d/0x3b0 [ 492.567215] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 492.567249] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 492.567294] do_syscall_64+0xbf/0x420 [ 492.567329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.567357] RIP: 0033:0x7f2a1774eb19 [ 492.567378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 492.567403] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 492.567429] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 492.567447] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 492.567463] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 492.567496] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 492.567512] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 492.567552] [ 492.655355] loop1: detected capacity change from 0 to 264192 [ 492.658968] loop3: detected capacity change from 0 to 264192 00:48:13 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 25) [ 492.744439] FAULT_INJECTION: forcing a failure. [ 492.744439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 492.746205] CPU: 1 UID: 0 PID: 5410 Comm: syz-executor.7 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 492.746234] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 492.746246] Call Trace: [ 492.746254] [ 492.746262] dump_stack_lvl+0xfa/0x120 [ 492.746293] should_fail_ex+0x4d7/0x5e0 [ 492.746334] _copy_to_user+0x32/0xd0 [ 492.746372] simple_read_from_buffer+0xe0/0x180 [ 492.746411] proc_fail_nth_read+0x18a/0x240 [ 492.746442] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 492.746471] ? security_file_permission+0x22/0x90 [ 492.746498] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 492.746526] vfs_read+0x1eb/0xc70 [ 492.746565] ? __pfx___mutex_lock+0x10/0x10 [ 492.746587] ? __fget_files+0x34/0x3b0 [ 492.746609] ? __pfx_vfs_read+0x10/0x10 [ 492.746645] ? lock_release+0xc8/0x270 [ 492.746679] ? __fget_files+0x20d/0x3b0 [ 492.746713] ksys_read+0x121/0x240 [ 492.746733] ? __pfx_ksys_read+0x10/0x10 [ 492.746753] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 492.746789] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 492.746826] do_syscall_64+0xbf/0x420 [ 492.746853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.746876] RIP: 0033:0x7f0ac066c69c [ 492.746894] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 492.746914] RSP: 002b:00007f0abdc2f170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 492.746936] RAX: ffffffffffffffda RBX: 0000000020ff7000 RCX: 00007f0ac066c69c [ 492.746950] RDX: 000000000000000f RSI: 00007f0abdc2f1e0 RDI: 0000000000000003 [ 492.746963] RBP: 00007f0abdc2f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 492.746976] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 492.746988] R13: 00007ffedc3f736f R14: 00007f0abdc2f300 R15: 0000000000022000 [ 492.747021] 00:48:13 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x6, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:13 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 492.810302] isofs_fill_super: get root inode failed [ 492.910185] isofs_fill_super: get root inode failed 00:48:25 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 16) 00:48:25 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:48:25 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x7, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:25 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) (fail_nth: 1) 00:48:25 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:48:25 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000", 0x9b, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:25 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{0x0, 0x0, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:25 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 505.532515] loop4: detected capacity change from 0 to 264192 [ 505.549278] loop1: detected capacity change from 0 to 264192 [ 505.553673] FAULT_INJECTION: forcing a failure. [ 505.553673] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 505.555382] CPU: 1 UID: 0 PID: 5434 Comm: syz-executor.3 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 505.555410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 505.555423] Call Trace: [ 505.555430] [ 505.555439] dump_stack_lvl+0xfa/0x120 [ 505.555469] should_fail_ex+0x4d7/0x5e0 [ 505.555509] _copy_from_user+0x30/0xd0 [ 505.555546] io_submit_one+0x8e/0x1a90 [ 505.555578] ? perf_trace_lock+0xbb/0x4f0 [ 505.555607] ? __lock_acquire+0x451/0x2250 [ 505.555653] ? __pfx_io_submit_one+0x10/0x10 [ 505.555685] ? lock_acquire+0x15e/0x2d0 [ 505.555711] ? __might_fault+0xe0/0x190 [ 505.555734] ? find_held_lock+0x2b/0x80 [ 505.555774] ? __might_fault+0x138/0x190 [ 505.555795] ? lock_release+0xc8/0x270 [ 505.555823] ? __might_fault+0xe0/0x190 [ 505.555849] __x64_sys_io_submit+0x182/0x2e0 [ 505.555882] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 505.555911] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 505.555943] ? ksys_write+0x1a3/0x240 [ 505.555964] ? __pfx_ksys_write+0x10/0x10 [ 505.555995] do_syscall_64+0xbf/0x420 [ 505.556022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.556045] RIP: 0033:0x7fa2467f5b19 [ 505.556062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 505.556082] RSP: 002b:00007fa243d6b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 505.556103] RAX: ffffffffffffffda RBX: 00007fa246908f60 RCX: 00007fa2467f5b19 [ 505.556118] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007fa243d0a000 [ 505.556131] RBP: 00007fa243d6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 505.556144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 505.556156] R13: 00007ffdea4ffa7f R14: 00007fa243d6b300 R15: 0000000000022000 [ 505.556188] [ 505.607660] ISOFS: Unable to identify CD-ROM format. [ 505.696302] isofs_fill_super: get root inode failed 00:48:39 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 17) 00:48:39 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 00:48:39 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000", 0x9b, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:39 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:39 executing program 4: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x7, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:39 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:48:39 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x900, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:48:39 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) (fail_nth: 2) [ 518.891018] FAULT_INJECTION: forcing a failure. [ 518.891018] name failslab, interval 1, probability 0, space 0, times 0 [ 518.898479] CPU: 0 UID: 0 PID: 5459 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 518.898509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 518.898522] Call Trace: [ 518.898530] [ 518.898538] dump_stack_lvl+0xfa/0x120 [ 518.898568] should_fail_ex+0x4d7/0x5e0 [ 518.898608] ? mas_preallocate+0xb3d/0xd90 [ 518.898634] should_failslab+0xc2/0x120 [ 518.898659] kmem_cache_alloc_noprof+0x80/0x760 [ 518.898701] ? mas_preallocate+0xb3d/0xd90 [ 518.898727] mas_preallocate+0xb3d/0xd90 [ 518.898761] ? __pfx_mas_preallocate+0x10/0x10 [ 518.898810] ? lockdep_init_map_type+0x4b/0x220 [ 518.898848] __split_vma+0x304/0xdc0 [ 518.898882] ? __pfx___split_vma+0x10/0x10 [ 518.898908] ? lock_is_held_type+0x9e/0x120 [ 518.898934] ? get_old_pud+0xc4/0x390 [ 518.898970] ? move_page_tables+0xf0e/0x28b0 [ 518.899009] vms_gather_munmap_vmas+0x178/0xc80 [ 518.899049] do_vmi_align_munmap+0x265/0x550 [ 518.899083] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 518.899131] ? mtree_range_walk+0x74a/0xb90 [ 518.899171] ? mas_walk+0x6ba/0x8c0 [ 518.899205] do_vmi_munmap+0x1eb/0x3c0 [ 518.899244] move_vma+0xa1f/0x1930 [ 518.899283] ? __pfx_move_vma+0x10/0x10 [ 518.899333] ? vrm_set_new_addr+0x210/0x2a0 [ 518.899370] mremap_to+0x1c3/0x450 [ 518.899405] __do_sys_mremap+0xb2d/0x1540 [ 518.899441] ? ksys_write+0x187/0x240 [ 518.899463] ? lock_release+0xc8/0x270 [ 518.899491] ? __pfx___do_sys_mremap+0x10/0x10 [ 518.899533] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 518.899559] ? __fget_files+0x20d/0x3b0 [ 518.899599] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 518.899627] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 518.899664] do_syscall_64+0xbf/0x420 [ 518.899691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.899714] RIP: 0033:0x7f2a1774eb19 [ 518.899731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 518.899751] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 518.899785] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 518.899800] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 518.899813] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 518.899827] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 518.899839] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 518.899872] [ 518.953579] loop1: detected capacity change from 0 to 264192 [ 518.961563] FAULT_INJECTION: forcing a failure. [ 518.961563] name failslab, interval 1, probability 0, space 0, times 0 [ 518.965715] CPU: 1 UID: 0 PID: 5463 Comm: syz-executor.3 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 518.965745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 00:48:39 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 00:48:39 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0xa00, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 518.965758] Call Trace: [ 518.965766] [ 518.965782] dump_stack_lvl+0xfa/0x120 [ 518.965816] should_fail_ex+0x4d7/0x5e0 [ 518.965856] ? io_submit_one+0xfa/0x1a90 [ 518.965884] should_failslab+0xc2/0x120 [ 518.965910] kmem_cache_alloc_noprof+0x80/0x760 [ 518.965952] ? io_submit_one+0xfa/0x1a90 [ 518.965978] io_submit_one+0xfa/0x1a90 [ 518.966008] ? perf_trace_lock+0xbb/0x4f0 [ 518.966037] ? __lock_acquire+0x451/0x2250 [ 518.966071] ? __pfx_io_submit_one+0x10/0x10 [ 518.966103] ? lock_acquire+0x15e/0x2d0 [ 518.966128] ? __might_fault+0xe0/0x190 [ 518.966156] ? lock_release+0xc8/0x270 [ 518.966183] ? __might_fault+0xe0/0x190 [ 518.966210] __x64_sys_io_submit+0x182/0x2e0 [ 518.966242] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 518.966271] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 518.966303] ? ksys_write+0x1a3/0x240 [ 518.966324] ? __pfx_ksys_write+0x10/0x10 [ 518.966356] do_syscall_64+0xbf/0x420 [ 518.966383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.966406] RIP: 0033:0x7fa2467f5b19 00:48:39 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 518.966423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 00:48:39 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0xb00, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 518.966444] RSP: 002b:00007fa243d6b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 518.966466] RAX: ffffffffffffffda RBX: 00007fa246908f60 RCX: 00007fa2467f5b19 [ 518.966480] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007fa243d0a000 [ 518.966494] RBP: 00007fa243d6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 518.966507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 518.966520] R13: 00007ffdea4ffa7f R14: 00007fa243d6b300 R15: 0000000000022000 [ 518.966552] [ 519.076983] isofs_fill_super: get root inode failed 00:48:39 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000", 0x9b, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:39 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 18) 00:48:39 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 00:48:39 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) (fail_nth: 3) [ 519.250377] loop1: detected capacity change from 0 to 264192 00:48:39 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000", 0x9b, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:39 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1002, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 519.315061] loop4: detected capacity change from 0 to 264192 [ 519.410454] isofs_fill_super: get root inode failed [ 519.418546] isofs_fill_super: get root inode failed 00:48:51 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 19) 00:48:51 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1003, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:48:51 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) (fail_nth: 4) 00:48:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700), 0x0, 0x0, 0x0) 00:48:51 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x10, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:51 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:48:51 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b7000000000000000000000000000000000000000000000000000000000000000001000001010000010008080018000000000000181300000000000000000000150000000022", 0x9d, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:48:51 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, 0xffffffffffffffff, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 530.650079] loop1: detected capacity change from 0 to 264192 [ 530.673226] isofs_fill_super: get root inode failed [ 530.682997] FAULT_INJECTION: forcing a failure. [ 530.682997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 530.685662] CPU: 1 UID: 0 PID: 5498 Comm: syz-executor.3 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 530.685679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 530.685687] Call Trace: [ 530.685691] [ 530.685696] dump_stack_lvl+0xfa/0x120 [ 530.685718] should_fail_ex+0x4d7/0x5e0 [ 530.685743] _copy_from_user+0x30/0xd0 [ 530.685769] io_submit_one+0x8e/0x1a90 [ 530.685791] ? perf_trace_lock+0xbb/0x4f0 [ 530.685810] ? __lock_acquire+0x451/0x2250 [ 530.685829] ? __pfx_io_submit_one+0x10/0x10 [ 530.685848] ? lock_acquire+0x15e/0x2d0 [ 530.685863] ? __might_fault+0xe0/0x190 [ 530.685877] ? find_held_lock+0x2b/0x80 [ 530.685898] ? __might_fault+0x138/0x190 [ 530.685910] ? lock_release+0xc8/0x270 [ 530.685926] ? __might_fault+0xe0/0x190 [ 530.685941] __x64_sys_io_submit+0x182/0x2e0 [ 530.685960] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 530.685977] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 530.685996] ? ksys_write+0x1a3/0x240 [ 530.686009] ? __pfx_ksys_write+0x10/0x10 [ 530.686027] do_syscall_64+0xbf/0x420 [ 530.686044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.686058] RIP: 0033:0x7fa2467f5b19 [ 530.686068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 530.686080] RSP: 002b:00007fa243d6b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 530.686092] RAX: ffffffffffffffda RBX: 00007fa246908f60 RCX: 00007fa2467f5b19 [ 530.686101] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007fa243d0a000 [ 530.686109] RBP: 00007fa243d6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 530.686116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 530.686124] R13: 00007ffdea4ffa7f R14: 00007fa243d6b300 R15: 0000000000022000 [ 530.686142] 00:48:51 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b7000000000000000000000000000000000000000000000000000000000000000001000001010000010008080018000000000000181300000000000000000000150000000022", 0x9d, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 530.740697] FAULT_INJECTION: forcing a failure. [ 530.740697] name failslab, interval 1, probability 0, space 0, times 0 [ 530.745889] CPU: 0 UID: 0 PID: 5509 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 530.745926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 530.745940] Call Trace: [ 530.745948] [ 530.745958] dump_stack_lvl+0xfa/0x120 [ 530.745991] should_fail_ex+0x4d7/0x5e0 [ 530.746033] ? vm_area_dup+0x25/0x700 [ 530.746069] should_failslab+0xc2/0x120 [ 530.746095] kmem_cache_alloc_noprof+0x80/0x760 [ 530.746140] ? vm_area_dup+0x25/0x700 [ 530.746175] vm_area_dup+0x25/0x700 [ 530.746213] __split_vma+0x179/0xdc0 [ 530.746250] ? __pfx___split_vma+0x10/0x10 [ 530.746291] ? __pfx_mas_prev+0x10/0x10 [ 530.746329] vms_gather_munmap_vmas+0x340/0xc80 [ 530.746372] do_vmi_align_munmap+0x265/0x550 [ 530.746409] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 530.746482] ? mas_walk+0x6ba/0x8c0 [ 530.746520] do_vmi_munmap+0x1eb/0x3c0 [ 530.746557] move_vma+0xa1f/0x1930 [ 530.746600] ? __pfx_move_vma+0x10/0x10 [ 530.746654] ? vrm_set_new_addr+0x210/0x2a0 [ 530.746693] mremap_to+0x1c3/0x450 [ 530.746732] __do_sys_mremap+0xb2d/0x1540 [ 530.746778] ? ksys_write+0x187/0x240 [ 530.746801] ? lock_release+0xc8/0x270 [ 530.746833] ? __pfx___do_sys_mremap+0x10/0x10 [ 530.746878] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 530.746907] ? __fget_files+0x20d/0x3b0 [ 530.746950] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 530.746980] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 530.747019] do_syscall_64+0xbf/0x420 [ 530.747049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.747074] RIP: 0033:0x7f2a1774eb19 [ 530.747092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 530.747114] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 530.747137] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 530.747153] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 530.747167] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 530.747182] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 530.747195] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 530.747230] [ 530.796452] loop1: detected capacity change from 0 to 264192 [ 530.842243] isofs_fill_super: get root inode failed 00:48:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700), 0x0, 0x0, 0x0) 00:48:51 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x41, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:48:51 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1004, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:48:51 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) (fail_nth: 5) 00:48:51 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 20) 00:48:51 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b7000000000000000000000000000000000000000000000000000000000000000001000001010000010008080018000000000000181300000000000000000000150000000022", 0x9d, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 530.908516] FAULT_INJECTION: forcing a failure. [ 530.908516] name failslab, interval 1, probability 0, space 0, times 0 [ 530.909460] CPU: 1 UID: 0 PID: 5518 Comm: syz-executor.3 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 530.909476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 530.909483] Call Trace: [ 530.909488] [ 530.909493] dump_stack_lvl+0xfa/0x120 [ 530.909512] should_fail_ex+0x4d7/0x5e0 [ 530.909535] ? io_submit_one+0xfa/0x1a90 [ 530.909551] should_failslab+0xc2/0x120 [ 530.909566] kmem_cache_alloc_noprof+0x80/0x760 [ 530.909589] ? io_submit_one+0xfa/0x1a90 [ 530.909603] io_submit_one+0xfa/0x1a90 [ 530.909619] ? perf_trace_lock+0xbb/0x4f0 [ 530.909636] ? __lock_acquire+0x451/0x2250 [ 530.909654] ? __pfx_io_submit_one+0x10/0x10 [ 530.909671] ? lock_acquire+0x15e/0x2d0 [ 530.909685] ? __might_fault+0xe0/0x190 [ 530.909700] ? lock_release+0xc8/0x270 [ 530.909715] ? __might_fault+0xe0/0x190 [ 530.909730] __x64_sys_io_submit+0x182/0x2e0 [ 530.909747] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 530.909763] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 530.909785] ? ksys_write+0x1a3/0x240 [ 530.909797] ? __pfx_ksys_write+0x10/0x10 [ 530.909814] do_syscall_64+0xbf/0x420 [ 530.909829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.909842] RIP: 0033:0x7fa2467f5b19 [ 530.909852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 530.909864] RSP: 002b:00007fa243d6b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 530.909876] RAX: ffffffffffffffda RBX: 00007fa246908f60 RCX: 00007fa2467f5b19 [ 530.909884] RDX: 00000000200004c0 RSI: 0000000000000002 RDI: 00007fa243d0a000 [ 530.909892] RBP: 00007fa243d6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 530.909899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 530.909906] R13: 00007ffdea4ffa7f R14: 00007fa243d6b300 R15: 0000000000022000 [ 530.909923] 00:48:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700), 0x0, 0x0, 0x0) 00:48:51 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfe, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 531.019524] loop1: detected capacity change from 0 to 264192 [ 531.158879] isofs_fill_super: get root inode failed 00:49:01 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) (fail_nth: 6) 00:49:01 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1005, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:01 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 21) 00:49:01 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x300, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:01 executing program 5: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b7000000000000000000000000000000000000000000000000000000000000000001000001010000010008080018000000000000181300000000000000000000150000000022", 0x9d, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:49:01 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000002200", 0x9e, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:49:01 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:49:01 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000", 0x9b, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 541.116640] FAULT_INJECTION: forcing a failure. [ 541.116640] name failslab, interval 1, probability 0, space 0, times 0 [ 541.117558] CPU: 1 UID: 0 PID: 5538 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 541.117573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 541.117582] Call Trace: [ 541.117586] [ 541.117592] dump_stack_lvl+0xfa/0x120 [ 541.117612] should_fail_ex+0x4d7/0x5e0 [ 541.117635] ? mas_preallocate+0xb3d/0xd90 [ 541.117650] should_failslab+0xc2/0x120 [ 541.117665] kmem_cache_alloc_noprof+0x80/0x760 [ 541.117689] ? mas_preallocate+0xb3d/0xd90 [ 541.117703] mas_preallocate+0xb3d/0xd90 [ 541.117722] ? __pfx_mas_preallocate+0x10/0x10 [ 541.117744] ? lockdep_init_map_type+0x4b/0x220 [ 541.117769] __split_vma+0x304/0xdc0 [ 541.117789] ? __pfx___split_vma+0x10/0x10 [ 541.117809] ? __pfx_mas_prev+0x10/0x10 [ 541.117828] vms_gather_munmap_vmas+0x340/0xc80 [ 541.117849] do_vmi_align_munmap+0x265/0x550 [ 541.117868] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 541.117904] ? mas_walk+0x6ba/0x8c0 [ 541.117923] do_vmi_munmap+0x1eb/0x3c0 [ 541.117942] move_vma+0xa1f/0x1930 [ 541.117964] ? __pfx_move_vma+0x10/0x10 [ 541.117992] ? vrm_set_new_addr+0x210/0x2a0 [ 541.118011] mremap_to+0x1c3/0x450 [ 541.118030] __do_sys_mremap+0xb2d/0x1540 [ 541.118050] ? ksys_write+0x187/0x240 [ 541.118062] ? lock_release+0xc8/0x270 [ 541.118079] ? __pfx___do_sys_mremap+0x10/0x10 [ 541.118105] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 541.118121] ? __fget_files+0x20d/0x3b0 [ 541.118143] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 541.118159] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 541.118179] do_syscall_64+0xbf/0x420 [ 541.118194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.118207] RIP: 0033:0x7f2a1774eb19 [ 541.118217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 541.118228] RSP: 002b:00007f2a14cc4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 541.118240] RAX: ffffffffffffffda RBX: 00007f2a17861f60 RCX: 00007f2a1774eb19 [ 541.118248] RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 541.118256] RBP: 00007f2a14cc41d0 R08: 0000000020ff7000 R09: 0000000000000000 [ 541.118263] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 541.118270] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 541.118288] [ 541.167948] loop1: detected capacity change from 0 to 264192 [ 541.173417] loop5: detected capacity change from 0 to 264192 [ 541.181615] loop4: detected capacity change from 0 to 264192 [ 541.208317] isofs_fill_super: get root inode failed 00:49:01 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 22) 00:49:01 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x500, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:01 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1006, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:01 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000002200", 0x9e, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:49:01 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 541.310199] isofs_fill_super: get root inode failed [ 541.313344] isofs_fill_super: get root inode failed [ 541.342437] loop1: detected capacity change from 0 to 264192 00:49:01 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) (fail_nth: 7) 00:49:01 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 23) 00:49:01 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) [ 541.440633] isofs_fill_super: get root inode failed [ 541.450229] FAULT_INJECTION: forcing a failure. [ 541.450229] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 541.456097] CPU: 1 UID: 0 PID: 5567 Comm: syz-executor.3 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 541.456115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 541.456123] Call Trace: [ 541.456127] [ 541.456132] dump_stack_lvl+0xfa/0x120 [ 541.456153] should_fail_ex+0x4d7/0x5e0 [ 541.456176] _copy_to_user+0x32/0xd0 [ 541.456197] simple_read_from_buffer+0xe0/0x180 [ 541.456220] proc_fail_nth_read+0x18a/0x240 [ 541.456237] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 541.456253] ? security_file_permission+0x22/0x90 [ 541.456269] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 541.456284] vfs_read+0x1eb/0xc70 [ 541.456306] ? __pfx___mutex_lock+0x10/0x10 [ 541.456318] ? __fget_files+0x34/0x3b0 [ 541.456331] ? __pfx_vfs_read+0x10/0x10 [ 541.456351] ? lock_release+0xc8/0x270 [ 541.456371] ? __fget_files+0x20d/0x3b0 [ 541.456389] ksys_read+0x121/0x240 [ 541.456400] ? __pfx_ksys_read+0x10/0x10 [ 541.456417] do_syscall_64+0xbf/0x420 [ 541.456432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.456445] RIP: 0033:0x7fa2467a869c [ 541.456455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 541.456467] RSP: 002b:00007fa243d6b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 541.456480] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa2467a869c [ 541.456488] RDX: 000000000000000f RSI: 00007fa243d6b1e0 RDI: 0000000000000005 [ 541.456495] RBP: 00007fa243d6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 541.456502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.456509] R13: 00007ffdea4ffa7f R14: 00007fa243d6b300 R15: 0000000000022000 [ 541.456527] 00:49:12 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:12 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1007, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:12 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 00:49:12 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 24) 00:49:12 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 1) 00:49:12 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x600, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:12 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) 00:49:12 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000002200", 0x9e, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 551.681587] FAULT_INJECTION: forcing a failure. [ 551.681587] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 551.682812] CPU: 0 UID: 0 PID: 5579 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 551.682831] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 551.682843] Call Trace: [ 551.682849] [ 551.682855] dump_stack_lvl+0xfa/0x120 [ 551.682879] should_fail_ex+0x4d7/0x5e0 [ 551.682906] _copy_from_user+0x30/0xd0 [ 551.682932] copy_msghdr_from_user+0x88/0x150 [ 551.682955] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 551.682974] ? __pfx__kstrtoull+0x10/0x10 [ 551.682995] ? perf_trace_lock+0xbb/0x4f0 [ 551.683015] ? __lock_acquire+0x451/0x2250 [ 551.683039] ___sys_recvmsg+0xbb/0x190 [ 551.683061] ? __pfx____sys_recvmsg+0x10/0x10 [ 551.683081] ? lock_acquire+0x15e/0x2d0 [ 551.683098] ? __fget_files+0x34/0x3b0 [ 551.683114] ? find_held_lock+0x2b/0x80 [ 551.683138] ? __fget_files+0x203/0x3b0 [ 551.683152] ? lock_release+0xc8/0x270 [ 551.683174] ? __fget_files+0x20d/0x3b0 [ 551.683196] do_recvmmsg+0x2c5/0x6f0 [ 551.683221] ? __pfx_do_recvmmsg+0x10/0x10 [ 551.683239] ? ksys_write+0x187/0x240 [ 551.683253] ? lock_release+0xc8/0x270 [ 551.683274] ? __mutex_unlock_slowpath+0x157/0x740 [ 551.683289] ? kernel_write+0x593/0x660 [ 551.683305] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 551.683323] ? __fget_files+0x20d/0x3b0 [ 551.683345] __x64_sys_recvmmsg+0x211/0x260 [ 551.683366] ? ksys_write+0x1a3/0x240 [ 551.683379] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 551.683399] ? irqentry_exit+0xee/0x650 [ 551.683413] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 551.683433] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 551.683457] do_syscall_64+0xbf/0x420 [ 551.683476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.683492] RIP: 0033:0x7f4b915d8b19 [ 551.683504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 551.683518] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 551.683533] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 551.683543] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 551.683551] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 551.683560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 551.683569] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 551.683590] [ 551.753931] loop1: detected capacity change from 0 to 264192 00:49:12 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0xa, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:12 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 2) 00:49:12 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) (fail_nth: 1) 00:49:12 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) (fail_nth: 25) 00:49:12 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1021, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 551.859940] FAULT_INJECTION: forcing a failure. [ 551.859940] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:49:12 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) [ 551.861181] CPU: 0 UID: 0 PID: 5595 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 551.861201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 551.861210] Call Trace: [ 551.861215] [ 551.861222] dump_stack_lvl+0xfa/0x120 [ 551.861245] should_fail_ex+0x4d7/0x5e0 [ 551.861273] _copy_from_user+0x30/0xd0 [ 551.861299] copy_msghdr_from_user+0x88/0x150 [ 551.861321] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 551.861340] ? __pfx__kstrtoull+0x10/0x10 [ 551.861358] ? kfree+0x2c5/0x5d0 [ 551.861380] ? __lock_acquire+0x451/0x2250 [ 551.861405] ___sys_recvmsg+0xbb/0x190 [ 551.861425] ? __pfx____sys_recvmsg+0x10/0x10 [ 551.861446] ? __pfx_perf_trace_lock+0x10/0x10 [ 551.861469] ? lock_acquire+0x15e/0x2d0 [ 551.861487] ? __might_fault+0xe0/0x190 [ 551.861502] ? find_held_lock+0x2b/0x80 [ 551.861525] ? __might_fault+0x138/0x190 [ 551.861548] do_recvmmsg+0x2c5/0x6f0 [ 551.861572] ? __pfx_do_recvmmsg+0x10/0x10 [ 551.861590] ? ksys_write+0x187/0x240 [ 551.861607] ? perf_trace_lock+0xbb/0x4f0 [ 551.861625] ? __lock_acquire+0x451/0x2250 [ 551.861646] ? srso_alias_untrain_ret+0x1/0x10 [ 551.861670] ? lock_acquire+0x15e/0x2d0 [ 551.861692] __x64_sys_recvmmsg+0x211/0x260 [ 551.861713] ? lock_release+0xc8/0x270 [ 551.861731] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 551.861751] ? __might_fault+0xe0/0x190 [ 551.861771] ? __might_fault+0x151/0x190 [ 551.861789] do_syscall_64+0xbf/0x420 [ 551.861808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.861823] RIP: 0033:0x7f4b915d8b19 [ 551.861835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 551.861849] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 551.861864] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 551.861873] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 551.861882] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 551.861891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 551.861899] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 551.861921] [ 551.886338] FAULT_INJECTION: forcing a failure. [ 551.886338] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 551.887321] CPU: 0 UID: 0 PID: 5598 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 551.887336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 551.887343] Call Trace: [ 551.887347] [ 551.887352] dump_stack_lvl+0xfa/0x120 [ 551.887370] should_fail_ex+0x4d7/0x5e0 [ 551.887392] _copy_to_user+0x32/0xd0 [ 551.887413] simple_read_from_buffer+0xe0/0x180 [ 551.887435] proc_fail_nth_read+0x18a/0x240 [ 551.887452] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 551.887469] ? security_file_permission+0x22/0x90 [ 551.887485] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 551.887500] vfs_read+0x1eb/0xc70 [ 551.887521] ? __pfx___mutex_lock+0x10/0x10 [ 551.887533] ? __fget_files+0x34/0x3b0 [ 551.887545] ? __pfx_vfs_read+0x10/0x10 [ 551.887565] ? lock_release+0xc8/0x270 [ 551.887583] ? __fget_files+0x20d/0x3b0 [ 551.887602] ksys_read+0x121/0x240 [ 551.887613] ? __pfx_ksys_read+0x10/0x10 [ 551.887623] ? __might_fault+0xe0/0x190 [ 551.887636] ? __might_fault+0x151/0x190 [ 551.887651] do_syscall_64+0xbf/0x420 [ 551.887666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.887679] RIP: 0033:0x7f6ac6fb769c [ 551.887689] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 551.887700] RSP: 002b:00007f6ac457a170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 551.887712] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f6ac6fb769c [ 551.887720] RDX: 000000000000000f RSI: 00007f6ac457a1e0 RDI: 0000000000000004 [ 551.887727] RBP: 00007f6ac457a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 551.887734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 551.887740] R13: 00007ffd775f97ff R14: 00007f6ac457a300 R15: 0000000000022000 [ 551.887758] [ 551.918412] isofs_fill_super: get root inode failed 00:49:12 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x10b1, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:12 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x700, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 551.981242] FAULT_INJECTION: forcing a failure. [ 551.981242] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 551.983183] CPU: 1 UID: 0 PID: 5607 Comm: syz-executor.2 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 551.983211] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 551.983224] Call Trace: [ 551.983232] [ 551.983241] dump_stack_lvl+0xfa/0x120 [ 551.983273] should_fail_ex+0x4d7/0x5e0 [ 551.983314] _copy_to_user+0x32/0xd0 [ 551.983352] simple_read_from_buffer+0xe0/0x180 [ 551.983391] proc_fail_nth_read+0x18a/0x240 [ 551.983422] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 551.983450] ? security_file_permission+0x22/0x90 [ 551.983478] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 551.983505] vfs_read+0x1eb/0xc70 [ 551.983543] ? __pfx___mutex_lock+0x10/0x10 [ 551.983564] ? __fget_files+0x34/0x3b0 [ 551.983586] ? __pfx_vfs_read+0x10/0x10 [ 551.983622] ? lock_release+0xc8/0x270 [ 551.983655] ? __fget_files+0x20d/0x3b0 [ 551.983689] ksys_read+0x121/0x240 [ 551.983708] ? __pfx_ksys_read+0x10/0x10 [ 551.983726] ? __might_fault+0xe0/0x190 [ 551.983751] ? __might_fault+0x151/0x190 [ 551.983786] do_syscall_64+0xbf/0x420 [ 551.983814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.983837] RIP: 0033:0x7f2a1770169c [ 551.983855] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 551.983875] RSP: 002b:00007f2a14cc4170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 551.983897] RAX: ffffffffffffffda RBX: 0000000020ff7000 RCX: 00007f2a1770169c [ 551.983911] RDX: 000000000000000f RSI: 00007f2a14cc41e0 RDI: 0000000000000003 [ 551.983924] RBP: 00007f2a14cc41d0 R08: 0000000000000000 R09: 0000000000000000 [ 551.983937] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 551.983950] R13: 00007ffffd451e5f R14: 00007f2a14cc4300 R15: 0000000000022000 [ 551.983981] 00:49:12 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:12 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 3) 00:49:12 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:49:12 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x20ff7000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:12 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) 00:49:12 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x7fffdf003000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:12 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 552.138061] FAULT_INJECTION: forcing a failure. [ 552.138061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 552.142683] CPU: 0 UID: 0 PID: 5621 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 552.142701] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 552.142709] Call Trace: [ 552.142713] [ 552.142718] dump_stack_lvl+0xfa/0x120 [ 552.142740] should_fail_ex+0x4d7/0x5e0 [ 552.142768] _copy_from_user+0x30/0xd0 [ 552.142790] copy_msghdr_from_user+0x88/0x150 [ 552.142809] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 552.142824] ? __pfx__kstrtoull+0x10/0x10 [ 552.142839] ? kfree+0x2c5/0x5d0 [ 552.142857] ? __lock_acquire+0x451/0x2250 [ 552.142877] ___sys_recvmsg+0xbb/0x190 [ 552.142893] ? __pfx____sys_recvmsg+0x10/0x10 [ 552.142910] ? __pfx_perf_trace_lock+0x10/0x10 [ 552.142929] ? lock_acquire+0x15e/0x2d0 [ 552.142943] ? __might_fault+0xe0/0x190 [ 552.142956] ? find_held_lock+0x2b/0x80 [ 552.142974] ? __might_fault+0x138/0x190 [ 552.142992] do_recvmmsg+0x2c5/0x6f0 [ 552.143011] ? __pfx_do_recvmmsg+0x10/0x10 [ 552.143026] ? ksys_write+0x187/0x240 [ 552.143038] ? lock_release+0xc8/0x270 [ 552.143055] ? __mutex_unlock_slowpath+0x157/0x740 [ 552.143067] ? kernel_write+0x593/0x660 [ 552.143083] ? __fget_files+0x20d/0x3b0 [ 552.143101] __x64_sys_recvmmsg+0x211/0x260 [ 552.143119] ? ksys_write+0x1a3/0x240 [ 552.143129] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 552.143145] ? irqentry_exit+0xee/0x650 [ 552.143156] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 552.143172] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 552.143192] do_syscall_64+0xbf/0x420 [ 552.143207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.143220] RIP: 0033:0x7f4b915d8b19 [ 552.143229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 552.143240] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 552.143253] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 552.143261] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 552.143268] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 552.143275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.143281] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 552.143298] [ 552.155958] loop1: detected capacity change from 0 to 264192 [ 552.182948] __vm_enough_memory: pid: 5620, comm: syz-executor.7, bytes: 140736934703104 not enough memory for the allocation [ 552.251488] ISOFS: Unable to identify CD-ROM format. 00:49:21 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700), 0x0, 0x0, 0x0) 00:49:21 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:49:21 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:49:21 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x900, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:21 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:21 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x810, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:21 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 4) 00:49:21 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0xf, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 561.233338] loop1: detected capacity change from 0 to 264192 [ 561.346972] FAULT_INJECTION: forcing a failure. [ 561.346972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 561.356064] ISOFS: Unable to identify CD-ROM format. [ 561.397676] CPU: 1 UID: 0 PID: 5650 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 561.397713] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 561.397727] Call Trace: [ 561.397734] [ 561.397744] dump_stack_lvl+0xfa/0x120 [ 561.397786] should_fail_ex+0x4d7/0x5e0 [ 561.397829] _copy_from_user+0x30/0xd0 [ 561.397868] copy_msghdr_from_user+0x88/0x150 [ 561.397902] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 561.397932] ? __pfx__kstrtoull+0x10/0x10 [ 561.397961] ? kfree+0x2c5/0x5d0 [ 561.397996] ? __lock_acquire+0x451/0x2250 [ 561.398032] ___sys_recvmsg+0xbb/0x190 [ 561.398064] ? __pfx____sys_recvmsg+0x10/0x10 [ 561.398098] ? __pfx_perf_trace_lock+0x10/0x10 [ 561.398135] ? lock_acquire+0x15e/0x2d0 [ 561.398162] ? __might_fault+0xe0/0x190 [ 561.398186] ? find_held_lock+0x2b/0x80 [ 561.398223] ? __might_fault+0x138/0x190 [ 561.398259] do_recvmmsg+0x2c5/0x6f0 [ 561.398297] ? __pfx_do_recvmmsg+0x10/0x10 [ 561.398326] ? ksys_write+0x187/0x240 [ 561.398349] ? lock_release+0xc8/0x270 [ 561.398383] ? __mutex_unlock_slowpath+0x157/0x740 [ 561.398405] ? kernel_write+0x593/0x660 [ 561.398437] ? __fget_files+0x20d/0x3b0 [ 561.398472] __x64_sys_recvmmsg+0x211/0x260 [ 561.398506] ? ksys_write+0x1a3/0x240 [ 561.398527] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 561.398559] ? irqentry_exit+0xee/0x650 [ 561.398580] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 561.398610] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 561.398649] do_syscall_64+0xbf/0x420 [ 561.398677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.398702] RIP: 0033:0x7f4b915d8b19 [ 561.398721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 561.398743] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 561.398767] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 561.398783] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 561.398797] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 561.398811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 561.398824] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 561.398859] 00:49:32 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 5) 00:49:32 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0xa00, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:32 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x41, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:32 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4002, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:32 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700), 0x0, 0x0, 0x0) 00:49:32 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r2, 0x0) fcntl$dupfd(r0, 0x406, r2) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:49:32 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:32 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 572.048054] loop1: detected capacity change from 0 to 264192 00:49:32 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0xb00, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 572.111658] FAULT_INJECTION: forcing a failure. [ 572.111658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 572.118347] CPU: 0 UID: 0 PID: 5672 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 572.118381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 572.118395] Call Trace: [ 572.118403] [ 572.118412] dump_stack_lvl+0xfa/0x120 [ 572.118446] should_fail_ex+0x4d7/0x5e0 [ 572.118489] _copy_from_user+0x30/0xd0 [ 572.118528] copy_msghdr_from_user+0x88/0x150 [ 572.118562] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 572.118592] ? __pfx__kstrtoull+0x10/0x10 [ 572.118621] ? kfree+0x2c5/0x5d0 [ 572.118655] ? __lock_acquire+0x451/0x2250 [ 572.118692] ___sys_recvmsg+0xbb/0x190 [ 572.118723] ? __pfx____sys_recvmsg+0x10/0x10 [ 572.118757] ? __pfx_perf_trace_lock+0x10/0x10 [ 572.118803] ? lock_acquire+0x15e/0x2d0 [ 572.118831] ? __might_fault+0xe0/0x190 [ 572.118854] ? find_held_lock+0x2b/0x80 [ 572.118891] ? __might_fault+0x138/0x190 [ 572.118926] do_recvmmsg+0x2c5/0x6f0 [ 572.118965] ? __pfx_do_recvmmsg+0x10/0x10 [ 572.118993] ? ksys_write+0x187/0x240 [ 572.119024] ? perf_trace_lock+0xbb/0x4f0 [ 572.119052] ? __lock_acquire+0x451/0x2250 [ 572.119086] ? srso_alias_untrain_ret+0x1/0x10 [ 572.119123] ? lock_acquire+0x15e/0x2d0 [ 572.119157] __x64_sys_recvmmsg+0x211/0x260 [ 572.119190] ? lock_release+0xc8/0x270 [ 572.119218] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 572.119250] ? __might_fault+0xe0/0x190 [ 572.119274] ? __might_fault+0x151/0x190 [ 572.119303] do_syscall_64+0xbf/0x420 [ 572.119332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.119356] RIP: 0033:0x7f4b915d8b19 [ 572.119375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 572.119396] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 572.119420] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 572.119435] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 572.119449] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 572.119463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 572.119477] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 572.119511] [ 572.120194] ISOFS: Unable to identify CD-ROM format. 00:49:32 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4003, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:32 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1002, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:32 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4004, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:32 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x1008, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:32 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, 0x0) 00:49:32 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:32 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 6) [ 572.393308] FAULT_INJECTION: forcing a failure. [ 572.393308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 572.395450] CPU: 1 UID: 0 PID: 5699 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 572.395485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 572.395508] Call Trace: [ 572.395521] [ 572.395536] dump_stack_lvl+0xfa/0x120 [ 572.395586] should_fail_ex+0x4d7/0x5e0 [ 572.395658] _copy_from_user+0x30/0xd0 [ 572.395725] copy_msghdr_from_user+0x88/0x150 [ 572.395791] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 572.395845] ? __pfx__kstrtoull+0x10/0x10 [ 572.395896] ? kfree+0x2c5/0x5d0 [ 572.395953] ? __lock_acquire+0x451/0x2250 [ 572.396015] ___sys_recvmsg+0xbb/0x190 [ 572.396072] ? __pfx____sys_recvmsg+0x10/0x10 [ 572.396132] ? __pfx_perf_trace_lock+0x10/0x10 [ 572.396195] ? lock_acquire+0x15e/0x2d0 [ 572.396244] ? __might_fault+0xe0/0x190 [ 572.396278] ? find_held_lock+0x2b/0x80 [ 572.396320] ? __might_fault+0x138/0x190 [ 572.396383] do_recvmmsg+0x2c5/0x6f0 [ 572.396427] ? __pfx_do_recvmmsg+0x10/0x10 [ 572.396460] ? ksys_write+0x187/0x240 [ 572.396485] ? lock_release+0xc8/0x270 [ 572.396523] ? __mutex_unlock_slowpath+0x157/0x740 [ 572.396548] ? kernel_write+0x593/0x660 [ 572.396584] ? __fget_files+0x20d/0x3b0 [ 572.396623] __x64_sys_recvmmsg+0x211/0x260 [ 572.396661] ? ksys_write+0x1a3/0x240 [ 572.396684] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 572.396720] ? irqentry_exit+0xee/0x650 [ 572.396744] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 572.396778] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 572.396822] do_syscall_64+0xbf/0x420 [ 572.396854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.396881] RIP: 0033:0x7f4b915d8b19 [ 572.396902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 572.396927] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 572.396952] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 572.396970] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 572.396985] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 572.397001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 572.397016] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 572.397052] 00:49:45 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, 0x0) 00:49:45 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4005, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:45 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 7) 00:49:45 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3f00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:45 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:45 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1003, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:45 executing program 4: read(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) fdatasync(0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000080)="d1229376688a443d6b31d6d18bf95348356e2e6c88f982ddea3e5c880d6bf962b360f59d31b4c123730d941aef8610e0ceadbb65b8b9cd17391046bc87fbcb1e0a57534927d86f400c", 0x49) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400001, 0x0) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x4) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x1) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000100)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) 00:49:45 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700), 0x0, 0x0, 0x0) [ 584.625499] loop1: detected capacity change from 0 to 264192 [ 584.634516] FAULT_INJECTION: forcing a failure. [ 584.634516] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:49:45 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4006, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 584.644990] CPU: 0 UID: 0 PID: 5716 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 584.645019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 584.645031] Call Trace: [ 584.645038] [ 584.645045] dump_stack_lvl+0xfa/0x120 [ 584.645076] should_fail_ex+0x4d7/0x5e0 [ 584.645112] _copy_from_user+0x30/0xd0 [ 584.645147] copy_msghdr_from_user+0x88/0x150 [ 584.645176] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 584.645210] ? __pfx__kstrtoull+0x10/0x10 [ 584.645235] ? kfree+0x2c5/0x5d0 [ 584.645265] ? __lock_acquire+0x451/0x2250 [ 584.645296] ___sys_recvmsg+0xbb/0x190 [ 584.645323] ? __pfx____sys_recvmsg+0x10/0x10 [ 584.645352] ? __pfx_perf_trace_lock+0x10/0x10 [ 584.645384] ? lock_acquire+0x15e/0x2d0 [ 584.645407] ? __might_fault+0xe0/0x190 [ 584.645427] ? find_held_lock+0x2b/0x80 [ 584.645459] ? __might_fault+0x138/0x190 [ 584.645490] do_recvmmsg+0x2c5/0x6f0 [ 584.645522] ? __pfx_do_recvmmsg+0x10/0x10 [ 584.645547] ? ksys_write+0x187/0x240 [ 584.645567] ? lock_release+0xc8/0x270 [ 584.645595] ? __mutex_unlock_slowpath+0x157/0x740 [ 584.645615] ? kernel_write+0x593/0x660 [ 584.645642] ? __fget_files+0x20d/0x3b0 [ 584.645673] __x64_sys_recvmmsg+0x211/0x260 [ 584.645702] ? ksys_write+0x1a3/0x240 [ 584.645720] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 584.645747] ? irqentry_exit+0xee/0x650 [ 584.645765] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 584.645791] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 584.645825] do_syscall_64+0xbf/0x420 [ 584.645849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.645871] RIP: 0033:0x7f4b915d8b19 [ 584.645887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 584.645906] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 584.645926] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 584.645940] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 584.645952] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 584.645964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 584.645975] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 584.646004] 00:49:45 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:45 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x30, 0x8, 0x0, 0x2, 0x0, 0x80, 0x0, 0x0, 0x2}, 0x0, 0x7, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x80, 0xfe, 0x40, 0x7, 0x0, 0x0, 0x801a, 0x9, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_config_ext={0x100000001, 0x80000000}, 0x5a0e1, 0x3ff, 0x6, 0x3, 0x7, 0xfffffffc, 0x1000, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) fdatasync(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 00:49:45 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1004, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:45 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:45 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, 0x0) 00:49:45 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 8) 00:49:45 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4007, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 584.868540] loop1: detected capacity change from 0 to 264192 [ 584.894948] FAULT_INJECTION: forcing a failure. [ 584.894948] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 584.906068] CPU: 0 UID: 0 PID: 5738 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 584.906093] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 584.906104] Call Trace: [ 584.906110] [ 584.906116] dump_stack_lvl+0xfa/0x120 [ 584.906143] should_fail_ex+0x4d7/0x5e0 [ 584.906175] _copy_from_user+0x30/0xd0 [ 584.906204] copy_msghdr_from_user+0x88/0x150 [ 584.906230] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 584.906256] ? kfree+0x2c5/0x5d0 [ 584.906282] ? __lock_acquire+0x451/0x2250 [ 584.906309] ___sys_recvmsg+0xbb/0x190 [ 584.906332] ? __pfx____sys_recvmsg+0x10/0x10 [ 584.906357] ? __pfx_perf_trace_lock+0x10/0x10 [ 584.906384] ? lock_acquire+0x15e/0x2d0 [ 584.906404] ? __might_fault+0xe0/0x190 [ 584.906421] ? find_held_lock+0x2b/0x80 [ 584.906448] ? __might_fault+0x138/0x190 [ 584.906474] do_recvmmsg+0x2c5/0x6f0 [ 584.906502] ? __pfx_do_recvmmsg+0x10/0x10 [ 584.906525] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 584.906545] ? finish_task_switch.isra.0+0x1fb/0x840 [ 584.906572] ? finish_task_switch.isra.0+0x1fb/0x840 [ 584.906606] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 584.906629] ? __pfx___schedule+0x10/0x10 [ 584.906659] __x64_sys_recvmmsg+0x211/0x260 [ 584.906685] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 584.906718] do_syscall_64+0xbf/0x420 [ 584.906740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.906758] RIP: 0033:0x7f4b915d8b19 [ 584.906772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 584.906787] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 584.906805] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 584.906816] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 584.906827] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 584.906837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 584.906847] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 584.906872] 00:49:56 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1005, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:56 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 9) 00:49:56 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)) 00:49:56 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4100, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:56 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x8) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:49:56 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:49:56 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x5, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:56 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4021, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 596.400060] loop1: detected capacity change from 0 to 264192 [ 596.444515] loop6: detected capacity change from 0 to 264192 00:49:56 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1006, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 596.462685] FAULT_INJECTION: forcing a failure. [ 596.462685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 596.464672] CPU: 1 UID: 0 PID: 5758 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 596.464703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 596.464717] Call Trace: [ 596.464726] [ 596.464736] dump_stack_lvl+0xfa/0x120 [ 596.464778] should_fail_ex+0x4d7/0x5e0 [ 596.464823] _copy_from_user+0x30/0xd0 [ 596.464864] copy_msghdr_from_user+0x88/0x150 [ 596.464899] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 596.464931] ? __pfx__kstrtoull+0x10/0x10 [ 596.464961] ? kfree+0x2c5/0x5d0 [ 596.464997] ? __lock_acquire+0x451/0x2250 [ 596.465036] ___sys_recvmsg+0xbb/0x190 [ 596.465069] ? __pfx____sys_recvmsg+0x10/0x10 [ 596.465104] ? __pfx_perf_trace_lock+0x10/0x10 [ 596.465143] ? lock_acquire+0x15e/0x2d0 [ 596.465172] ? __might_fault+0xe0/0x190 [ 596.465197] ? find_held_lock+0x2b/0x80 [ 596.465235] ? __might_fault+0x138/0x190 [ 596.465272] do_recvmmsg+0x2c5/0x6f0 [ 596.465313] ? __pfx_do_recvmmsg+0x10/0x10 [ 596.465343] ? ksys_write+0x187/0x240 [ 596.465367] ? lock_release+0xc8/0x270 [ 596.465403] ? __mutex_unlock_slowpath+0x157/0x740 [ 596.465426] ? kernel_write+0x593/0x660 [ 596.465460] ? __fget_files+0x20d/0x3b0 [ 596.465497] __x64_sys_recvmmsg+0x211/0x260 [ 596.465532] ? ksys_write+0x1a3/0x240 [ 596.465554] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 596.465588] ? irqentry_exit+0xee/0x650 [ 596.465610] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 596.465642] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 596.465683] do_syscall_64+0xbf/0x420 [ 596.465713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.465739] RIP: 0033:0x7f4b915d8b19 [ 596.465758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 596.465781] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 596.465805] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 596.465821] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 596.465836] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 596.465851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 596.465865] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 596.465901] 00:49:57 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xeffd, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:49:57 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x40b1, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:49:57 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1007, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 596.597372] ISOFS: Unable to identify CD-ROM format. 00:49:57 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x6, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:49:57 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00'}) read(0xffffffffffffffff, 0x0, 0x0) r1 = gettid() process_vm_writev(r1, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x9, 0x6, 0xb8, 0x7f, 0x0, 0x6, 0x5820, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_bp, 0x0, 0x9, 0x7, 0x3, 0x9, 0x200, 0xff, 0x0, 0x2, 0x0, 0x2}, r1, 0x10, r0, 0x0) fdatasync(0xffffffffffffffff) [ 596.701446] audit: type=1400 audit(1768610997.193:43): avc: denied { write } for pid=5774 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 00:50:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 10) 00:50:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1021, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:06 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x22402, 0x0) perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x9, 0x5, 0x7, 0x5b, 0x0, 0x7fff, 0x2001, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xe32f, 0x2, @perf_bp={&(0x7f00000001c0), 0x5}, 0x320, 0xfff, 0x9, 0x6, 0x5, 0xfffffff8, 0x8, 0x0, 0xd85, 0x0, 0x2}, r0, 0x0, r1, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r2) ioctl$sock_inet6_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000000)) fdatasync(0xffffffffffffffff) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={0xfffffffffffffffc}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r3 = creat(&(0x7f0000000040)='mnt\x00', 0x101) write$P9_RREMOVE(r3, &(0x7f0000000080)={0x7, 0x7b, 0x1}, 0x7) 00:50:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x7, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:06 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfcfd, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:06 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x7fffdf008000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b700000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000002200", 0x9e, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:50:06 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)) [ 606.001786] loop1: detected capacity change from 0 to 264192 [ 606.017190] FAULT_INJECTION: forcing a failure. [ 606.017190] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 606.018285] CPU: 0 UID: 0 PID: 5790 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 606.018302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 606.018309] Call Trace: [ 606.018313] [ 606.018318] dump_stack_lvl+0xfa/0x120 [ 606.018337] should_fail_ex+0x4d7/0x5e0 [ 606.018360] _copy_from_user+0x30/0xd0 [ 606.018382] copy_msghdr_from_user+0x88/0x150 [ 606.018401] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 606.018417] ? __pfx__kstrtoull+0x10/0x10 [ 606.018433] ? kfree+0x2c5/0x5d0 [ 606.018452] ? __lock_acquire+0x451/0x2250 [ 606.018472] ___sys_recvmsg+0xbb/0x190 [ 606.018489] ? __pfx____sys_recvmsg+0x10/0x10 [ 606.018507] ? __pfx_perf_trace_lock+0x10/0x10 [ 606.018527] ? lock_acquire+0x15e/0x2d0 [ 606.018542] ? __might_fault+0xe0/0x190 [ 606.018555] ? find_held_lock+0x2b/0x80 [ 606.018575] ? __might_fault+0x138/0x190 [ 606.018593] do_recvmmsg+0x2c5/0x6f0 [ 606.018614] ? __pfx_do_recvmmsg+0x10/0x10 [ 606.018630] ? ksys_write+0x187/0x240 [ 606.018642] ? lock_release+0xc8/0x270 [ 606.018661] ? __mutex_unlock_slowpath+0x157/0x740 [ 606.018673] ? kernel_write+0x593/0x660 [ 606.018690] ? __fget_files+0x20d/0x3b0 [ 606.018708] __x64_sys_recvmmsg+0x211/0x260 [ 606.018727] ? ksys_write+0x1a3/0x240 [ 606.018738] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 606.018755] ? irqentry_exit+0xee/0x650 [ 606.018772] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 606.018789] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 606.018809] do_syscall_64+0xbf/0x420 [ 606.018825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.018838] RIP: 0033:0x7f4b915d8b19 [ 606.018848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 606.018860] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 606.018872] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 606.018881] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 606.018888] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 606.018896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 606.018903] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 606.018921] [ 606.064451] loop6: detected capacity change from 0 to 264192 00:50:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x10b1, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:06 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x7ffffffff000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 11) 00:50:06 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)) 00:50:06 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfdef, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 606.194910] isofs_fill_super: get root inode failed [ 606.218739] FAULT_INJECTION: forcing a failure. [ 606.218739] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 606.219700] CPU: 0 UID: 0 PID: 5806 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 606.219717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 606.219724] Call Trace: [ 606.219729] [ 606.219734] dump_stack_lvl+0xfa/0x120 [ 606.219756] should_fail_ex+0x4d7/0x5e0 [ 606.219787] _copy_from_user+0x30/0xd0 [ 606.219809] copy_msghdr_from_user+0x88/0x150 [ 606.219828] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 606.219843] ? __pfx__kstrtoull+0x10/0x10 [ 606.219859] ? kfree+0x2c5/0x5d0 [ 606.219878] ? __lock_acquire+0x451/0x2250 [ 606.219897] ___sys_recvmsg+0xbb/0x190 [ 606.219914] ? __pfx____sys_recvmsg+0x10/0x10 [ 606.219931] ? __pfx_perf_trace_lock+0x10/0x10 [ 606.219950] ? lock_acquire+0x15e/0x2d0 [ 606.219964] ? __might_fault+0xe0/0x190 [ 606.219977] ? find_held_lock+0x2b/0x80 [ 606.219996] ? __might_fault+0x138/0x190 [ 606.220014] do_recvmmsg+0x2c5/0x6f0 [ 606.220034] ? __pfx_do_recvmmsg+0x10/0x10 [ 606.220048] ? ksys_write+0x187/0x240 [ 606.220063] ? perf_trace_lock+0xbb/0x4f0 [ 606.220077] ? __lock_acquire+0x451/0x2250 [ 606.220094] ? srso_alias_untrain_ret+0x1/0x10 [ 606.220114] ? lock_acquire+0x15e/0x2d0 [ 606.220132] __x64_sys_recvmmsg+0x211/0x260 [ 606.220150] ? lock_release+0xc8/0x270 [ 606.220164] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 606.220180] ? __might_fault+0xe0/0x190 [ 606.220192] ? __might_fault+0x151/0x190 [ 606.220207] do_syscall_64+0xbf/0x420 [ 606.220223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.220235] RIP: 0033:0x7f4b915d8b19 [ 606.220244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 606.220256] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 606.220269] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 606.220277] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 606.220285] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 606.220292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 606.220299] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 606.220316] 00:50:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 606.247895] loop1: detected capacity change from 0 to 264192 00:50:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x20ff7000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:06 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x2, &(0x7f0000ff7000/0x4000)=nil) 00:50:15 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x7fffdf003000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:15 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:15 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x4, &(0x7f0000ff7000/0x4000)=nil) 00:50:15 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 12) 00:50:15 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x7, 0x1) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000080)) write$binfmt_elf32(r0, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x9, 0x1f, 0x1, 0x3, 0x7, 0x4, 0x113, 0x38, 0x1fe, 0xf7, 0x6, 0x20, 0x2, 0xff, 0x5, 0xdd9}, [{0x2, 0x3, 0x77, 0x2, 0x4266e7c7, 0x1, 0x4}], "039ce00e05764bd46e51ef7485fe8780e4a32087b27156129ab54e9410bfc51118963eb91ce9c83fd5c284086707aa3d7ec93276187267272466271a5d0d7d3d74ff589db0de8c25b2c7595688a782e1a68def642a02c623e35bb8640fc0440faf9c733486ec91299b5e7fb4bc00e96e70225d69c48424ed87b9fdb9c3283e7016e65227883e569243040d4d6ed0ea10860ab2d925ea120d48b3e91e08223b6a13d69e002f92e591203c4bccbbb71778265a7beedd9ecd03d041e902078264260b0a1e17def507b599a2c0d5edcbfef05c9dc0dc5dbdc1b36eec8e1c72daa4151e91df23f6052381d1653df2", ['\x00', '\x00', '\x00']}, 0x444) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r2, 0x0) recvmmsg$unix(r1, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r1, 0x80047210, &(0x7f0000000040)) 00:50:15 executing program 1: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)) 00:50:15 executing program 6: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfcfd, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:15 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfdfc, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 614.636867] FAULT_INJECTION: forcing a failure. [ 614.636867] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.637857] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 614.637873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 614.637880] Call Trace: [ 614.637884] [ 614.637889] dump_stack_lvl+0xfa/0x120 [ 614.637909] should_fail_ex+0x4d7/0x5e0 [ 614.637932] _copy_from_user+0x30/0xd0 [ 614.637953] copy_msghdr_from_user+0x88/0x150 [ 614.637971] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 614.637986] ? __pfx__kstrtoull+0x10/0x10 [ 614.638001] ? kfree+0x2c5/0x5d0 [ 614.638019] ? __lock_acquire+0x451/0x2250 [ 614.638039] ___sys_recvmsg+0xbb/0x190 [ 614.638055] ? __pfx____sys_recvmsg+0x10/0x10 [ 614.638072] ? __pfx_perf_trace_lock+0x10/0x10 [ 614.638091] ? lock_acquire+0x15e/0x2d0 [ 614.638105] ? __might_fault+0xe0/0x190 [ 614.638117] ? find_held_lock+0x2b/0x80 [ 614.638135] ? __might_fault+0x138/0x190 [ 614.638153] do_recvmmsg+0x2c5/0x6f0 [ 614.638173] ? __pfx_do_recvmmsg+0x10/0x10 [ 614.638187] ? ksys_write+0x187/0x240 [ 614.638201] ? perf_trace_lock+0xbb/0x4f0 [ 614.638215] ? __lock_acquire+0x451/0x2250 [ 614.638232] ? srso_alias_untrain_ret+0x1/0x10 [ 614.638251] ? lock_acquire+0x15e/0x2d0 [ 614.638268] __x64_sys_recvmmsg+0x211/0x260 [ 614.638286] ? lock_release+0xc8/0x270 [ 614.638300] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 614.638316] ? __might_fault+0xe0/0x190 [ 614.638328] ? __might_fault+0x151/0x190 [ 614.638343] do_syscall_64+0xbf/0x420 [ 614.638358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.638370] RIP: 0033:0x7f4b915d8b19 [ 614.638380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 614.638391] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 614.638403] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 614.638411] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 614.638418] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 614.638425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 614.638431] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 614.638448] [ 614.653553] loop1: detected capacity change from 0 to 264192 00:50:15 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) 00:50:15 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 1) 00:50:15 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 13) 00:50:15 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfdfe, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 614.751736] __vm_enough_memory: pid: 5840, comm: syz-executor.2, bytes: 140736934703104 not enough memory for the allocation 00:50:15 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 614.805141] FAULT_INJECTION: forcing a failure. [ 614.805141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.806130] CPU: 0 UID: 0 PID: 5855 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 614.806146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 614.806153] Call Trace: [ 614.806158] [ 614.806163] dump_stack_lvl+0xfa/0x120 [ 614.806183] should_fail_ex+0x4d7/0x5e0 [ 614.806205] _copy_from_user+0x30/0xd0 [ 614.806226] copy_msghdr_from_user+0x88/0x150 [ 614.806244] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 614.806259] ? __pfx__kstrtoull+0x10/0x10 [ 614.806274] ? kfree+0x2c5/0x5d0 [ 614.806292] ? __lock_acquire+0x451/0x2250 [ 614.806312] ___sys_recvmsg+0xbb/0x190 [ 614.806328] ? __pfx____sys_recvmsg+0x10/0x10 [ 614.806345] ? __pfx_perf_trace_lock+0x10/0x10 [ 614.806363] ? lock_acquire+0x15e/0x2d0 [ 614.806377] ? __might_fault+0xe0/0x190 [ 614.806390] ? find_held_lock+0x2b/0x80 [ 614.806408] ? __might_fault+0x138/0x190 [ 614.806426] do_recvmmsg+0x2c5/0x6f0 [ 614.806446] ? __pfx_do_recvmmsg+0x10/0x10 [ 614.806460] ? ksys_write+0x187/0x240 [ 614.806473] ? lock_release+0xc8/0x270 [ 614.806490] ? __mutex_unlock_slowpath+0x157/0x740 [ 614.806502] ? kernel_write+0x593/0x660 [ 614.806518] ? __fget_files+0x20d/0x3b0 [ 614.806536] __x64_sys_recvmmsg+0x211/0x260 [ 614.806553] ? ksys_write+0x1a3/0x240 [ 614.806564] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 614.806580] ? irqentry_exit+0xee/0x650 [ 614.806591] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 614.806607] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 614.806626] do_syscall_64+0xbf/0x420 [ 614.806641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.806654] RIP: 0033:0x7f4b915d8b19 [ 614.806664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 614.806675] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 614.806687] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 614.806695] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 614.806702] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 614.806709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 614.806716] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 614.806733] [ 614.826512] FAULT_INJECTION: forcing a failure. [ 614.826512] name failslab, interval 1, probability 0, space 0, times 0 [ 614.827434] CPU: 0 UID: 0 PID: 5854 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 614.827449] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 614.827455] Call Trace: [ 614.827459] [ 614.827463] dump_stack_lvl+0xfa/0x120 [ 614.827477] should_fail_ex+0x4d7/0x5e0 [ 614.827496] ? __do_sys_memfd_create+0x1e5/0xa90 [ 614.827514] should_failslab+0xc2/0x120 [ 614.827527] __kmalloc_cache_noprof+0x80/0x730 [ 614.827549] ? __do_sys_memfd_create+0x1e5/0xa90 [ 614.827566] __do_sys_memfd_create+0x1e5/0xa90 [ 614.827584] ? ksys_write+0x1a3/0x240 [ 614.827595] ? __pfx___do_sys_memfd_create+0x10/0x10 [ 614.827612] ? irqentry_exit+0xee/0x650 [ 614.827622] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 614.827637] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 614.827656] do_syscall_64+0xbf/0x420 [ 614.827670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.827681] RIP: 0033:0x7fcf6064cb19 [ 614.827690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 614.827701] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 614.827712] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf6064cb19 [ 614.827719] RDX: 000000000c219000 RSI: 0000000000000000 RDI: 00007fcf606a60fb [ 614.827727] RBP: 0000000000000003 R08: 000040000000c800 R09: ffffffffffffffff [ 614.827734] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 614.827741] R13: 0000000020000100 R14: 0000000008100000 R15: 0000000020000040 [ 614.827758] 00:50:15 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x10, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:15 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 14) 00:50:15 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x6, &(0x7f0000ff7000/0x4000)=nil) 00:50:15 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 2) 00:50:15 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfe00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 614.936535] loop6: detected capacity change from 0 to 264192 [ 614.968059] FAULT_INJECTION: forcing a failure. [ 614.968059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.969032] CPU: 0 UID: 0 PID: 5865 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 614.969048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 614.969055] Call Trace: [ 614.969060] [ 614.969065] dump_stack_lvl+0xfa/0x120 [ 614.969085] should_fail_ex+0x4d7/0x5e0 [ 614.969109] _copy_from_user+0x30/0xd0 [ 614.969129] copy_msghdr_from_user+0x88/0x150 [ 614.969148] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 614.969163] ? __pfx__kstrtoull+0x10/0x10 [ 614.969178] ? kfree+0x2c5/0x5d0 [ 614.969196] ? __lock_acquire+0x451/0x2250 [ 614.969216] ___sys_recvmsg+0xbb/0x190 [ 614.969232] ? __pfx____sys_recvmsg+0x10/0x10 [ 614.969249] ? __pfx_perf_trace_lock+0x10/0x10 [ 614.969267] ? lock_acquire+0x15e/0x2d0 [ 614.969281] ? __might_fault+0xe0/0x190 [ 614.969294] ? find_held_lock+0x2b/0x80 [ 614.969313] ? __might_fault+0x138/0x190 [ 614.969330] do_recvmmsg+0x2c5/0x6f0 [ 614.969350] ? __pfx_do_recvmmsg+0x10/0x10 [ 614.969365] ? ksys_write+0x187/0x240 [ 614.969377] ? lock_release+0xc8/0x270 [ 614.969394] ? __mutex_unlock_slowpath+0x157/0x740 [ 614.969406] ? kernel_write+0x593/0x660 [ 614.969422] ? __fget_files+0x20d/0x3b0 [ 614.969441] __x64_sys_recvmmsg+0x211/0x260 [ 614.969459] ? ksys_write+0x1a3/0x240 [ 614.969470] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 614.969486] ? irqentry_exit+0xee/0x650 [ 614.969497] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 614.969513] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 614.969532] do_syscall_64+0xbf/0x420 [ 614.969548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.969561] RIP: 0033:0x7f4b915d8b19 [ 614.969570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 614.969581] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 614.969594] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 614.969602] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 614.969609] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 614.969616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 614.969623] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 614.969640] 00:50:25 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x30, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:25 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) 00:50:25 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 3) 00:50:25 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfefd, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:25 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4002, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:25 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 1) 00:50:25 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x82100, 0x0) read(r0, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:50:25 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 15) [ 625.487665] FAULT_INJECTION: forcing a failure. [ 625.487665] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.489226] CPU: 0 UID: 0 PID: 5886 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 625.489248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 625.489258] Call Trace: [ 625.489264] [ 625.489270] dump_stack_lvl+0xfa/0x120 [ 625.489297] should_fail_ex+0x4d7/0x5e0 [ 625.489328] strncpy_from_user+0x3b/0x2f0 [ 625.489353] __do_sys_memfd_create+0x21e/0xa90 [ 625.489381] ? ksys_write+0x1a3/0x240 [ 625.489398] ? __pfx___do_sys_memfd_create+0x10/0x10 [ 625.489422] ? irqentry_exit+0xee/0x650 [ 625.489438] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 625.489461] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 625.489491] do_syscall_64+0xbf/0x420 [ 625.489512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.489530] RIP: 0033:0x7fcf6064cb19 [ 625.489544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 625.489560] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 625.489576] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf6064cb19 [ 625.489588] RDX: 000000000c219000 RSI: 0000000000000000 RDI: 00007fcf606a60fb [ 625.489598] RBP: 0000000000000003 R08: 000040000000c800 R09: ffffffffffffffff [ 625.489608] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 625.489618] R13: 0000000020000100 R14: 0000000008100000 R15: 0000000020000040 [ 625.489643] 00:50:26 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x8, &(0x7f0000ff7000/0x4000)=nil) [ 625.518868] FAULT_INJECTION: forcing a failure. [ 625.518868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.520196] CPU: 0 UID: 0 PID: 5889 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 625.520217] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 625.520226] Call Trace: [ 625.520232] [ 625.520239] dump_stack_lvl+0xfa/0x120 [ 625.520262] should_fail_ex+0x4d7/0x5e0 [ 625.520291] _copy_from_user+0x30/0xd0 [ 625.520319] copy_msghdr_from_user+0x88/0x150 [ 625.520344] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 625.520366] ? __pfx__kstrtoull+0x10/0x10 [ 625.520390] ? perf_trace_lock+0xbb/0x4f0 [ 625.520411] ? __lock_acquire+0x451/0x2250 [ 625.520436] ___sys_recvmsg+0xbb/0x190 [ 625.520458] ? __pfx____sys_recvmsg+0x10/0x10 [ 625.520480] ? lock_acquire+0x15e/0x2d0 [ 625.520500] ? __fget_files+0x34/0x3b0 [ 625.520517] ? find_held_lock+0x2b/0x80 [ 625.520543] ? __fget_files+0x203/0x3b0 [ 625.520559] ? lock_release+0xc8/0x270 [ 625.520583] ? __fget_files+0x20d/0x3b0 [ 625.520608] do_recvmmsg+0x2c5/0x6f0 [ 625.520636] ? __pfx_do_recvmmsg+0x10/0x10 [ 625.520656] ? ksys_write+0x187/0x240 [ 625.520672] ? lock_release+0xc8/0x270 [ 625.520696] ? __mutex_unlock_slowpath+0x157/0x740 [ 625.520713] ? kernel_write+0x593/0x660 [ 625.520731] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 625.520751] ? __fget_files+0x20d/0x3b0 [ 625.520780] __x64_sys_recvmmsg+0x211/0x260 [ 625.520804] ? ksys_write+0x1a3/0x240 [ 625.520819] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 625.520842] ? irqentry_exit+0xee/0x650 [ 625.520857] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 625.520878] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 625.520906] do_syscall_64+0xbf/0x420 [ 625.520935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.520952] RIP: 0033:0x7f8ef3114b19 [ 625.520965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 625.520980] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 625.520997] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 625.521007] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 625.521017] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 625.521027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.521037] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 625.521061] [ 625.543220] FAULT_INJECTION: forcing a failure. [ 625.543220] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:50:26 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 4) [ 625.578891] CPU: 1 UID: 0 PID: 5891 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 625.578927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 625.578941] Call Trace: [ 625.578949] [ 625.578959] dump_stack_lvl+0xfa/0x120 [ 625.578993] should_fail_ex+0x4d7/0x5e0 [ 625.579036] _copy_from_user+0x30/0xd0 [ 625.579075] copy_msghdr_from_user+0x88/0x150 [ 625.579110] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 625.579140] ? __pfx__kstrtoull+0x10/0x10 [ 625.579170] ? kfree+0x2c5/0x5d0 [ 625.579205] ? __lock_acquire+0x451/0x2250 [ 625.579242] ___sys_recvmsg+0xbb/0x190 [ 625.579274] ? __pfx____sys_recvmsg+0x10/0x10 [ 625.579308] ? __pfx_perf_trace_lock+0x10/0x10 [ 625.579345] ? lock_acquire+0x15e/0x2d0 [ 625.579373] ? __might_fault+0xe0/0x190 [ 625.579397] ? find_held_lock+0x2b/0x80 [ 625.579435] ? __might_fault+0x138/0x190 [ 625.579471] do_recvmmsg+0x2c5/0x6f0 [ 625.579510] ? __pfx_do_recvmmsg+0x10/0x10 [ 625.579539] ? ksys_write+0x187/0x240 [ 625.579562] ? lock_release+0xc8/0x270 [ 625.579596] ? __mutex_unlock_slowpath+0x157/0x740 [ 625.579620] ? kernel_write+0x593/0x660 [ 625.579652] ? __fget_files+0x20d/0x3b0 [ 625.579688] __x64_sys_recvmmsg+0x211/0x260 [ 625.579721] ? ksys_write+0x1a3/0x240 [ 625.579743] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 625.579783] ? irqentry_exit+0xee/0x650 [ 625.579804] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 625.579835] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 625.579874] do_syscall_64+0xbf/0x420 [ 625.579904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.579929] RIP: 0033:0x7f4b915d8b19 00:50:26 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x8, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) fdatasync(0xffffffffffffffff) 00:50:26 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4003, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:26 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x80000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:26 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 16) [ 625.579948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 625.579970] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b 00:50:26 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 5) [ 625.579994] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 625.580010] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 625.580025] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 625.580039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 625.580052] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 625.580087] [ 625.607566] FAULT_INJECTION: forcing a failure. [ 625.607566] name failslab, interval 1, probability 0, space 0, times 0 [ 625.607592] CPU: 0 UID: 0 PID: 5897 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 00:50:26 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xb, &(0x7f0000ff7000/0x4000)=nil) [ 625.607611] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 625.607620] Call Trace: [ 625.607625] [ 625.607631] dump_stack_lvl+0xfa/0x120 [ 625.607651] should_fail_ex+0x4d7/0x5e0 [ 625.607678] ? shmem_alloc_inode+0x27/0x50 [ 625.607694] should_failslab+0xc2/0x120 [ 625.607711] kmem_cache_alloc_lru_noprof+0x84/0x770 [ 625.607743] ? shmem_alloc_inode+0x27/0x50 [ 625.607758] shmem_alloc_inode+0x27/0x50 [ 625.607779] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 625.607794] alloc_inode+0x67/0x250 [ 625.607816] new_inode+0x1e/0x160 [ 625.607838] __shmem_get_inode+0x17c/0xe80 [ 625.607861] __shmem_file_setup+0x108/0x370 [ 625.607883] __do_sys_memfd_create+0x4cc/0xa90 [ 625.607908] ? ksys_write+0x1a3/0x240 [ 625.607922] ? __pfx___do_sys_memfd_create+0x10/0x10 [ 625.607944] ? irqentry_exit+0xee/0x650 [ 625.607959] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 625.607979] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 625.608006] do_syscall_64+0xbf/0x420 [ 625.608025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.608042] RIP: 0033:0x7fcf6064cb19 [ 625.608054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 625.608069] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 625.608084] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf6064cb19 [ 625.608094] RDX: 000000000c219000 RSI: 0000000000000000 RDI: 00007fcf606a60fb [ 625.608104] RBP: 0000000000000003 R08: 000040000000c800 R09: ffffffffffffffff [ 625.608113] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 625.608123] R13: 0000000020000100 R14: 0000000008100000 R15: 0000000020000040 [ 625.608145] [ 625.756541] FAULT_INJECTION: forcing a failure. [ 625.756541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.756572] CPU: 0 UID: 0 PID: 5905 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 625.756589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 625.756598] Call Trace: [ 625.756603] [ 625.756608] dump_stack_lvl+0xfa/0x120 [ 625.756630] should_fail_ex+0x4d7/0x5e0 [ 625.756658] _copy_from_user+0x30/0xd0 [ 625.756682] copy_msghdr_from_user+0x88/0x150 [ 625.756704] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 625.756721] ? __pfx__kstrtoull+0x10/0x10 [ 625.756739] ? kfree+0x2c5/0x5d0 [ 625.756766] ? __lock_acquire+0x451/0x2250 [ 625.756789] ___sys_recvmsg+0xbb/0x190 [ 625.756808] ? __pfx____sys_recvmsg+0x10/0x10 [ 625.756828] ? __pfx_perf_trace_lock+0x10/0x10 [ 625.756850] ? lock_acquire+0x15e/0x2d0 [ 625.756867] ? __might_fault+0xe0/0x190 [ 625.756881] ? find_held_lock+0x2b/0x80 [ 625.756903] ? __might_fault+0x138/0x190 [ 625.756924] do_recvmmsg+0x2c5/0x6f0 [ 625.756956] ? __pfx_do_recvmmsg+0x10/0x10 [ 625.756973] ? ksys_write+0x187/0x240 [ 625.756987] ? lock_release+0xc8/0x270 [ 625.757007] ? __mutex_unlock_slowpath+0x157/0x740 [ 625.757021] ? kernel_write+0x593/0x660 [ 625.757040] ? __fget_files+0x20d/0x3b0 [ 625.757062] __x64_sys_recvmmsg+0x211/0x260 [ 625.757082] ? ksys_write+0x1a3/0x240 [ 625.757094] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 625.757113] ? irqentry_exit+0xee/0x650 [ 625.757127] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 625.757145] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 625.757168] do_syscall_64+0xbf/0x420 [ 625.757186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.757200] RIP: 0033:0x7f4b915d8b19 [ 625.757212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 625.757225] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 625.757239] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 625.757249] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 625.757257] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 625.757265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 625.757273] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 625.757294] [ 625.762572] loop6: detected capacity change from 0 to 264192 00:50:34 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 2) 00:50:34 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, &(0x7f00000003c0)={0x20e, 0xffffffff80000000, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) 00:50:34 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4004, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:34 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 17) 00:50:34 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 6) 00:50:34 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x41, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:34 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfeffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:34 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xa, &(0x7f0000ff7000/0x4000)=nil) [ 633.884899] FAULT_INJECTION: forcing a failure. [ 633.884899] name failslab, interval 1, probability 0, space 0, times 0 [ 633.889539] CPU: 0 UID: 0 PID: 5927 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 633.889556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 633.889563] Call Trace: [ 633.889567] [ 633.889572] dump_stack_lvl+0xfa/0x120 [ 633.889592] should_fail_ex+0x4d7/0x5e0 [ 633.889614] ? security_inode_alloc+0x3e/0x130 [ 633.889633] should_failslab+0xc2/0x120 [ 633.889648] kmem_cache_alloc_noprof+0x80/0x760 [ 633.889665] ? __pfx_map_id_range_down+0x10/0x10 [ 633.889682] ? __create_object+0x59/0x80 [ 633.889701] ? security_inode_alloc+0x3e/0x130 [ 633.889719] security_inode_alloc+0x3e/0x130 [ 633.889739] inode_init_always_gfp+0xc9d/0xff0 [ 633.889755] alloc_inode+0x8d/0x250 [ 633.889777] new_inode+0x1e/0x160 [ 633.889794] __shmem_get_inode+0x17c/0xe80 [ 633.889813] __shmem_file_setup+0x108/0x370 [ 633.889829] __do_sys_memfd_create+0x4cc/0xa90 [ 633.889847] ? ksys_write+0x1a3/0x240 [ 633.889859] ? __pfx___do_sys_memfd_create+0x10/0x10 [ 633.889876] ? irqentry_exit+0xee/0x650 [ 633.889887] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 633.889902] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 633.889924] do_syscall_64+0xbf/0x420 [ 633.889939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.889953] RIP: 0033:0x7fcf6064cb19 [ 633.889962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 633.889973] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 633.889985] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf6064cb19 [ 633.889993] RDX: 000000000c219000 RSI: 0000000000000000 RDI: 00007fcf606a60fb [ 633.890001] RBP: 0000000000000003 R08: 000040000000c800 R09: ffffffffffffffff [ 633.890008] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 633.890015] R13: 0000000020000100 R14: 0000000008100000 R15: 0000000020000040 [ 633.890032] [ 633.931020] FAULT_INJECTION: forcing a failure. [ 633.931020] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 633.932048] CPU: 0 UID: 0 PID: 5935 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 633.932064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 633.932071] Call Trace: [ 633.932076] [ 633.932081] dump_stack_lvl+0xfa/0x120 [ 633.932100] should_fail_ex+0x4d7/0x5e0 [ 633.932122] _copy_from_user+0x30/0xd0 [ 633.932143] copy_msghdr_from_user+0x88/0x150 [ 633.932162] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 633.932177] ? __pfx__kstrtoull+0x10/0x10 [ 633.932192] ? kfree+0x2c5/0x5d0 [ 633.932210] ? __lock_acquire+0x451/0x2250 [ 633.932230] ___sys_recvmsg+0xbb/0x190 [ 633.932246] ? __pfx____sys_recvmsg+0x10/0x10 [ 633.932264] ? __pfx_perf_trace_lock+0x10/0x10 [ 633.932283] ? lock_acquire+0x15e/0x2d0 [ 633.932297] ? __might_fault+0xe0/0x190 [ 633.932309] ? find_held_lock+0x2b/0x80 [ 633.932328] ? __might_fault+0x138/0x190 [ 633.932346] do_recvmmsg+0x2c5/0x6f0 [ 633.932366] ? __pfx_do_recvmmsg+0x10/0x10 [ 633.932380] ? ksys_write+0x187/0x240 [ 633.932393] ? lock_release+0xc8/0x270 [ 633.932410] ? __mutex_unlock_slowpath+0x157/0x740 [ 633.932422] ? kernel_write+0x593/0x660 [ 633.932438] ? __fget_files+0x20d/0x3b0 [ 633.932456] __x64_sys_recvmmsg+0x211/0x260 [ 633.932474] ? ksys_write+0x1a3/0x240 [ 633.932485] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 633.932501] ? irqentry_exit+0xee/0x650 [ 633.932512] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 633.932528] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 633.932547] do_syscall_64+0xbf/0x420 [ 633.932562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.932575] RIP: 0033:0x7f4b915d8b19 [ 633.932585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 633.932596] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 633.932608] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 633.932616] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 633.932623] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 633.932630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 633.932637] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 633.932654] 00:50:34 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 7) [ 633.980071] FAULT_INJECTION: forcing a failure. [ 633.980071] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:50:34 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfe, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 633.991927] CPU: 1 UID: 0 PID: 5937 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 633.991959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 633.991972] Call Trace: [ 633.991980] [ 633.991989] dump_stack_lvl+0xfa/0x120 [ 633.992023] should_fail_ex+0x4d7/0x5e0 [ 633.992066] _copy_from_user+0x30/0xd0 [ 633.992104] copy_msghdr_from_user+0x88/0x150 [ 633.992138] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 633.992167] ? __pfx__kstrtoull+0x10/0x10 [ 633.992195] ? kfree+0x2c5/0x5d0 [ 633.992229] ? __lock_acquire+0x451/0x2250 [ 633.992265] ___sys_recvmsg+0xbb/0x190 [ 633.992295] ? __pfx____sys_recvmsg+0x10/0x10 [ 633.992328] ? __pfx_perf_trace_lock+0x10/0x10 [ 633.992364] ? lock_acquire+0x15e/0x2d0 [ 633.992390] ? __might_fault+0xe0/0x190 [ 633.992412] ? find_held_lock+0x2b/0x80 [ 633.992449] ? __might_fault+0x138/0x190 [ 633.992482] do_recvmmsg+0x2c5/0x6f0 [ 633.992519] ? __pfx_do_recvmmsg+0x10/0x10 [ 633.992547] ? ksys_write+0x187/0x240 [ 633.992569] ? lock_release+0xc8/0x270 [ 633.992602] ? __mutex_unlock_slowpath+0x157/0x740 [ 633.992624] ? kernel_write+0x593/0x660 [ 633.992653] ? __fget_files+0x20d/0x3b0 [ 633.992687] __x64_sys_recvmmsg+0x211/0x260 [ 633.992720] ? ksys_write+0x1a3/0x240 [ 633.992739] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 633.992779] ? irqentry_exit+0xee/0x650 [ 633.992799] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 633.992829] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 633.992866] do_syscall_64+0xbf/0x420 [ 633.992894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.992916] RIP: 0033:0x7f8ef3114b19 [ 633.992934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 633.992955] RSP: 002b:00007f8ef0669188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 633.992977] RAX: ffffffffffffffda RBX: 00007f8ef3228020 RCX: 00007f8ef3114b19 [ 633.992992] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 633.993005] RBP: 00007f8ef06691d0 R08: 0000000000000000 R09: 0000000000000000 [ 633.993032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 633.993045] R13: 00007ffe3438f3ff R14: 00007f8ef0669300 R15: 0000000000022000 [ 633.993077] [ 634.040670] loop6: detected capacity change from 0 to 264192 00:50:34 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xb, &(0x7f0000ff7000/0x4000)=nil) 00:50:34 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4005, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:34 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:34 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x300, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:44 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xf, &(0x7f0000ff7000/0x4000)=nil) 00:50:44 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:44 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) write$cgroup_devices(r0, &(0x7f00000001c0)={'c', ' *:* ', 'rwm\x00'}, 0xa) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x400081, 0x1) r2 = gettid() r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x80201, 0x0) r4 = accept$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000180)=0x1c) ioctl$LOOP_SET_FD(r3, 0x4c00, r4) process_vm_writev(r2, 0x0, 0x0, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0xea) r5 = openat$incfs(r1, &(0x7f00000000c0)='.log\x00', 0x10080, 0x64) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x3f, 0x5, 0x20, 0x8f, 0x0, 0x9, 0x69028, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, @perf_config_ext={0x8, 0x401}, 0x108, 0x5, 0x7fff, 0x6, 0xffff, 0x8000, 0x6, 0x0, 0x65, 0x0, 0xffffffff00000000}, r2, 0xf, r5, 0x0) fdatasync(0xffffffffffffffff) 00:50:44 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x500, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:44 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 8) 00:50:44 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 18) 00:50:44 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 3) 00:50:44 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4006, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 644.146601] FAULT_INJECTION: forcing a failure. [ 644.146601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 644.147597] CPU: 0 UID: 0 PID: 5967 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 644.147612] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 644.147620] Call Trace: [ 644.147624] [ 644.147630] dump_stack_lvl+0xfa/0x120 [ 644.147650] should_fail_ex+0x4d7/0x5e0 [ 644.147673] _copy_from_user+0x30/0xd0 [ 644.147694] copy_msghdr_from_user+0x88/0x150 [ 644.147712] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 644.147728] ? __pfx__kstrtoull+0x10/0x10 [ 644.147743] ? kfree+0x2c5/0x5d0 [ 644.147765] ? __lock_acquire+0x451/0x2250 [ 644.147784] ___sys_recvmsg+0xbb/0x190 [ 644.147800] ? __pfx____sys_recvmsg+0x10/0x10 [ 644.147817] ? __pfx_perf_trace_lock+0x10/0x10 [ 644.147836] ? lock_acquire+0x15e/0x2d0 [ 644.147850] ? __might_fault+0xe0/0x190 [ 644.147863] ? find_held_lock+0x2b/0x80 [ 644.147881] ? __might_fault+0x138/0x190 [ 644.147899] do_recvmmsg+0x2c5/0x6f0 [ 644.147919] ? __pfx_do_recvmmsg+0x10/0x10 [ 644.147933] ? ksys_write+0x187/0x240 [ 644.147945] ? lock_release+0xc8/0x270 [ 644.147962] ? __mutex_unlock_slowpath+0x157/0x740 [ 644.147974] ? kernel_write+0x593/0x660 [ 644.147990] ? __fget_files+0x20d/0x3b0 [ 644.148008] __x64_sys_recvmmsg+0x211/0x260 [ 644.148025] ? ksys_write+0x1a3/0x240 [ 644.148036] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 644.148052] ? irqentry_exit+0xee/0x650 [ 644.148063] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 644.148079] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 644.148098] do_syscall_64+0xbf/0x420 [ 644.148113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.148126] RIP: 0033:0x7f4b915d8b19 [ 644.148136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.148147] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 644.148159] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 644.148167] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 644.148174] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.148181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 644.148187] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 644.148205] [ 644.167479] FAULT_INJECTION: forcing a failure. [ 644.167479] name failslab, interval 1, probability 0, space 0, times 0 [ 644.175089] FAULT_INJECTION: forcing a failure. [ 644.175089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 644.176022] CPU: 0 UID: 0 PID: 5966 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 644.176037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 644.176044] Call Trace: [ 644.176048] [ 644.176053] dump_stack_lvl+0xfa/0x120 [ 644.176067] should_fail_ex+0x4d7/0x5e0 [ 644.176088] _copy_from_user+0x30/0xd0 [ 644.176111] copy_msghdr_from_user+0x88/0x150 [ 644.176127] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 644.176142] ? __pfx__kstrtoull+0x10/0x10 [ 644.176157] ? kfree+0x2c5/0x5d0 [ 644.176173] ? __lock_acquire+0x451/0x2250 [ 644.176192] ___sys_recvmsg+0xbb/0x190 [ 644.176208] ? __pfx____sys_recvmsg+0x10/0x10 [ 644.176225] ? __pfx_perf_trace_lock+0x10/0x10 [ 644.176243] ? lock_acquire+0x15e/0x2d0 [ 644.176257] ? __might_fault+0xe0/0x190 [ 644.176269] ? find_held_lock+0x2b/0x80 [ 644.176287] ? __might_fault+0x138/0x190 [ 644.176305] do_recvmmsg+0x2c5/0x6f0 [ 644.176325] ? __pfx_do_recvmmsg+0x10/0x10 [ 644.176341] ? ksys_write+0x187/0x240 [ 644.176354] ? lock_release+0xc8/0x270 [ 644.176372] ? __mutex_unlock_slowpath+0x157/0x740 [ 644.176383] ? kernel_write+0x593/0x660 [ 644.176399] ? __fget_files+0x20d/0x3b0 [ 644.176416] __x64_sys_recvmmsg+0x211/0x260 [ 644.176433] ? ksys_write+0x1a3/0x240 [ 644.176444] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 644.176460] ? irqentry_exit+0xee/0x650 [ 644.176470] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 644.176485] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 644.176505] do_syscall_64+0xbf/0x420 [ 644.176519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.176531] RIP: 0033:0x7f8ef3114b19 [ 644.176540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.176551] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 644.176562] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 644.176570] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 644.176577] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.176584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 644.176591] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 644.176608] [ 644.195563] CPU: 0 UID: 0 PID: 5971 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 644.195580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 644.195586] Call Trace: [ 644.195590] [ 644.195595] dump_stack_lvl+0xfa/0x120 [ 644.195609] should_fail_ex+0x4d7/0x5e0 [ 644.195628] ? __d_alloc+0x34/0x9c0 [ 644.195642] should_failslab+0xc2/0x120 [ 644.195656] kmem_cache_alloc_lru_noprof+0x84/0x770 [ 644.195672] ? find_held_lock+0x2b/0x80 [ 644.195696] ? __d_alloc+0x34/0x9c0 [ 644.195708] __d_alloc+0x34/0x9c0 [ 644.195720] ? mpol_shared_policy_init+0x24f/0x390 [ 644.195742] d_alloc_pseudo+0x1d/0xc0 [ 644.195765] alloc_file_pseudo+0xbe/0x220 [ 644.195781] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 644.195796] ? __shmem_get_inode+0x684/0xe80 [ 644.195814] __shmem_file_setup+0x1a8/0x370 [ 644.195830] __do_sys_memfd_create+0x4cc/0xa90 [ 644.195849] ? ksys_write+0x1a3/0x240 [ 644.195859] ? __pfx___do_sys_memfd_create+0x10/0x10 [ 644.195876] ? irqentry_exit+0xee/0x650 [ 644.195887] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 644.195901] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 644.195921] do_syscall_64+0xbf/0x420 [ 644.195935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.195946] RIP: 0033:0x7fcf6064cb19 [ 644.195955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.195966] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 644.195977] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf6064cb19 [ 644.195985] RDX: 000000000c219000 RSI: 0000000000000000 RDI: 00007fcf606a60fb [ 644.195992] RBP: 0000000000000003 R08: 000040000000c800 R09: ffffffffffffffff [ 644.195999] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 644.196006] R13: 0000000020000100 R14: 0000000008100000 R15: 0000000020000040 [ 644.196023] 00:50:44 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x64c1e, &(0x7f0000ff7000/0x4000)=nil) 00:50:44 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 4) 00:50:44 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 9) 00:50:44 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4007, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:44 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x600, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:44 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x80000, &(0x7f0000ff7000/0x4000)=nil) 00:50:44 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 644.354504] loop6: detected capacity change from 0 to 264192 [ 644.376881] FAULT_INJECTION: forcing a failure. [ 644.376881] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:50:44 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 19) [ 644.394934] CPU: 1 UID: 0 PID: 5986 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 644.394969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 644.394982] Call Trace: [ 644.394990] [ 644.394999] dump_stack_lvl+0xfa/0x120 [ 644.395033] should_fail_ex+0x4d7/0x5e0 [ 644.395075] _copy_from_user+0x30/0xd0 [ 644.395114] copy_msghdr_from_user+0x88/0x150 [ 644.395149] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 644.395179] ? __pfx__kstrtoull+0x10/0x10 [ 644.395208] ? kfree+0x2c5/0x5d0 [ 644.395242] ? __lock_acquire+0x451/0x2250 [ 644.395279] ___sys_recvmsg+0xbb/0x190 [ 644.395311] ? __pfx____sys_recvmsg+0x10/0x10 [ 644.395344] ? __pfx_perf_trace_lock+0x10/0x10 [ 644.395381] ? lock_acquire+0x15e/0x2d0 [ 644.395417] ? __might_fault+0xe0/0x190 [ 644.395441] ? find_held_lock+0x2b/0x80 [ 644.395477] ? __might_fault+0x138/0x190 [ 644.395513] do_recvmmsg+0x2c5/0x6f0 [ 644.395552] ? __pfx_do_recvmmsg+0x10/0x10 [ 644.395580] ? ksys_write+0x187/0x240 [ 644.395606] ? perf_trace_lock+0xbb/0x4f0 [ 644.395635] ? __lock_acquire+0x451/0x2250 [ 644.395669] ? srso_alias_untrain_ret+0x1/0x10 [ 644.395706] ? lock_acquire+0x15e/0x2d0 [ 644.395740] __x64_sys_recvmmsg+0x211/0x260 [ 644.395773] ? lock_release+0xc8/0x270 [ 644.395802] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 644.395833] ? __might_fault+0xe0/0x190 [ 644.395858] ? __might_fault+0x151/0x190 [ 644.395887] do_syscall_64+0xbf/0x420 [ 644.395915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.395939] RIP: 0033:0x7f8ef3114b19 [ 644.395958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.395980] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 644.396003] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 644.396018] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 644.396032] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.396046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 644.396060] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 644.396094] 00:50:44 executing program 7: mremap(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xf) [ 644.459396] FAULT_INJECTION: forcing a failure. [ 644.459396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 644.463446] CPU: 0 UID: 0 PID: 5996 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 644.463465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 644.463472] Call Trace: [ 644.463477] [ 644.463482] dump_stack_lvl+0xfa/0x120 [ 644.463503] should_fail_ex+0x4d7/0x5e0 [ 644.463526] _copy_from_user+0x30/0xd0 [ 644.463547] copy_msghdr_from_user+0x88/0x150 [ 644.463566] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 644.463581] ? __pfx__kstrtoull+0x10/0x10 [ 644.463595] ? kfree+0x2c5/0x5d0 [ 644.463614] ? __lock_acquire+0x451/0x2250 [ 644.463633] ___sys_recvmsg+0xbb/0x190 [ 644.463649] ? __pfx____sys_recvmsg+0x10/0x10 [ 644.463666] ? __pfx_perf_trace_lock+0x10/0x10 [ 644.463684] ? lock_acquire+0x15e/0x2d0 [ 644.463699] ? __might_fault+0xe0/0x190 [ 644.463711] ? find_held_lock+0x2b/0x80 [ 644.463729] ? __might_fault+0x138/0x190 [ 644.463747] do_recvmmsg+0x2c5/0x6f0 [ 644.463772] ? __pfx_do_recvmmsg+0x10/0x10 [ 644.463786] ? ksys_write+0x187/0x240 [ 644.463801] ? perf_trace_lock+0xbb/0x4f0 [ 644.463815] ? __lock_acquire+0x451/0x2250 [ 644.463832] ? srso_alias_untrain_ret+0x1/0x10 [ 644.463852] ? lock_acquire+0x15e/0x2d0 [ 644.463869] __x64_sys_recvmmsg+0x211/0x260 [ 644.463889] ? lock_release+0xc8/0x270 [ 644.463906] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 644.463922] ? __might_fault+0xe0/0x190 [ 644.463934] ? __might_fault+0x151/0x190 [ 644.463948] do_syscall_64+0xbf/0x420 [ 644.463963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.463975] RIP: 0033:0x7f4b915d8b19 [ 644.463985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.463997] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 644.464009] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 644.464017] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 644.464024] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.464031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 644.464038] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 644.464055] 00:50:44 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4021, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:45 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mlock(&(0x7f0000ff8000/0x4000)=nil, 0x4000) mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000) 00:50:45 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x4, 0x5800, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000004c0)}, 0x4001, 0x0, 0x0, 0x7, 0x3ff, 0x0, 0x1f}, 0x0, 0x3, 0xffffffffffffffff, 0x0) io_setup(0x4, &(0x7f0000000040)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r3, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000280), 0x10000, 0x0) io_submit(r1, 0x3, &(0x7f0000000300)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0xfff, r0, &(0x7f0000000080)="e129481eb00c2cdf532dfbbf3c9e2e0062cd0f1314e8be774f7124905c43d100eb4b322881ab2e243694ce28771692e4c9b9ac5d311eaeef9af09ca9d64b4757e54e1d77b48ba5b22062315581805f816107a359991856f8784d93878a26eba0a755d2e389515a220da9a472ed03d39c98c6b7fef8211d28e42362b7e001c4f3226c257ee7bd26d6e6053cdbb498a43fac3bcdad8583e96765979691d9103dfd2082e85d67c18125d001d5d5dee0ad215ac9ac947cf7c8eed5d3dde6bfee9052d272efd0b64a184895cdedf50f29e8373fac4f28e2d34314bbafd77e99035e3da4f81891efc8ed38b218fa60ce8fce24dd6bfa2e9b5794582cdbd560e3", 0xfd, 0x10001, 0x0, 0x1}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0xfff, r3, &(0x7f00000001c0)="3b120ea380a499ad15bd2b7da4b4b5fb8e8a5c10cbaefc342d08377a211b4ef8f07715eaf450bb541649128df3ae350f67ad8b32e7122f0e882230511b3ab24e395a4b53b706ad0a243720f27e59", 0x4e, 0x3, 0x0, 0x2}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2, 0x1004, r4, &(0x7f00000003c0)="cd318434964a984486b05719d878c5defc1c2564211d86a95b5654ee3d07a6c8110b4486d4902417ce817c35712d279a182d63ae548e9a25a0850ad91e599df7472f638ff575e3ad8af37a9f5a2dae42bd7e24196f8bae9e7669af6a08e70d1b4c2fc6628f7b6e9aad392abe24421a353b3b1dd1755c1a490b76bce3505f6df4bc8a630ed6d2ea9728ad3218f8c8f529ac8238322c869b730efff5e7f0af9bbb724f63ff05476ff0269c137ee1eafef1e978aa756e717e03a8ddf94f13b500025eeca6da0985c4d210902f0501cd9856d6493054c1003d8f47", 0xd9, 0x81, 0x0, 0x1}]) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/timers\x00', 0x0, 0x0) 00:50:45 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 10) 00:50:45 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 5) 00:50:45 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 644.654532] FAULT_INJECTION: forcing a failure. [ 644.654532] name failslab, interval 1, probability 0, space 0, times 0 [ 644.656337] CPU: 1 UID: 0 PID: 6009 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 644.656368] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 644.656382] Call Trace: [ 644.656391] [ 644.656400] dump_stack_lvl+0xfa/0x120 [ 644.656434] should_fail_ex+0x4d7/0x5e0 [ 644.656478] ? alloc_empty_file+0x58/0x1e0 [ 644.656509] should_failslab+0xc2/0x120 [ 644.656538] kmem_cache_alloc_noprof+0x80/0x760 [ 644.656580] ? d_instantiate+0x92/0xb0 [ 644.656617] ? alloc_empty_file+0x58/0x1e0 [ 644.656647] ? _raw_spin_unlock+0x1e/0x40 [ 644.656681] alloc_empty_file+0x58/0x1e0 [ 644.656715] alloc_file_pseudo+0x12b/0x220 [ 644.656750] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 644.656801] __shmem_file_setup+0x1a8/0x370 [ 644.656836] __do_sys_memfd_create+0x4cc/0xa90 [ 644.656875] ? ksys_write+0x1a3/0x240 [ 644.656898] ? __pfx___do_sys_memfd_create+0x10/0x10 [ 644.656934] ? irqentry_exit+0xee/0x650 [ 644.656957] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 644.656990] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 644.657033] do_syscall_64+0xbf/0x420 [ 644.657064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.657090] RIP: 0033:0x7fcf6064cb19 [ 644.657109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.657132] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 644.657171] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf6064cb19 [ 644.657187] RDX: 000000000c219000 RSI: 0000000000000000 RDI: 00007fcf606a60fb [ 644.657202] RBP: 0000000000000003 R08: 000040000000c800 R09: ffffffffffffffff [ 644.657218] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 644.657233] R13: 0000000020000100 R14: 0000000008100000 R15: 0000000020000040 [ 644.657268] [ 644.702651] FAULT_INJECTION: forcing a failure. [ 644.702651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 644.704524] CPU: 1 UID: 0 PID: 6010 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 644.704555] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 644.704569] Call Trace: [ 644.704578] [ 644.704587] dump_stack_lvl+0xfa/0x120 [ 644.704619] should_fail_ex+0x4d7/0x5e0 [ 644.704664] _copy_from_user+0x30/0xd0 [ 644.704706] copy_msghdr_from_user+0x88/0x150 [ 644.704742] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 644.704783] ? __pfx__kstrtoull+0x10/0x10 [ 644.704814] ? kfree+0x2c5/0x5d0 [ 644.704850] ? __lock_acquire+0x451/0x2250 [ 644.704889] ___sys_recvmsg+0xbb/0x190 [ 644.704923] ? __pfx____sys_recvmsg+0x10/0x10 [ 644.704959] ? __pfx_perf_trace_lock+0x10/0x10 [ 644.704999] ? lock_acquire+0x15e/0x2d0 [ 644.705029] ? __might_fault+0xe0/0x190 [ 644.705054] ? find_held_lock+0x2b/0x80 [ 644.705094] ? __might_fault+0x138/0x190 [ 644.705131] do_recvmmsg+0x2c5/0x6f0 [ 644.705185] ? __pfx_do_recvmmsg+0x10/0x10 [ 644.705216] ? ksys_write+0x187/0x240 [ 644.705240] ? lock_release+0xc8/0x270 [ 644.705276] ? __mutex_unlock_slowpath+0x157/0x740 [ 644.705300] ? kernel_write+0x593/0x660 [ 644.705333] ? __fget_files+0x20d/0x3b0 [ 644.705370] __x64_sys_recvmmsg+0x211/0x260 [ 644.705406] ? ksys_write+0x1a3/0x240 [ 644.705428] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 644.705463] ? irqentry_exit+0xee/0x650 [ 644.705486] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 644.705518] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 644.705559] do_syscall_64+0xbf/0x420 [ 644.705590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.705616] RIP: 0033:0x7f8ef3114b19 [ 644.705635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.705658] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 644.705683] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 644.705699] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 644.705714] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.705729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 644.705743] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 644.705779] 00:50:54 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x700, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:50:54 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 6) 00:50:54 executing program 4: r0 = syz_io_uring_complete(0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0x0, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/exec\x00') read(r1, &(0x7f0000000040)=""/55, 0x37) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r3, 0x0) recvmmsg$unix(r2, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r5, 0x0) recvmmsg$unix(r3, &(0x7f0000003740)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000001540)=[{&(0x7f0000000180)=""/12, 0xc}, {&(0x7f0000000280)=""/95, 0x5f}, {&(0x7f00000003c0)=""/159, 0x9f}, {&(0x7f0000000480)=""/188, 0xbc}], 0x4, &(0x7f0000000540)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f00000005c0)=@abs, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000640)=""/140, 0x8c}, {&(0x7f0000000700)=""/84, 0x54}, {&(0x7f0000000780)=""/143, 0x8f}], 0x3, &(0x7f0000000880)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x60}}, {{&(0x7f0000000900)=@abs, 0x6e, &(0x7f0000000d00)=[{&(0x7f0000000980)=""/115, 0x73}, {&(0x7f0000000a00)=""/152, 0x98}, {&(0x7f0000000ac0)=""/182, 0xb6}, {&(0x7f0000000b80)=""/98, 0x62}, {&(0x7f0000000c00)=""/253, 0xfd}], 0x5, &(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x60}}, {{&(0x7f0000000e00)=@abs, 0x6e, &(0x7f0000000fc0)=[{&(0x7f0000003ac0)=""/4098, 0x1002}, {&(0x7f0000000e80)=""/40, 0x28}, {&(0x7f0000000ec0)=""/235, 0xeb}], 0x3}}, {{&(0x7f0000001000)=@abs, 0x6e, &(0x7f00000014c0)=[{&(0x7f0000001080)=""/174, 0xae}, {&(0x7f0000001140)=""/146, 0x92}, {&(0x7f0000001200)=""/98, 0x62}, {&(0x7f0000001280)=""/123, 0x7b}, {&(0x7f0000001300)=""/139, 0x8b}, {&(0x7f00000013c0)=""/238, 0xee}, {&(0x7f0000002740)=""/4096, 0x1000}], 0x7, &(0x7f0000003940)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x148}}], 0x5, 0x40000042, &(0x7f00000016c0)) r6 = accept$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000200)=0x1c) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000003880)=""/158, 0x9e, 0x7) ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000240)={0x0, r2, 0x4, 0x5, 0x100000000, 0xd4}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r7, r8, 0x0) recvmmsg$unix(r7, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) poll(&(0x7f0000000080)=[{r0, 0x8000}, {r2, 0x565f}, {r5, 0x9004}, {r7, 0x8601}], 0x4, 0xa3) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000300)=0x3) fdatasync(0xffffffffffffffff) 00:50:54 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x5000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:50:54 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8) 00:50:54 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 20) 00:50:54 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x40b1, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:50:54 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 11) [ 653.738340] FAULT_INJECTION: forcing a failure. [ 653.738340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 653.739431] CPU: 1 UID: 0 PID: 6029 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 653.739447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 653.739455] Call Trace: [ 653.739459] [ 653.739464] dump_stack_lvl+0xfa/0x120 [ 653.739484] should_fail_ex+0x4d7/0x5e0 [ 653.739508] _copy_from_user+0x30/0xd0 [ 653.739528] copy_msghdr_from_user+0x88/0x150 [ 653.739547] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 653.739562] ? __pfx__kstrtoull+0x10/0x10 [ 653.739577] ? kfree+0x2c5/0x5d0 [ 653.739597] ? __lock_acquire+0x451/0x2250 [ 653.739617] ___sys_recvmsg+0xbb/0x190 [ 653.739633] ? __pfx____sys_recvmsg+0x10/0x10 [ 653.739649] ? __pfx_perf_trace_lock+0x10/0x10 [ 653.739669] ? lock_acquire+0x15e/0x2d0 [ 653.739683] ? __might_fault+0xe0/0x190 [ 653.739695] ? find_held_lock+0x2b/0x80 [ 653.739714] ? __might_fault+0x138/0x190 [ 653.739732] do_recvmmsg+0x2c5/0x6f0 [ 653.739751] ? __pfx_do_recvmmsg+0x10/0x10 [ 653.739769] ? ksys_write+0x187/0x240 [ 653.739784] ? perf_trace_lock+0xbb/0x4f0 [ 653.739798] ? __lock_acquire+0x451/0x2250 [ 653.739815] ? srso_alias_untrain_ret+0x1/0x10 [ 653.739834] ? lock_acquire+0x15e/0x2d0 [ 653.739851] __x64_sys_recvmmsg+0x211/0x260 [ 653.739869] ? lock_release+0xc8/0x270 [ 653.739883] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 653.739899] ? __might_fault+0xe0/0x190 [ 653.739911] ? __might_fault+0x151/0x190 [ 653.739926] do_syscall_64+0xbf/0x420 [ 653.739941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.739953] RIP: 0033:0x7f4b915d8b19 [ 653.739963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 653.739974] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 653.739986] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 653.739994] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 653.740001] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 653.740009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 653.740016] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 653.740033] [ 653.772069] loop6: detected capacity change from 0 to 264192 [ 653.818462] FAULT_INJECTION: forcing a failure. [ 653.818462] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 653.819389] CPU: 1 UID: 0 PID: 6035 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 653.819404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 653.819421] Call Trace: [ 653.819429] [ 653.819441] dump_stack_lvl+0xfa/0x120 [ 653.819480] should_fail_ex+0x4d7/0x5e0 [ 653.819530] _copy_from_user+0x30/0xd0 [ 653.819582] copy_msghdr_from_user+0x88/0x150 [ 653.819626] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 653.819663] ? __pfx__kstrtoull+0x10/0x10 [ 653.819697] ? kfree+0x2c5/0x5d0 [ 653.819738] ? __lock_acquire+0x451/0x2250 [ 653.819780] ___sys_recvmsg+0xbb/0x190 [ 653.819809] ? __pfx____sys_recvmsg+0x10/0x10 [ 653.819851] ? __pfx_perf_trace_lock+0x10/0x10 [ 653.819897] ? lock_acquire+0x15e/0x2d0 [ 653.819926] ? __might_fault+0xe0/0x190 [ 653.819957] ? find_held_lock+0x2b/0x80 [ 653.819994] ? __might_fault+0x138/0x190 [ 653.820012] do_recvmmsg+0x2c5/0x6f0 [ 653.820032] ? __pfx_do_recvmmsg+0x10/0x10 [ 653.820046] ? ksys_write+0x187/0x240 [ 653.820060] ? perf_trace_lock+0xbb/0x4f0 [ 653.820074] ? __lock_acquire+0x451/0x2250 [ 653.820092] ? srso_alias_untrain_ret+0x1/0x10 [ 653.820111] ? lock_acquire+0x15e/0x2d0 [ 653.820128] __x64_sys_recvmmsg+0x211/0x260 [ 653.820145] ? lock_release+0xc8/0x270 [ 653.820160] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 653.820176] ? __might_fault+0xe0/0x190 [ 653.820188] ? __might_fault+0x151/0x190 [ 653.820203] do_syscall_64+0xbf/0x420 [ 653.820218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.820230] RIP: 0033:0x7f8ef3114b19 [ 653.820240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 653.820251] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 653.820263] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 653.820272] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 653.820279] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 653.820287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 653.820294] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 653.820311] 00:51:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x7fffdf008000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:51:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 21) 00:51:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x810, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:06 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x6000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:06 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000000, r0) mbind(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000000)=0x7ff, 0xff, 0x2) r1 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000006, r1) 00:51:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 12) 00:51:06 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 7) 00:51:06 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xfd2304f683f40a0d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0, 0x8) perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x81, 0x1, 0x2, 0x8, 0x0, 0x1, 0x4010, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x5, 0x1, @perf_bp={&(0x7f0000000000), 0x1}, 0x0, 0xfffffffffffffc01, 0x5, 0xd, 0x215a, 0x8, 0x400, 0x0, 0x1, 0x0, 0xffffffffffffff80}, 0x0, 0x0, r0, 0x1) pipe2(&(0x7f0000000180), 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 665.676849] FAULT_INJECTION: forcing a failure. [ 665.676849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 665.677891] CPU: 0 UID: 0 PID: 6051 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 665.677907] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 665.677915] Call Trace: [ 665.677920] [ 665.677925] dump_stack_lvl+0xfa/0x120 [ 665.677945] should_fail_ex+0x4d7/0x5e0 [ 665.677969] _copy_from_user+0x30/0xd0 [ 665.677990] copy_msghdr_from_user+0x88/0x150 [ 665.678009] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 665.678024] ? __pfx__kstrtoull+0x10/0x10 [ 665.678039] ? kfree+0x2c5/0x5d0 [ 665.678057] ? __lock_acquire+0x451/0x2250 [ 665.678077] ___sys_recvmsg+0xbb/0x190 [ 665.678093] ? __pfx____sys_recvmsg+0x10/0x10 [ 665.678110] ? __pfx_perf_trace_lock+0x10/0x10 [ 665.678129] ? lock_acquire+0x15e/0x2d0 [ 665.678143] ? __might_fault+0xe0/0x190 [ 665.678156] ? find_held_lock+0x2b/0x80 [ 665.678174] ? __might_fault+0x138/0x190 [ 665.678193] do_recvmmsg+0x2c5/0x6f0 [ 665.678212] ? __pfx_do_recvmmsg+0x10/0x10 [ 665.678227] ? ksys_write+0x187/0x240 [ 665.678239] ? lock_release+0xc8/0x270 [ 665.678256] ? __mutex_unlock_slowpath+0x157/0x740 [ 665.678268] ? kernel_write+0x593/0x660 [ 665.678284] ? __fget_files+0x20d/0x3b0 [ 665.678302] __x64_sys_recvmmsg+0x211/0x260 [ 665.678320] ? ksys_write+0x1a3/0x240 [ 665.678331] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 665.678347] ? irqentry_exit+0xee/0x650 [ 665.678358] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 665.678374] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 665.678393] do_syscall_64+0xbf/0x420 [ 665.678408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.678421] RIP: 0033:0x7f8ef3114b19 [ 665.678431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 665.678442] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 665.678455] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 665.678462] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 665.678469] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 665.678476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 665.678483] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 665.678501] [ 665.696014] FAULT_INJECTION: forcing a failure. [ 665.696014] name failslab, interval 1, probability 0, space 0, times 0 [ 665.696914] CPU: 0 UID: 0 PID: 6055 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 665.696929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 665.696936] Call Trace: [ 665.696940] [ 665.696944] dump_stack_lvl+0xfa/0x120 [ 665.696959] should_fail_ex+0x4d7/0x5e0 [ 665.696978] ? security_file_alloc+0x35/0x130 [ 665.696992] should_failslab+0xc2/0x120 [ 665.697007] kmem_cache_alloc_noprof+0x80/0x760 [ 665.697023] ? __create_object+0x59/0x80 [ 665.697044] ? security_file_alloc+0x35/0x130 [ 665.697056] security_file_alloc+0x35/0x130 [ 665.697069] init_file+0x95/0x480 [ 665.697084] alloc_empty_file+0x76/0x1e0 [ 665.697100] alloc_file_pseudo+0x12b/0x220 [ 665.697116] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 665.697137] __shmem_file_setup+0x1a8/0x370 [ 665.697154] __do_sys_memfd_create+0x4cc/0xa90 [ 665.697172] ? ksys_write+0x1a3/0x240 [ 665.697183] ? __pfx___do_sys_memfd_create+0x10/0x10 [ 665.697200] ? irqentry_exit+0xee/0x650 [ 665.697210] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 665.697225] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 665.697244] do_syscall_64+0xbf/0x420 [ 665.697258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.697270] RIP: 0033:0x7fcf6064cb19 [ 665.697279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 665.697291] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 665.697302] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fcf6064cb19 [ 665.697310] RDX: 000000000c219000 RSI: 0000000000000000 RDI: 00007fcf606a60fb [ 665.697317] RBP: 0000000000000003 R08: 000040000000c800 R09: ffffffffffffffff [ 665.697324] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000008100000 [ 665.697331] R13: 0000000020000100 R14: 0000000008100000 R15: 0000000020000040 [ 665.697348] 00:51:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 13) 00:51:06 executing program 7: mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) [ 665.776225] FAULT_INJECTION: forcing a failure. [ 665.776225] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 665.777166] CPU: 0 UID: 0 PID: 6068 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 665.777181] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 665.777189] Call Trace: [ 665.777193] [ 665.777199] dump_stack_lvl+0xfa/0x120 [ 665.777218] should_fail_ex+0x4d7/0x5e0 [ 665.777240] _copy_from_user+0x30/0xd0 [ 665.777261] copy_msghdr_from_user+0x88/0x150 [ 665.777280] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 665.777295] ? __pfx__kstrtoull+0x10/0x10 [ 665.777311] ? kfree+0x2c5/0x5d0 [ 665.777328] ? __lock_acquire+0x451/0x2250 [ 665.777348] ___sys_recvmsg+0xbb/0x190 [ 665.777364] ? __pfx____sys_recvmsg+0x10/0x10 [ 665.777389] ? __pfx_perf_trace_lock+0x10/0x10 [ 665.777408] ? lock_acquire+0x15e/0x2d0 [ 665.777422] ? __might_fault+0xe0/0x190 [ 665.777434] ? find_held_lock+0x2b/0x80 [ 665.777453] ? __might_fault+0x138/0x190 [ 665.777471] do_recvmmsg+0x2c5/0x6f0 [ 665.777490] ? __pfx_do_recvmmsg+0x10/0x10 [ 665.777505] ? ksys_write+0x187/0x240 [ 665.777517] ? lock_release+0xc8/0x270 [ 665.777534] ? __mutex_unlock_slowpath+0x157/0x740 [ 665.777546] ? kernel_write+0x593/0x660 [ 665.777562] ? __fget_files+0x20d/0x3b0 [ 665.777580] __x64_sys_recvmmsg+0x211/0x260 [ 665.777598] ? ksys_write+0x1a3/0x240 [ 665.777608] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 665.777624] ? irqentry_exit+0xee/0x650 [ 665.777636] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 665.777652] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 665.777671] do_syscall_64+0xbf/0x420 [ 665.777686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.777699] RIP: 0033:0x7f4b915d8b19 [ 665.777708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 665.777720] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 665.777732] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 665.777740] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 665.777748] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 665.777755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 665.777766] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 665.777784] [ 665.810438] loop6: detected capacity change from 0 to 264192 00:51:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x7ffffffff000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:51:06 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x7000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:06 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x3f, 0x5c, 0x4, 0x58, 0x0, 0x8, 0x60882, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x7, 0x7f5}, 0x48081, 0x4, 0xff, 0x9, 0x81, 0x1, 0xc230, 0x0, 0x6, 0x0, 0x3}, 0x0, 0xe, r1, 0x3) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:51:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x1008, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 22) 00:51:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 14) 00:51:06 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 8) [ 665.957618] FAULT_INJECTION: forcing a failure. [ 665.957618] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 665.958724] CPU: 0 UID: 0 PID: 6081 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 665.958740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 665.958748] Call Trace: [ 665.958752] [ 665.958760] dump_stack_lvl+0xfa/0x120 [ 665.958781] should_fail_ex+0x4d7/0x5e0 [ 665.958804] should_fail_alloc_page+0xe0/0x110 [ 665.958820] prepare_alloc_pages+0x1eb/0x550 [ 665.958833] ? perf_trace_lock+0xbb/0x4f0 [ 665.958850] ? __lock_acquire+0x451/0x2250 [ 665.958868] __alloc_frozen_pages_noprof+0x186/0x25b0 [ 665.958887] ? lock_acquire+0x15e/0x2d0 [ 665.958902] ? __is_insn_slot_addr+0x2e/0x290 [ 665.958917] ? find_held_lock+0x2b/0x80 [ 665.958936] ? __is_insn_slot_addr+0x136/0x290 [ 665.958948] ? lock_release+0xc8/0x270 [ 665.958964] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 665.958984] ? perf_trace_lock+0xbb/0x4f0 [ 665.959002] ? __pfx_perf_trace_lock+0x10/0x10 [ 665.959018] ? lock_is_held_type+0x9e/0x120 [ 665.959032] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 665.959051] ? policy_nodemask+0xeb/0x4e0 [ 665.959070] alloc_pages_mpol+0xed/0x340 [ 665.959087] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 665.959102] ? filemap_get_entry+0x1bb/0x3b0 [ 665.959120] ? __pfx_filemap_get_entry+0x10/0x10 [ 665.959140] folio_alloc_mpol_noprof+0x38/0x2a0 [ 665.959160] shmem_alloc_folio+0x11b/0x140 [ 665.959176] shmem_get_folio_gfp.constprop.0+0x4ea/0x13b0 [ 665.959196] ? find_held_lock+0x2b/0x80 [ 665.959217] ? __pfx_shmem_get_folio_gfp.constprop.0+0x10/0x10 [ 665.959236] ? __pfx_perf_trace_lock+0x10/0x10 [ 665.959250] ? simple_xattr_get+0x173/0x1d0 [ 665.959270] shmem_write_begin+0x194/0x3b0 [ 665.959287] ? __pfx_shmem_write_begin+0x10/0x10 [ 665.959303] ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190 [ 665.959323] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 665.959338] ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0 [ 665.959358] generic_perform_write+0x391/0x810 [ 665.959378] ? __pfx_generic_perform_write+0x10/0x10 [ 665.959396] ? file_update_time_flags+0x367/0x4f0 [ 665.959415] shmem_file_write_iter+0x111/0x140 [ 665.959429] vfs_write+0xbe9/0x1150 [ 665.959442] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 665.959455] ? __fget_files+0x34/0x3b0 [ 665.959467] ? __pfx_vfs_write+0x10/0x10 [ 665.959492] __x64_sys_pwrite64+0x1f1/0x260 [ 665.959505] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 665.959524] do_syscall_64+0xbf/0x420 [ 665.959539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.959552] RIP: 0033:0x7fcf605ffab7 [ 665.959562] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 665.959573] RSP: 002b:00007fcf5dbc1f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 665.959585] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffab7 [ 665.959593] RDX: 000000000000009f RSI: 0000000020000300 RDI: 0000000000000004 [ 665.959600] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffffffffff [ 665.959607] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000004 [ 665.959614] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000 [ 665.959632] 00:51:06 executing program 7: mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) r0 = shmget$private(0x0, 0x2000, 0x1, &(0x7f0000ffe000/0x2000)=nil) shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x2000) 00:51:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x2, &(0x7f0000ff7000/0x4000)=nil) [ 666.021289] loop6: detected capacity change from 0 to 264192 [ 666.042222] FAULT_INJECTION: forcing a failure. [ 666.042222] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 666.043165] CPU: 0 UID: 0 PID: 6089 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 666.043180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 666.043188] Call Trace: [ 666.043192] [ 666.043197] dump_stack_lvl+0xfa/0x120 [ 666.043219] should_fail_ex+0x4d7/0x5e0 [ 666.043242] _copy_from_user+0x30/0xd0 [ 666.043263] copy_msghdr_from_user+0x88/0x150 [ 666.043281] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 666.043297] ? __pfx__kstrtoull+0x10/0x10 [ 666.043312] ? kfree+0x2c5/0x5d0 [ 666.043330] ? __lock_acquire+0x451/0x2250 [ 666.043349] ___sys_recvmsg+0xbb/0x190 [ 666.043365] ? __pfx____sys_recvmsg+0x10/0x10 [ 666.043382] ? __pfx_perf_trace_lock+0x10/0x10 [ 666.043400] ? lock_acquire+0x15e/0x2d0 [ 666.043414] ? __might_fault+0xe0/0x190 [ 666.043427] ? find_held_lock+0x2b/0x80 [ 666.043446] ? __might_fault+0x138/0x190 [ 666.043463] do_recvmmsg+0x2c5/0x6f0 [ 666.043483] ? __pfx_do_recvmmsg+0x10/0x10 [ 666.043498] ? ksys_write+0x187/0x240 [ 666.043510] ? lock_release+0xc8/0x270 [ 666.043529] ? srso_alias_untrain_ret+0x1/0x10 [ 666.043548] ? lock_acquire+0x15e/0x2d0 [ 666.043565] __x64_sys_recvmmsg+0x211/0x260 [ 666.043584] ? lock_release+0xc8/0x270 [ 666.043598] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 666.043614] ? __might_fault+0xe0/0x190 [ 666.043626] ? __might_fault+0x151/0x190 [ 666.043640] do_syscall_64+0xbf/0x420 [ 666.043655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.043667] RIP: 0033:0x7f4b915d8b19 [ 666.043677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 666.043688] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 666.043700] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 666.043708] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 666.043715] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 666.043722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 666.043729] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 666.043746] 00:51:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 666.099360] ISOFS: Unable to identify CD-ROM format. [ 666.115193] FAULT_INJECTION: forcing a failure. [ 666.115193] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 666.116129] CPU: 0 UID: 0 PID: 6098 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 666.116144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 666.116151] Call Trace: [ 666.116156] [ 666.116161] dump_stack_lvl+0xfa/0x120 [ 666.116179] should_fail_ex+0x4d7/0x5e0 [ 666.116202] _copy_from_user+0x30/0xd0 [ 666.116222] copy_msghdr_from_user+0x88/0x150 [ 666.116240] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 666.116255] ? __pfx__kstrtoull+0x10/0x10 [ 666.116270] ? kfree+0x2c5/0x5d0 [ 666.116288] ? __lock_acquire+0x451/0x2250 [ 666.116308] ___sys_recvmsg+0xbb/0x190 [ 666.116324] ? __pfx____sys_recvmsg+0x10/0x10 [ 666.116341] ? __pfx_perf_trace_lock+0x10/0x10 [ 666.116359] ? lock_acquire+0x15e/0x2d0 [ 666.116374] ? __might_fault+0xe0/0x190 [ 666.116386] ? find_held_lock+0x2b/0x80 [ 666.116405] ? __might_fault+0x138/0x190 [ 666.116423] do_recvmmsg+0x2c5/0x6f0 [ 666.116443] ? __pfx_do_recvmmsg+0x10/0x10 [ 666.116458] ? ksys_write+0x187/0x240 [ 666.116470] ? lock_release+0xc8/0x270 [ 666.116487] ? __mutex_unlock_slowpath+0x157/0x740 [ 666.116500] ? kernel_write+0x593/0x660 [ 666.116516] ? __fget_files+0x20d/0x3b0 [ 666.116534] __x64_sys_recvmmsg+0x211/0x260 [ 666.116552] ? ksys_write+0x1a3/0x240 [ 666.116563] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 666.116579] ? irqentry_exit+0xee/0x650 [ 666.116591] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 666.116606] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 666.116626] do_syscall_64+0xbf/0x420 [ 666.116641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.116653] RIP: 0033:0x7f8ef3114b19 [ 666.116663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 666.116674] RSP: 002b:00007f8ef0669188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 666.116686] RAX: ffffffffffffffda RBX: 00007f8ef3228020 RCX: 00007f8ef3114b19 [ 666.116694] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 666.116701] RBP: 00007f8ef06691d0 R08: 0000000000000000 R09: 0000000000000000 [ 666.116708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 666.116714] R13: 00007ffe3438f3ff R14: 00007f8ef0669300 R15: 0000000000022000 [ 666.116732] 00:51:06 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x4, &(0x7f0000ff7000/0x4000)=nil) 00:51:06 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:51:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3f00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 15) 00:51:06 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) 00:51:06 executing program 7: mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xf) 00:51:06 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 9) [ 666.266540] loop6: detected capacity change from 0 to 264192 [ 666.439437] FAULT_INJECTION: forcing a failure. [ 666.439437] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 666.440459] CPU: 0 UID: 0 PID: 6116 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 666.440481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 666.440496] Call Trace: [ 666.440504] [ 666.440513] dump_stack_lvl+0xfa/0x120 [ 666.440547] should_fail_ex+0x4d7/0x5e0 [ 666.440596] _copy_from_user+0x30/0xd0 [ 666.440641] copy_msghdr_from_user+0x88/0x150 [ 666.440680] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 666.440716] ? __pfx__kstrtoull+0x10/0x10 [ 666.440749] ? kfree+0x2c5/0x5d0 [ 666.440792] ? __lock_acquire+0x451/0x2250 [ 666.440833] ___sys_recvmsg+0xbb/0x190 [ 666.440869] ? __pfx____sys_recvmsg+0x10/0x10 [ 666.440908] ? __pfx_perf_trace_lock+0x10/0x10 [ 666.440950] ? lock_acquire+0x15e/0x2d0 [ 666.440983] ? __might_fault+0xe0/0x190 [ 666.441010] ? find_held_lock+0x2b/0x80 [ 666.441029] ? __might_fault+0x138/0x190 [ 666.441046] do_recvmmsg+0x2c5/0x6f0 [ 666.441066] ? __pfx_do_recvmmsg+0x10/0x10 [ 666.441080] ? ksys_write+0x187/0x240 [ 666.441093] ? lock_release+0xc8/0x270 [ 666.441110] ? __mutex_unlock_slowpath+0x157/0x740 [ 666.441122] ? kernel_write+0x593/0x660 [ 666.441138] ? __fget_files+0x20d/0x3b0 [ 666.441156] __x64_sys_recvmmsg+0x211/0x260 [ 666.441174] ? ksys_write+0x1a3/0x240 [ 666.441184] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 666.441200] ? irqentry_exit+0xee/0x650 [ 666.441211] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 666.441228] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 666.441247] do_syscall_64+0xbf/0x420 [ 666.441262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.441276] RIP: 0033:0x7f8ef3114b19 [ 666.441285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 666.441297] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 666.441309] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 666.441317] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 666.441325] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 666.441332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 666.441339] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 666.441356] 00:51:16 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 10) 00:51:16 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 23) 00:51:16 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) r0 = gettid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x8400, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5, 0x7, 0x2, 0x9, 0x0, 0x2443, 0x2010, 0x8, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2c, 0x2, @perf_bp={&(0x7f0000000000), 0x9}, 0x201, 0xffff, 0x9, 0x1, 0x7fffffff, 0x0, 0x2, 0x0, 0x3, 0x0, 0x9}, r0, 0x10, r1, 0x8) 00:51:16 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x6, &(0x7f0000ff7000/0x4000)=nil) 00:51:16 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 16) 00:51:16 executing program 7: r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x62, 0x38, 0x34, 0x39, 0x37, 0x66, 0x35, 0x31, 0x39, 0x62, 0x39, 0x31, 0x5, 0x5601e83bb3cd5819, 0x39, 0x36]}, &(0x7f0000000180)={0x0, "e263ef08d9a52fa3453c204a74cd764921e73a90238735208db838d929cde3d2c1e47ff891712c9c2580d8d3c71ca4a0ac173d185544fdf3abd3f95776e63416", 0x39}, 0x48, 0xfffffffffffffffe) r2 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$set_timeout(0xf, r2, 0x10001) keyctl$link(0x8, r0, r2) r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r5 = add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000300)="68c7097d3e", 0x5, r1) keyctl$KEYCTL_MOVE(0x1e, r1, r4, r5, 0x1) keyctl$set_timeout(0xf, r4, 0x10001) keyctl$unlink(0x9, r3, r0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) 00:51:16 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8100000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:16 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 675.787747] FAULT_INJECTION: forcing a failure. [ 675.787747] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.788744] CPU: 0 UID: 0 PID: 6125 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 675.788762] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 675.788769] Call Trace: [ 675.788774] [ 675.788779] dump_stack_lvl+0xfa/0x120 [ 675.788799] should_fail_ex+0x4d7/0x5e0 [ 675.788822] _copy_from_user+0x30/0xd0 [ 675.788843] copy_msghdr_from_user+0x88/0x150 [ 675.788862] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 675.788877] ? __pfx__kstrtoull+0x10/0x10 [ 675.788892] ? kfree+0x2c5/0x5d0 [ 675.788911] ? __lock_acquire+0x451/0x2250 [ 675.788930] ___sys_recvmsg+0xbb/0x190 [ 675.788946] ? __pfx____sys_recvmsg+0x10/0x10 [ 675.788963] ? __pfx_perf_trace_lock+0x10/0x10 [ 675.788982] ? lock_acquire+0x15e/0x2d0 [ 675.788996] ? __might_fault+0xe0/0x190 [ 675.789009] ? find_held_lock+0x2b/0x80 [ 675.789027] ? __might_fault+0x138/0x190 [ 675.789045] do_recvmmsg+0x2c5/0x6f0 [ 675.789065] ? __pfx_do_recvmmsg+0x10/0x10 [ 675.789079] ? ksys_write+0x187/0x240 [ 675.789092] ? lock_release+0xc8/0x270 [ 675.789109] ? __mutex_unlock_slowpath+0x157/0x740 [ 675.789121] ? kernel_write+0x593/0x660 [ 675.789137] ? __fget_files+0x20d/0x3b0 [ 675.789155] __x64_sys_recvmmsg+0x211/0x260 [ 675.789173] ? ksys_write+0x1a3/0x240 [ 675.789184] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 675.789200] ? irqentry_exit+0xee/0x650 [ 675.789211] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 675.789227] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 675.789247] do_syscall_64+0xbf/0x420 [ 675.789262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.789275] RIP: 0033:0x7f4b915d8b19 [ 675.789284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 675.789296] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 675.789308] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 675.789316] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 675.789323] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 675.789330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 675.789337] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 675.789354] [ 675.811958] loop6: detected capacity change from 0 to 264192 [ 675.858592] FAULT_INJECTION: forcing a failure. [ 675.858592] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.868412] CPU: 1 UID: 0 PID: 6136 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 675.868446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 675.868460] Call Trace: [ 675.868467] [ 675.868476] dump_stack_lvl+0xfa/0x120 [ 675.868509] should_fail_ex+0x4d7/0x5e0 [ 675.868552] _copy_from_user+0x30/0xd0 [ 675.868591] copy_msghdr_from_user+0x88/0x150 [ 675.868625] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 675.868655] ? __pfx__kstrtoull+0x10/0x10 [ 675.868684] ? kfree+0x2c5/0x5d0 [ 675.868718] ? __lock_acquire+0x451/0x2250 [ 675.868754] ___sys_recvmsg+0xbb/0x190 [ 675.868795] ? __pfx____sys_recvmsg+0x10/0x10 [ 675.868829] ? __pfx_perf_trace_lock+0x10/0x10 [ 675.868866] ? lock_acquire+0x15e/0x2d0 [ 675.868894] ? __might_fault+0xe0/0x190 [ 675.868917] ? find_held_lock+0x2b/0x80 [ 675.868954] ? __might_fault+0x138/0x190 [ 675.868989] do_recvmmsg+0x2c5/0x6f0 [ 675.869028] ? __pfx_do_recvmmsg+0x10/0x10 [ 675.869057] ? ksys_write+0x187/0x240 [ 675.869080] ? lock_release+0xc8/0x270 [ 675.869113] ? __mutex_unlock_slowpath+0x157/0x740 [ 675.869136] ? kernel_write+0x593/0x660 [ 675.869168] ? __fget_files+0x20d/0x3b0 [ 675.869203] __x64_sys_recvmmsg+0x211/0x260 [ 675.869236] ? ksys_write+0x1a3/0x240 [ 675.869258] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 675.869289] ? irqentry_exit+0xee/0x650 [ 675.869311] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 675.869341] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 675.869380] do_syscall_64+0xbf/0x420 [ 675.869408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.869433] RIP: 0033:0x7f8ef3114b19 [ 675.869452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 675.869473] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 675.869509] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 675.869525] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 675.869539] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 675.869553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 675.869567] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 675.869601] 00:51:16 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 17) 00:51:16 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x7, &(0x7f0000ff7000/0x4000)=nil) 00:51:16 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 675.974122] FAULT_INJECTION: forcing a failure. [ 675.974122] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.975089] CPU: 0 UID: 0 PID: 6145 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 675.975105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 675.975112] Call Trace: [ 675.975117] [ 675.975122] dump_stack_lvl+0xfa/0x120 [ 675.975141] should_fail_ex+0x4d7/0x5e0 [ 675.975161] ? page_copy_sane+0xce/0x2b0 [ 675.975181] copy_folio_from_iter_atomic+0x383/0x1850 [ 675.975207] ? simple_xattr_get+0x173/0x1d0 [ 675.975227] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 675.975247] ? shmem_write_begin+0x1ab/0x3b0 [ 675.975265] ? __pfx_shmem_write_begin+0x10/0x10 [ 675.975284] ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190 [ 675.975306] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 675.975323] ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0 [ 675.975343] generic_perform_write+0x1d7/0x810 [ 675.975365] ? __pfx_generic_perform_write+0x10/0x10 [ 675.975382] ? file_update_time_flags+0x367/0x4f0 [ 675.975402] shmem_file_write_iter+0x111/0x140 [ 675.975416] vfs_write+0xbe9/0x1150 [ 675.975429] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 675.975442] ? __fget_files+0x34/0x3b0 [ 675.975454] ? __pfx_vfs_write+0x10/0x10 [ 675.975479] __x64_sys_pwrite64+0x1f1/0x260 [ 675.975492] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 675.975511] do_syscall_64+0xbf/0x420 [ 675.975526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.975539] RIP: 0033:0x7fcf605ffab7 [ 675.975548] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 675.975560] RSP: 002b:00007fcf5dbc1f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 675.975572] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffab7 [ 675.975580] RDX: 000000000000009f RSI: 0000000020000300 RDI: 0000000000000004 [ 675.975587] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffffffffff [ 675.975594] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000004 [ 675.975601] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000 [ 675.975619] 00:51:16 executing program 7: r0 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$set_timeout(0xf, r0, 0x10001) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffb, r0, 0x1) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 675.995495] loop6: detected capacity change from 0 to 264192 00:51:16 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4100, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:16 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 24) [ 676.077681] FAULT_INJECTION: forcing a failure. [ 676.077681] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 676.078644] CPU: 0 UID: 0 PID: 6151 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 676.078659] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 676.078667] Call Trace: [ 676.078671] [ 676.078676] dump_stack_lvl+0xfa/0x120 [ 676.078696] should_fail_ex+0x4d7/0x5e0 [ 676.078720] _copy_from_user+0x30/0xd0 [ 676.078741] copy_msghdr_from_user+0x88/0x150 [ 676.078763] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 676.078778] ? __pfx__kstrtoull+0x10/0x10 [ 676.078794] ? kfree+0x2c5/0x5d0 [ 676.078812] ? __lock_acquire+0x451/0x2250 [ 676.078832] ___sys_recvmsg+0xbb/0x190 [ 676.078848] ? __pfx____sys_recvmsg+0x10/0x10 [ 676.078865] ? __pfx_perf_trace_lock+0x10/0x10 [ 676.078884] ? lock_acquire+0x15e/0x2d0 [ 676.078898] ? __might_fault+0xe0/0x190 [ 676.078911] ? find_held_lock+0x2b/0x80 [ 676.078930] ? __might_fault+0x138/0x190 [ 676.078948] do_recvmmsg+0x2c5/0x6f0 [ 676.078967] ? __pfx_do_recvmmsg+0x10/0x10 [ 676.078982] ? ksys_write+0x187/0x240 [ 676.078994] ? lock_release+0xc8/0x270 [ 676.079011] ? __mutex_unlock_slowpath+0x157/0x740 [ 676.079023] ? kernel_write+0x593/0x660 [ 676.079039] ? __fget_files+0x20d/0x3b0 [ 676.079057] __x64_sys_recvmmsg+0x211/0x260 [ 676.079075] ? ksys_write+0x1a3/0x240 [ 676.079086] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 676.079102] ? irqentry_exit+0xee/0x650 [ 676.079113] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 676.079129] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 676.079148] do_syscall_64+0xbf/0x420 [ 676.079163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.079177] RIP: 0033:0x7f4b915d8b19 [ 676.079186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 676.079197] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 676.079210] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 676.079218] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 676.079225] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 676.079232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 676.079239] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 676.079256] 00:51:16 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000000)={{0x3, 0x2, 0xffff0001, 0x2, 0x6e}, 0x5, 0x7fffffff, 0x4}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:51:16 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x8, &(0x7f0000ff7000/0x4000)=nil) 00:51:26 executing program 7: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xfffffffe, 0x3ff, 0x1, 0xd, 0x8}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000040)={{0x0, 0x7, 0x2, 0xfffffffffffffffe, 0x8, 0x6, 0x8, 0x4, 0x80, 0x419, 0x800, 0x20, 0x7, 0x100000001, 0x2}}) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x10) 00:51:26 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 11) 00:51:26 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xeffd, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:26 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xb, &(0x7f0000ff7000/0x4000)=nil) 00:51:26 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 25) 00:51:26 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x10000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:26 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 18) 00:51:26 executing program 4: perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp, 0x0, 0x8000, 0x8, 0x3, 0x0, 0x4, 0x0, 0x0, 0xffffffff}, 0x0, 0xa, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:51:26 executing program 7: pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000100)='\xe2\xfb', &(0x7f0000000080)='./file0\x00', r1) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 686.140025] FAULT_INJECTION: forcing a failure. [ 686.140025] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 686.141031] CPU: 1 UID: 0 PID: 6183 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 686.141047] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 686.141054] Call Trace: 00:51:26 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x800) read(0xffffffffffffffff, 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(0xffffffffffffffff, 0x5380) fdatasync(0xffffffffffffffff) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r1) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000000)) [ 686.141059] [ 686.141064] dump_stack_lvl+0xfa/0x120 [ 686.141083] should_fail_ex+0x4d7/0x5e0 [ 686.141107] should_fail_alloc_page+0xe0/0x110 [ 686.141123] prepare_alloc_pages+0x1eb/0x550 [ 686.141137] ? __create_object+0x59/0x80 [ 686.141156] __alloc_frozen_pages_noprof+0x186/0x25b0 [ 686.141174] ? __lock_acquire+0x451/0x2250 [ 686.141191] ? perf_trace_lock+0xbb/0x4f0 [ 686.141210] ? __pfx_perf_trace_lock+0x10/0x10 [ 686.141227] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 686.141242] ? do_raw_spin_lock+0x123/0x260 [ 686.141263] ? perf_trace_lock+0xbb/0x4f0 [ 686.141281] ? __pfx_perf_trace_lock+0x10/0x10 [ 686.141297] ? lock_is_held_type+0x9e/0x120 [ 686.141310] ? lock_is_held_type+0x9e/0x120 [ 686.141320] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 686.141340] ? policy_nodemask+0xeb/0x4e0 [ 686.141360] alloc_pages_mpol+0xed/0x340 [ 686.141377] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 686.141392] ? filemap_get_entry+0x1bb/0x3b0 [ 686.141410] ? __pfx_filemap_get_entry+0x10/0x10 [ 686.141430] folio_alloc_mpol_noprof+0x38/0x2a0 [ 686.141451] shmem_alloc_folio+0x11b/0x140 [ 686.141467] shmem_get_folio_gfp.constprop.0+0x4ea/0x13b0 [ 686.141491] ? __pfx_shmem_get_folio_gfp.constprop.0+0x10/0x10 [ 686.141510] ? __pfx_perf_trace_lock+0x10/0x10 [ 686.141529] shmem_write_begin+0x194/0x3b0 [ 686.141546] ? __pfx_shmem_write_begin+0x10/0x10 [ 686.141563] ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190 [ 686.141582] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 686.141605] ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0 [ 686.141626] generic_perform_write+0x391/0x810 [ 686.141647] ? __pfx_generic_perform_write+0x10/0x10 [ 686.141665] ? file_update_time_flags+0x367/0x4f0 [ 686.141684] shmem_file_write_iter+0x111/0x140 [ 686.141698] vfs_write+0xbe9/0x1150 [ 686.141711] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 686.141724] ? __fget_files+0x34/0x3b0 [ 686.141737] ? __pfx_vfs_write+0x10/0x10 [ 686.141766] __x64_sys_pwrite64+0x1f1/0x260 [ 686.141779] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 686.141798] do_syscall_64+0xbf/0x420 [ 686.141813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.141826] RIP: 0033:0x7fcf605ffab7 [ 686.141836] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 686.141847] RSP: 002b:00007fcf5dbc1f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 686.141859] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffab7 [ 686.141868] RDX: 000000000000001a RSI: 0000000020010900 RDI: 0000000000000004 [ 686.141874] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffffffffff [ 686.141881] R10: 000000000000b800 R11: 0000000000000293 R12: 0000000000000004 [ 686.141888] R13: 0000000000000004 R14: 0000000020000218 R15: 0000000000000001 [ 686.141906] [ 686.153948] FAULT_INJECTION: forcing a failure. [ 686.153948] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 686.153968] CPU: 1 UID: 0 PID: 6181 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 686.153982] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 686.153990] Call Trace: [ 686.153997] [ 686.154005] dump_stack_lvl+0xfa/0x120 [ 686.154029] should_fail_ex+0x4d7/0x5e0 [ 686.154068] _copy_from_user+0x30/0xd0 [ 686.154108] copy_msghdr_from_user+0x88/0x150 [ 686.154136] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 686.154163] ? __pfx__kstrtoull+0x10/0x10 [ 686.154186] ? kfree+0x2c5/0x5d0 [ 686.154214] ? __lock_acquire+0x451/0x2250 [ 686.154242] ___sys_recvmsg+0xbb/0x190 [ 686.154262] ? __pfx____sys_recvmsg+0x10/0x10 [ 686.154293] ? __pfx_perf_trace_lock+0x10/0x10 [ 686.154330] ? lock_acquire+0x15e/0x2d0 [ 686.154361] ? __might_fault+0xe0/0x190 [ 686.154382] ? find_held_lock+0x2b/0x80 [ 686.154421] ? __might_fault+0x138/0x190 [ 686.154439] do_recvmmsg+0x2c5/0x6f0 [ 686.154458] ? __pfx_do_recvmmsg+0x10/0x10 [ 686.154473] ? ksys_write+0x187/0x240 [ 686.154484] ? lock_release+0xc8/0x270 [ 686.154505] ? __mutex_unlock_slowpath+0x157/0x740 [ 686.154517] ? kernel_write+0x593/0x660 [ 686.154533] ? __fget_files+0x20d/0x3b0 [ 686.154550] __x64_sys_recvmmsg+0x211/0x260 [ 686.154568] ? ksys_write+0x1a3/0x240 [ 686.154579] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 686.154595] ? irqentry_exit+0xee/0x650 [ 686.154605] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 686.154621] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 686.154640] do_syscall_64+0xbf/0x420 [ 686.154654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.154666] RIP: 0033:0x7f8ef3114b19 [ 686.154675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 686.154686] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 686.154697] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 686.154705] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 686.154712] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 686.154719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 686.154725] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 686.154742] [ 686.155125] loop6: detected capacity change from 0 to 264192 [ 686.174704] FAULT_INJECTION: forcing a failure. [ 686.174704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 686.174744] CPU: 0 UID: 0 PID: 6185 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 686.174783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 686.174800] Call Trace: [ 686.174810] [ 686.174822] dump_stack_lvl+0xfa/0x120 [ 686.174859] should_fail_ex+0x4d7/0x5e0 [ 686.174899] _copy_from_user+0x30/0xd0 [ 686.174936] copy_msghdr_from_user+0x88/0x150 [ 686.174967] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 686.174995] ? __pfx__kstrtoull+0x10/0x10 [ 686.175023] ? kfree+0x2c5/0x5d0 [ 686.175055] ? __lock_acquire+0x451/0x2250 [ 686.175090] ___sys_recvmsg+0xbb/0x190 [ 686.175119] ? __pfx____sys_recvmsg+0x10/0x10 [ 686.175150] ? __pfx_perf_trace_lock+0x10/0x10 [ 686.175185] ? lock_acquire+0x15e/0x2d0 [ 686.175211] ? __might_fault+0xe0/0x190 [ 686.175233] ? find_held_lock+0x2b/0x80 [ 686.175267] ? __might_fault+0x138/0x190 [ 686.175300] do_recvmmsg+0x2c5/0x6f0 [ 686.175336] ? __pfx_do_recvmmsg+0x10/0x10 [ 686.175363] ? ksys_write+0x187/0x240 [ 686.175384] ? lock_release+0xc8/0x270 [ 686.175416] ? __mutex_unlock_slowpath+0x157/0x740 [ 686.175437] ? kernel_write+0x593/0x660 [ 686.175467] ? __fget_files+0x20d/0x3b0 [ 686.175508] __x64_sys_recvmmsg+0x211/0x260 [ 686.175549] ? ksys_write+0x1a3/0x240 [ 686.175569] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 686.175598] ? irqentry_exit+0xee/0x650 [ 686.175618] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 686.175647] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 686.175683] do_syscall_64+0xbf/0x420 [ 686.175710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.175733] RIP: 0033:0x7f4b915d8b19 [ 686.175750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 686.175771] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 686.175792] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 686.175807] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 686.175820] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 686.175833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 686.175846] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 686.175877] [ 686.256566] isofs_fill_super: get root inode failed 00:51:45 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfcfd, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:45 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 12) 00:51:45 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x8845, 0x3}) 00:51:45 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3f000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:45 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xa, &(0x7f0000ff7000/0x4000)=nil) 00:51:45 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 26) 00:51:45 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 19) 00:51:45 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffb000/0x4000)=nil) madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_SEND={0x1a, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000000)="b6c21e02a16dbcf64ef5580fee899e34aa4333b1998dbd127ea32d8441aedae838de014a5393611150a91a85cae91349eff9eb65f5644074d663a39e96153e1233509399a078ac1c7708c0354c50f970fe114752d82a2dbb69bca0e522a300ab365ab37053448d71f9782cf0ad8cdcebaf68436760e6a2f2a510eef74ab47b00bcf93b5e7c7f77754ffe2c3fa716ca1a0a8552977d459ceda326eb2e8f041cb25a48", 0xa2, 0x4040000, 0x1}, 0x7) [ 705.473300] FAULT_INJECTION: forcing a failure. [ 705.473300] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 705.474343] CPU: 0 UID: 0 PID: 6204 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 705.474359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 705.474367] Call Trace: [ 705.474372] [ 705.474377] dump_stack_lvl+0xfa/0x120 [ 705.474397] should_fail_ex+0x4d7/0x5e0 [ 705.474420] _copy_from_user+0x30/0xd0 [ 705.474441] copy_msghdr_from_user+0x88/0x150 [ 705.474460] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 705.474475] ? __pfx__kstrtoull+0x10/0x10 [ 705.474490] ? kfree+0x2c5/0x5d0 [ 705.474508] ? __lock_acquire+0x451/0x2250 [ 705.474528] ___sys_recvmsg+0xbb/0x190 [ 705.474544] ? __pfx____sys_recvmsg+0x10/0x10 [ 705.474562] ? __pfx_perf_trace_lock+0x10/0x10 [ 705.474580] ? lock_acquire+0x15e/0x2d0 [ 705.474594] ? __might_fault+0xe0/0x190 [ 705.474607] ? find_held_lock+0x2b/0x80 [ 705.474626] ? __might_fault+0x138/0x190 [ 705.474643] do_recvmmsg+0x2c5/0x6f0 [ 705.474663] ? __pfx_do_recvmmsg+0x10/0x10 [ 705.474677] ? ksys_write+0x187/0x240 [ 705.474689] ? lock_release+0xc8/0x270 [ 705.474706] ? __mutex_unlock_slowpath+0x157/0x740 [ 705.474718] ? kernel_write+0x593/0x660 [ 705.474734] ? __fget_files+0x20d/0x3b0 [ 705.474752] __x64_sys_recvmmsg+0x211/0x260 [ 705.474775] ? ksys_write+0x1a3/0x240 [ 705.474785] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 705.474801] ? irqentry_exit+0xee/0x650 [ 705.474812] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 705.474828] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 705.474847] do_syscall_64+0xbf/0x420 [ 705.474863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.474876] RIP: 0033:0x7f4b915d8b19 [ 705.474885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 705.474896] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 705.474909] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 705.474916] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 705.474924] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 705.474931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 705.474938] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 705.474955] [ 705.496344] FAULT_INJECTION: forcing a failure. [ 705.496344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 705.515224] CPU: 1 UID: 0 PID: 6210 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 705.515257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 705.515271] Call Trace: [ 705.515278] [ 705.515287] dump_stack_lvl+0xfa/0x120 [ 705.515320] should_fail_ex+0x4d7/0x5e0 [ 705.515354] ? page_copy_sane+0xce/0x2b0 [ 705.515390] copy_folio_from_iter_atomic+0x383/0x1850 [ 705.515447] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 705.515483] ? shmem_write_begin+0x1ab/0x3b0 [ 705.515516] ? __pfx_shmem_write_begin+0x10/0x10 [ 705.515547] ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190 [ 705.515583] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 705.515612] ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0 [ 705.515649] generic_perform_write+0x1d7/0x810 [ 705.515697] ? __pfx_generic_perform_write+0x10/0x10 [ 705.515730] ? file_update_time_flags+0x367/0x4f0 [ 705.515765] shmem_file_write_iter+0x111/0x140 [ 705.515792] vfs_write+0xbe9/0x1150 [ 705.515814] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 705.515838] ? __fget_files+0x34/0x3b0 [ 705.515861] ? __pfx_vfs_write+0x10/0x10 [ 705.515907] __x64_sys_pwrite64+0x1f1/0x260 [ 705.515931] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 705.515966] do_syscall_64+0xbf/0x420 [ 705.515993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.516017] RIP: 0033:0x7fcf605ffab7 [ 705.516035] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 705.516056] RSP: 002b:00007fcf5dbc1f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 705.516078] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffab7 [ 705.516093] RDX: 000000000000001a RSI: 0000000020010900 RDI: 0000000000000004 [ 705.516106] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffffffffff [ 705.516120] R10: 000000000000b800 R11: 0000000000000293 R12: 0000000000000004 [ 705.516133] R13: 0000000000000004 R14: 0000000020000218 R15: 0000000000000001 [ 705.516165] [ 705.552525] FAULT_INJECTION: forcing a failure. [ 705.552525] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 705.554234] CPU: 1 UID: 0 PID: 6216 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 705.554262] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 705.554275] Call Trace: [ 705.554282] [ 705.554291] dump_stack_lvl+0xfa/0x120 [ 705.554317] should_fail_ex+0x4d7/0x5e0 [ 705.554354] _copy_from_user+0x30/0xd0 [ 705.554390] copy_msghdr_from_user+0x88/0x150 [ 705.554423] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 705.554451] ? __pfx__kstrtoull+0x10/0x10 [ 705.554479] ? kfree+0x2c5/0x5d0 [ 705.554510] ? __lock_acquire+0x451/0x2250 [ 705.554543] ___sys_recvmsg+0xbb/0x190 [ 705.554573] ? __pfx____sys_recvmsg+0x10/0x10 [ 705.554605] ? __pfx_perf_trace_lock+0x10/0x10 [ 705.554639] ? lock_acquire+0x15e/0x2d0 00:51:46 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ff8000/0x1000)=nil) [ 705.554666] ? __might_fault+0xe0/0x190 [ 705.554688] ? find_held_lock+0x2b/0x80 [ 705.554722] ? __might_fault+0x138/0x190 [ 705.554755] do_recvmmsg+0x2c5/0x6f0 [ 705.554799] ? __pfx_do_recvmmsg+0x10/0x10 00:51:46 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xb, &(0x7f0000ff7000/0x4000)=nil) [ 705.554826] ? ksys_write+0x187/0x240 [ 705.554847] ? lock_release+0xc8/0x270 [ 705.554878] ? __mutex_unlock_slowpath+0x157/0x740 [ 705.554900] ? kernel_write+0x593/0x660 [ 705.554930] ? __fget_files+0x20d/0x3b0 [ 705.554962] __x64_sys_recvmmsg+0x211/0x260 [ 705.554993] ? ksys_write+0x1a3/0x240 [ 705.555013] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 705.555043] ? irqentry_exit+0xee/0x650 [ 705.555063] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 705.555091] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 705.555127] do_syscall_64+0xbf/0x420 [ 705.555153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.555176] RIP: 0033:0x7f8ef3114b19 [ 705.555193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 705.555213] RSP: 002b:00007f8ef0669188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 705.555234] RAX: ffffffffffffffda RBX: 00007f8ef3228020 RCX: 00007f8ef3114b19 [ 705.555249] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 705.555262] RBP: 00007f8ef06691d0 R08: 0000000000000000 R09: 0000000000000000 [ 705.555275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 705.555288] R13: 00007ffe3438f3ff R14: 00007f8ef0669300 R15: 0000000000022000 [ 705.555321] [ 705.563914] loop6: detected capacity change from 0 to 264192 00:51:57 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 20) 00:51:57 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x40000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:57 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 27) 00:51:57 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfdef, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:57 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0xf, &(0x7f0000ff7000/0x4000)=nil) 00:51:57 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 13) 00:51:57 executing program 4: perf_event_open(&(0x7f0000000340)={0x4, 0xfffffffffffffea5, 0xaf, 0x9, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff18b, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:51:57 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x4, &(0x7f0000ff8000/0x2000)=nil) r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x66e18000) syz_io_uring_setup(0x6fb6, &(0x7f0000000000)={0x0, 0xb953, 0x0, 0x0, 0x1ac}, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000000)={0x0, @xdp={0x2c, 0x0, 0x0, 0x34}, @in={0x2, 0x4e24, @empty}, @llc={0x1a, 0xffff, 0x1, 0xff, 0x0, 0xff}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x10000000007f, 0x2}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r6}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000180)={'syztnl1\x00', r6, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback, 0x0, 0x20}}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000740)=0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000980)={&(0x7f0000000c80)=ANY=[@ANYBLOB="dc0100001800000125bd7000fedbdf25000000000000000000000000000000000a0101020000000000000000000000004e2404014e2300000000000000000012005232c5631a1d434f42f8ca6687aacaf5d7eb630080743b56b9bf4c6651c3acf892efcc9e6878d11a5d78000000226f3d17103ea23501b5dad13754c00ea648501359a29af75a551c5e3b60b89ad6ac95000000000000000000000000000000006dff4b89cf9b535ed03b96c561f21cd6086e7b5afc211e1e6c227c79e50ef42b9eab243308444b698acab9572ddcb382e41280", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a010100000000000000000000000000000004d23300000064010100000000000000000000000000c5ffffffffffffff05000000000000e900040000000000002100000000000000ff0000000000000040000000000000fd030000000000000000fcffffffffffff0104000000000000d10200000000000009000000000000000800000000000000000800bb0200000002000027bd70000740bf49916e7bb313eb5f1b3500000a0006060200000000000000b500000000000000e4000600fe800000000000000000000000000037000000000000000000000000000000004e20009b4e23", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="ac1414aa000000000000000000000000000004d46c00000000000000000000000000000000000000dd0e0000000000004d0000000000000000010000000000000200000000000000060000000000000005000000000000010000000000000000000005000000000000005f9300000000000008000000000000002000000007000000500f000028bd700007350000060002d64700"/168], 0x1dc}, 0x1, 0x0, 0x0, 0x4000011}, 0x40084) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=@ll={0x11, 0xf5, r6, 0x1, 0x4, 0x6, @random="d8f4d14d8f2d"}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="f367f041c470da6da401aca4a15f7894e27eba90d9e338f4d5f3c06f888f264896603bdb69b8", 0x26}], 0x1, &(0x7f00000013c0)=ANY=[@ANYBLOB="78000000000000001801000000020000a08c91caac0f43fc3cb00da6deaa503d79c2788ee4d392585369571d6b3b5fe333a0101160d84446c61524fe40193f23bd7e51071f6d5ea4046c878dde9afb63a167d45f7ad6a6e6e78ef400108f16fa06ea13f8a810f24df6dab8adf0da7f78379300000000000000b000000000000000080100000100000013deec1a0eb8fbb8006a7f053477a6bb35ded80f390fc302bb2c2fc621d130b0a9faac44ad575c375bebc64be388335dde0396309a0f26e04bf2c811cf1b186a172737036879eb03e1af7b9f0f546b0418833748770cd99f2a070a53897783c6969afed592c6a33544c9aa20b2b857d0cec7eec10a9c9ba8b3523e6a57e4afca28e8a6483606d1adc06cbc507380769d127557ee3fd661eb1de8470ed0d870000000ac88e3ed900000000000000010010000080000000e15cb0fa60f112f155fed0e14594608dba2c60edc3f67a64c32dad570e1cad670c937ba9d86ad5fdcc8d5d29972e7bbee34dc5efeb89089924e9f3894a588d10de678f4cb1493b73f2595f213ced0433e4f7e6491d46b73be682f279e1ebda8aec575151e6cd43977a3fc1d843fde3d272e162fa30e3307e1afdc00000000007502ab9cf99b8711100100005a0c0000dc0acc25165a6643ec30c42bc00e4b94c40da6103d8409d01471b0d21e703f331dbe40d13402c97552900264ee5f43ae09743d2d8359819e4259e54d4d5fa4c9e239eb947418a389d38f1707078344084de6ab59f44b4c1d3a5ef99cdc3f7c232f29996710047ac144e234ce926ff9c57281e30ba564a30902d942db2f337f52a9702b3d16f33505d3310fdddfdcd44ea54f610bae7d4948e15aef8081cb8dc9fa76cc812b17279f7fd65d866b36e85e1a385716864215bcabc555e2704b158073bf3993f9424521ee878ab65f9f3212cd7fee5dfc181d937b86f5f2473f08557e5c842510010000000000000101000000020000c593133edd9b0501b546088b8b7199e31f1d4479443cd500f307183db7c0eff02809b2448ac3fb9306000000000000002ed87c2ffbae74f34361fb3cd7c734a39724003df6e9765293f411501ad1f8a90101c525c29e54173c6e633edf30ce98c9338d522a50b3ebf809ee5df432ec41f9b47f7a1ba2f9474aaeb91150a94012913776a97426414b504fb5cf5d865dfdfa63108a18cf03a9c3d58014209ef9c5021a637f4b1036a2658b1b2a7edf0724ceb130f63f1045c70d1d58ecad85718f9046565ca300da940d64b248bcbf8601157786d886c84eacbb06a53d17363bce8c5b2b4b45dacbb8e53aed6f45fd3965aae271dbc75651a0d54920e034d2ba1928e5d10000000066a5d91d703d97317a8cbc869dd93bd874942735ba3867067a38ff7405e6d6f9997b472d6f2641f1abd56388dca26a64a2d3ae0a6013f4d53977b047ba150afe2c345613677f03dfc4bddf7226e7e3a3f908675787a4f3000000000000000000000000000000bb4071768aaae2e8cb2d8b701dbfe590faee3b1c243706e23cb5074d1ea55e1a17f0b23381467d1aeb2fd3a9000000000000000000000000305d1441fd648348c98a83520c649d3a6f15a4670651efc41530ec8811905b5ed7fa6b16bdb69e5ac79db852e7e33a70bcc0b526d7ac941dd3d79aadff04ac7c79f12d7970cdffe13e83c6b52076a90d0a4c7433a410e9dbde"], 0x3d0}, 0x0, 0x8000000, 0x1, {0x0, r8}}, 0x6) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1, {0x0, r8}}, 0x3f) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, r1, &(0x7f0000000000)={0x200000, 0x92}, &(0x7f0000000040)='./file0\x00', 0x18, 0x0, 0x23456}, 0x1) syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x6000, @fd, 0x4, 0x80000000, 0x4, 0x6, 0x1, {0x1}}, 0x3f) [ 717.044085] FAULT_INJECTION: forcing a failure. [ 717.044085] name failslab, interval 1, probability 0, space 0, times 0 [ 717.046147] CPU: 0 UID: 0 PID: 6236 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 717.046182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 717.046197] Call Trace: [ 717.046207] [ 717.046217] dump_stack_lvl+0xfa/0x120 [ 717.046254] should_fail_ex+0x4d7/0x5e0 [ 717.046300] ? do_getname+0x2b/0x3d0 [ 717.046333] should_failslab+0xc2/0x120 [ 717.046363] kmem_cache_alloc_noprof+0x80/0x760 [ 717.046404] ? vfs_write+0x169/0x1150 [ 717.046435] ? do_getname+0x2b/0x3d0 [ 717.046465] do_getname+0x2b/0x3d0 [ 717.046502] do_sys_openat2+0xa0/0x210 [ 717.046537] ? __pfx_do_sys_openat2+0x10/0x10 [ 717.046588] __x64_sys_openat+0x142/0x200 [ 717.046624] ? __pfx___x64_sys_openat+0x10/0x10 [ 717.046677] do_syscall_64+0xbf/0x420 [ 717.046706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.046729] RIP: 0033:0x7fcf605ffa04 [ 717.046746] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 717.046775] RSP: 002b:00007fcf5dbc1ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 717.046798] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffa04 [ 717.046813] RDX: 0000000000000002 RSI: 00007fcf5dbc2000 RDI: 00000000ffffff9c [ 717.046827] RBP: 00007fcf5dbc2000 R08: 0000000000000000 R09: ffffffffffffffff [ 717.046840] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 717.046853] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 717.046885] 00:51:57 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x64c1e, &(0x7f0000ff7000/0x4000)=nil) [ 717.080942] audit: type=1400 audit(1768611117.544:44): avc: denied { read } for pid=6235 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 717.084036] FAULT_INJECTION: forcing a failure. [ 717.084036] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 717.084843] FAULT_INJECTION: forcing a failure. [ 717.084843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 717.085741] CPU: 0 UID: 0 PID: 6237 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 717.085776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 717.085789] Call Trace: [ 717.085797] [ 717.085806] dump_stack_lvl+0xfa/0x120 [ 717.085840] should_fail_ex+0x4d7/0x5e0 [ 717.085881] _copy_from_user+0x30/0xd0 [ 717.085918] copy_msghdr_from_user+0x88/0x150 [ 717.085974] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 717.086003] ? __pfx__kstrtoull+0x10/0x10 [ 717.086031] ? kfree+0x2c5/0x5d0 [ 717.086063] ? __lock_acquire+0x451/0x2250 [ 717.086099] ___sys_recvmsg+0xbb/0x190 [ 717.086128] ? __pfx____sys_recvmsg+0x10/0x10 [ 717.086160] ? __pfx_perf_trace_lock+0x10/0x10 [ 717.086195] ? lock_acquire+0x15e/0x2d0 [ 717.086221] ? __might_fault+0xe0/0x190 [ 717.086245] ? find_held_lock+0x2b/0x80 [ 717.086280] ? __might_fault+0x138/0x190 [ 717.086313] do_recvmmsg+0x2c5/0x6f0 [ 717.086349] ? __pfx_do_recvmmsg+0x10/0x10 [ 717.086376] ? ksys_write+0x187/0x240 [ 717.086398] ? lock_release+0xc8/0x270 [ 717.086430] ? __mutex_unlock_slowpath+0x157/0x740 [ 717.086452] ? kernel_write+0x593/0x660 [ 717.086482] ? __fget_files+0x20d/0x3b0 [ 717.086516] __x64_sys_recvmmsg+0x211/0x260 [ 717.086548] ? ksys_write+0x1a3/0x240 [ 717.086568] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 717.086598] ? irqentry_exit+0xee/0x650 [ 717.086619] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 717.086648] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 717.086685] do_syscall_64+0xbf/0x420 [ 717.086712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.086736] RIP: 0033:0x7f8ef3114b19 [ 717.086754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 717.086775] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 717.086798] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 717.086813] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 717.086827] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 717.086840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 717.086856] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 717.086891] 00:51:57 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x40000000000, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:51:57 executing program 7: mremap(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ff7000/0x1000)=nil) mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x12) mremap(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x4000, 0x7, &(0x7f0000ffa000/0x4000)=nil) mincore(&(0x7f0000ffe000/0x1000)=nil, 0x1000, &(0x7f0000000000)=""/4096) 00:51:57 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 14) [ 717.188172] CPU: 1 UID: 0 PID: 6240 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 717.188207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 717.188220] Call Trace: [ 717.188228] [ 717.188237] dump_stack_lvl+0xfa/0x120 [ 717.188270] should_fail_ex+0x4d7/0x5e0 [ 717.188311] _copy_from_user+0x30/0xd0 [ 717.188348] copy_msghdr_from_user+0x88/0x150 [ 717.188380] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 717.188409] ? __pfx__kstrtoull+0x10/0x10 [ 717.188436] ? kfree+0x2c5/0x5d0 [ 717.188468] ? __lock_acquire+0x451/0x2250 [ 717.188503] ___sys_recvmsg+0xbb/0x190 [ 717.188533] ? __pfx____sys_recvmsg+0x10/0x10 [ 717.188564] ? __pfx_perf_trace_lock+0x10/0x10 [ 717.188599] ? lock_acquire+0x15e/0x2d0 [ 717.188625] ? __might_fault+0xe0/0x190 [ 717.188647] ? find_held_lock+0x2b/0x80 [ 717.188682] ? __might_fault+0x138/0x190 [ 717.188715] do_recvmmsg+0x2c5/0x6f0 [ 717.188751] ? __pfx_do_recvmmsg+0x10/0x10 [ 717.188787] ? ksys_write+0x187/0x240 [ 717.188809] ? lock_release+0xc8/0x270 [ 717.188840] ? __mutex_unlock_slowpath+0x157/0x740 [ 717.188862] ? kernel_write+0x593/0x660 [ 717.188892] ? __fget_files+0x20d/0x3b0 [ 717.188925] __x64_sys_recvmmsg+0x211/0x260 [ 717.188957] ? ksys_write+0x1a3/0x240 [ 717.188977] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 717.189007] ? irqentry_exit+0xee/0x650 [ 717.189027] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 717.189055] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 717.189092] do_syscall_64+0xbf/0x420 [ 717.189119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.189142] RIP: 0033:0x7f4b915d8b19 [ 717.189160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 717.189181] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 717.189205] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 717.189220] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 717.189233] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 717.189246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 717.189259] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 717.189292] 00:51:57 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 21) 00:51:57 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfdfc, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:51:57 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x41000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:51:57 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 28) [ 717.353732] loop6: detected capacity change from 0 to 264192 [ 717.368751] FAULT_INJECTION: forcing a failure. [ 717.368751] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 717.378868] CPU: 1 UID: 0 PID: 6253 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 717.378898] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 717.378910] Call Trace: [ 717.378917] [ 717.378925] dump_stack_lvl+0xfa/0x120 [ 717.378955] should_fail_ex+0x4d7/0x5e0 [ 717.378992] _copy_from_user+0x30/0xd0 [ 717.379026] copy_msghdr_from_user+0x88/0x150 [ 717.379056] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 717.379082] ? __pfx__kstrtoull+0x10/0x10 [ 717.379107] ? kfree+0x2c5/0x5d0 [ 717.379137] ? __lock_acquire+0x451/0x2250 [ 717.379170] ___sys_recvmsg+0xbb/0x190 [ 717.379197] ? __pfx____sys_recvmsg+0x10/0x10 [ 717.379226] ? __pfx_perf_trace_lock+0x10/0x10 [ 717.379258] ? lock_acquire+0x15e/0x2d0 [ 717.379282] ? __might_fault+0xe0/0x190 [ 717.379303] ? find_held_lock+0x2b/0x80 [ 717.379335] ? __might_fault+0x138/0x190 [ 717.379366] do_recvmmsg+0x2c5/0x6f0 [ 717.379399] ? __pfx_do_recvmmsg+0x10/0x10 [ 717.379424] ? ksys_write+0x187/0x240 [ 717.379444] ? lock_release+0xc8/0x270 [ 717.379474] ? __mutex_unlock_slowpath+0x157/0x740 [ 717.379494] ? kernel_write+0x593/0x660 [ 717.379521] ? __fget_files+0x20d/0x3b0 [ 717.379552] __x64_sys_recvmmsg+0x211/0x260 [ 717.379581] ? ksys_write+0x1a3/0x240 [ 717.379600] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 717.379627] ? irqentry_exit+0xee/0x650 [ 717.379645] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 717.379672] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 717.379706] do_syscall_64+0xbf/0x420 [ 717.379731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.379753] RIP: 0033:0x7f8ef3114b19 [ 717.379777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 717.379797] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 717.379818] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 717.379831] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 717.379844] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 717.379856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 717.379868] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 717.379898] 00:51:57 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x80000, &(0x7f0000ff7000/0x4000)=nil) 00:51:57 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) r1 = openat(r0, &(0x7f0000000180)='mnt\x00', 0x10a00, 0x10) fdatasync(r1) getsockopt$IPT_SO_GET_ENTRIES(r1, 0x0, 0x41, &(0x7f0000000000)={'security\x00', 0xdb, "0e6ddf7ed07a9decdf5e9a4db2679f9b828d8e88da1aff5e0ee783c3fcdd8ac7985e0bc1828695dea035303c008d14e610fd1cb3cadb0ba633a768bbe7c36564fe3111b260045514d9165673a6ff61bd1f25f96c89e83b11df5e0caf893645211768601463feccc03a0beec23e5e8b30b1088b6ba557536bf72667229f53a3ad5304eff6447c549698cf57fbdea9acf81926759460eed0080fa8156ad5ca9fbb09c1610160cca8fcabe2439125224dd662e2a02fcaec6d35c90012ee2c282daf2548a7a07d8c59a85ae622e48ae9326846801f68efeb31e2d9b494"}, &(0x7f0000000100)=0xff) mremap(&(0x7f0000ff5000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ff5000/0x1000)=nil) [ 717.533025] FAULT_INJECTION: forcing a failure. [ 717.533025] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:51:58 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x7, 0xf8, 0x3, 0x55, 0x0, 0x81, 0x10000, 0xa, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x400, 0x1, @perf_bp={&(0x7f0000000000), 0x5}, 0x4000, 0xda, 0x2, 0x0, 0x8, 0x0, 0x368c, 0x0, 0x7, 0x0, 0x1b4}, 0xffffffffffffffff, 0x0, r0, 0xb) 00:51:58 executing program 7: mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ff9000/0x1000)=nil) munlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) [ 717.572833] CPU: 0 UID: 0 PID: 6271 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 717.572870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 717.572884] Call Trace: [ 717.572892] [ 717.572902] dump_stack_lvl+0xfa/0x120 [ 717.572937] should_fail_ex+0x4d7/0x5e0 [ 717.572980] _copy_from_user+0x30/0xd0 [ 717.573020] copy_msghdr_from_user+0x88/0x150 [ 717.573054] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 717.573084] ? __pfx__kstrtoull+0x10/0x10 [ 717.573113] ? kfree+0x2c5/0x5d0 [ 717.573147] ? __lock_acquire+0x451/0x2250 [ 717.573184] ___sys_recvmsg+0xbb/0x190 [ 717.573215] ? __pfx____sys_recvmsg+0x10/0x10 [ 717.573248] ? __pfx_perf_trace_lock+0x10/0x10 [ 717.573286] ? lock_acquire+0x15e/0x2d0 [ 717.573313] ? __might_fault+0xe0/0x190 [ 717.573337] ? find_held_lock+0x2b/0x80 [ 717.573373] ? __might_fault+0x138/0x190 [ 717.573408] do_recvmmsg+0x2c5/0x6f0 [ 717.573445] ? __pfx_do_recvmmsg+0x10/0x10 [ 717.573474] ? ksys_write+0x187/0x240 [ 717.573497] ? lock_release+0xc8/0x270 [ 717.573530] ? __mutex_unlock_slowpath+0x157/0x740 [ 717.573553] ? kernel_write+0x593/0x660 [ 717.573584] ? __fget_files+0x20d/0x3b0 [ 717.573619] __x64_sys_recvmmsg+0x211/0x260 [ 717.573652] ? ksys_write+0x1a3/0x240 [ 717.573673] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 717.573704] ? irqentry_exit+0xee/0x650 [ 717.573725] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 717.573755] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 717.573801] do_syscall_64+0xbf/0x420 [ 717.573830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.573855] RIP: 0033:0x7f4b915d8b19 [ 717.573874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 717.573897] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 717.573921] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 717.573937] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 717.573963] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 717.573977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 717.573991] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 717.574024] 00:52:06 executing program 7: ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7}}, './file0\x00'}) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000040)) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil) 00:52:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 22) 00:52:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 29) 00:52:06 executing program 2: fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=@sha1={0x1, "ddc7ed4050e08164c121bb8d0033b726df9827fa"}, 0x15, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000140)=[@acquire={0x40046305, 0x1}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000080)={@flat=@weak_handle={0x77682a85, 0x10b, 0x3}, @flat=@weak_binder={0x77622a85, 0x80}, @flat=@weak_binder={0x77622a85, 0x100a}}, &(0x7f0000000100)={0x0, 0x18, 0x30}}}], 0xd8, 0x0, &(0x7f00000001c0)="39460c25f72c91068b3f5616357ae0414904d91e0636cf95537ebd81089267611fd0c860750925ff1ccd58f932d406eedf080393a0fdcd5db7e9fabc50dffac020dbede68ecab2ca9f3425196beb289f726c9c8d5219cc96b79c88dc16254d0db679c41d328f4dbc2ec6f4cb582f72cfb09f2a68c34caae181b6e2e28cd3ced9778c3fa556673bae08234cfeee9d5e92f8a7e45862896080b0a2dd3432d8f23c779ad225c7a4d6fcd49da40bf0ee43de56713405d8039f8cf97e56cec7135dca0cb8d988c44c02aaabcfe63451c1a971871539e58f19444a"}) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:52:06 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) ioctl$CDROMREADALL(r0, 0x5318, &(0x7f00000003c0)) 00:52:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfdfe, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:06 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xeffdffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:06 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 15) [ 725.911065] FAULT_INJECTION: forcing a failure. [ 725.911065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 725.914882] FAULT_INJECTION: forcing a failure. [ 725.914882] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 725.915894] CPU: 0 UID: 0 PID: 6290 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 725.915910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 725.915919] Call Trace: [ 725.915923] [ 725.915928] dump_stack_lvl+0xfa/0x120 [ 725.915950] should_fail_ex+0x4d7/0x5e0 [ 725.915973] _copy_from_user+0x30/0xd0 [ 725.915994] copy_msghdr_from_user+0x88/0x150 [ 725.916013] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 725.916028] ? __pfx__kstrtoull+0x10/0x10 [ 725.916043] ? kfree+0x2c5/0x5d0 [ 725.916062] ? __lock_acquire+0x451/0x2250 [ 725.916082] ___sys_recvmsg+0xbb/0x190 [ 725.916098] ? __pfx____sys_recvmsg+0x10/0x10 [ 725.916115] ? __pfx_perf_trace_lock+0x10/0x10 [ 725.916135] ? lock_acquire+0x15e/0x2d0 [ 725.916149] ? __might_fault+0xe0/0x190 [ 725.916162] ? find_held_lock+0x2b/0x80 [ 725.916181] ? __might_fault+0x138/0x190 [ 725.916199] do_recvmmsg+0x2c5/0x6f0 [ 725.916219] ? __pfx_do_recvmmsg+0x10/0x10 [ 725.916234] ? ksys_write+0x187/0x240 [ 725.916247] ? lock_release+0xc8/0x270 [ 725.916264] ? __mutex_unlock_slowpath+0x157/0x740 [ 725.916276] ? kernel_write+0x593/0x660 [ 725.916292] ? __fget_files+0x20d/0x3b0 [ 725.916311] __x64_sys_recvmmsg+0x211/0x260 [ 725.916329] ? ksys_write+0x1a3/0x240 [ 725.916340] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 725.916356] ? irqentry_exit+0xee/0x650 [ 725.916368] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 725.916384] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 725.916404] do_syscall_64+0xbf/0x420 [ 725.916419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.916433] RIP: 0033:0x7f4b915d8b19 [ 725.916443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 725.916455] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 725.916468] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 725.916476] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 725.916484] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 725.916491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 725.916498] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 725.916516] [ 725.916530] CPU: 1 UID: 0 PID: 6297 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 725.916567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 725.916582] Call Trace: [ 725.916591] [ 725.916601] dump_stack_lvl+0xfa/0x120 [ 725.916637] should_fail_ex+0x4d7/0x5e0 [ 725.916673] strncpy_from_user+0x3b/0x2f0 [ 725.916702] do_getname+0x70/0x3d0 [ 725.916728] do_sys_openat2+0xa0/0x210 [ 725.916753] ? __pfx_do_sys_openat2+0x10/0x10 [ 725.916797] __x64_sys_openat+0x142/0x200 [ 725.916822] ? __pfx___x64_sys_openat+0x10/0x10 [ 725.916859] do_syscall_64+0xbf/0x420 [ 725.916882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.916902] RIP: 0033:0x7fcf605ffa04 [ 725.916917] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 725.916936] RSP: 002b:00007fcf5dbc1ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 725.916955] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffa04 [ 725.916967] RDX: 0000000000000002 RSI: 00007fcf5dbc2000 RDI: 00000000ffffff9c [ 725.916979] RBP: 00007fcf5dbc2000 R08: 0000000000000000 R09: ffffffffffffffff [ 725.916991] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 725.917002] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 725.917028] 00:52:06 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:52:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 23) 00:52:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfe00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 725.974704] FAULT_INJECTION: forcing a failure. [ 725.974704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 725.976626] CPU: 1 UID: 0 PID: 6300 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 725.976650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 725.976662] Call Trace: [ 725.976669] [ 725.976676] dump_stack_lvl+0xfa/0x120 [ 725.976704] should_fail_ex+0x4d7/0x5e0 [ 725.976738] _copy_from_user+0x30/0xd0 [ 725.976776] copy_msghdr_from_user+0x88/0x150 [ 725.976803] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 725.976827] ? __pfx__kstrtoull+0x10/0x10 [ 725.976850] ? kfree+0x2c5/0x5d0 [ 725.976877] ? __lock_acquire+0x451/0x2250 [ 725.976907] ___sys_recvmsg+0xbb/0x190 [ 725.976931] ? __pfx____sys_recvmsg+0x10/0x10 [ 725.976957] ? __pfx_perf_trace_lock+0x10/0x10 [ 725.976987] ? lock_acquire+0x15e/0x2d0 [ 725.977008] ? __might_fault+0xe0/0x190 [ 725.977027] ? find_held_lock+0x2b/0x80 [ 725.977056] ? __might_fault+0x138/0x190 [ 725.977083] do_recvmmsg+0x2c5/0x6f0 [ 725.977113] ? __pfx_do_recvmmsg+0x10/0x10 [ 725.977136] ? ksys_write+0x187/0x240 [ 725.977154] ? lock_release+0xc8/0x270 [ 725.977181] ? __mutex_unlock_slowpath+0x157/0x740 [ 725.977199] ? kernel_write+0x593/0x660 [ 725.977224] ? __fget_files+0x20d/0x3b0 [ 725.977252] __x64_sys_recvmmsg+0x211/0x260 [ 725.977278] ? ksys_write+0x1a3/0x240 [ 725.977295] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 725.977320] ? irqentry_exit+0xee/0x650 [ 725.977337] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 725.977361] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 725.977392] do_syscall_64+0xbf/0x420 [ 725.977414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.977434] RIP: 0033:0x7f8ef3114b19 [ 725.977449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 725.977467] RSP: 002b:00007f8ef0669188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 725.977485] RAX: ffffffffffffffda RBX: 00007f8ef3228020 RCX: 00007f8ef3114b19 [ 725.977498] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 725.977509] RBP: 00007f8ef06691d0 R08: 0000000000000000 R09: 0000000000000000 [ 725.977521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 725.977532] R13: 00007ffe3438f3ff R14: 00007f8ef0669300 R15: 0000000000022000 [ 725.977564] 00:52:06 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 30) 00:52:06 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfcfdffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 726.059455] FAULT_INJECTION: forcing a failure. [ 726.059455] name failslab, interval 1, probability 0, space 0, times 0 [ 726.061189] CPU: 1 UID: 0 PID: 6309 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 726.061213] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 726.061225] Call Trace: [ 726.061231] [ 726.061239] dump_stack_lvl+0xfa/0x120 [ 726.061268] should_fail_ex+0x4d7/0x5e0 [ 726.061306] ? alloc_empty_file+0x58/0x1e0 [ 726.061329] should_failslab+0xc2/0x120 [ 726.061351] kmem_cache_alloc_noprof+0x80/0x760 [ 726.061378] ? __is_insn_slot_addr+0x136/0x290 [ 726.061401] ? lock_release+0xc8/0x270 [ 726.061430] ? alloc_empty_file+0x58/0x1e0 [ 726.061451] alloc_empty_file+0x58/0x1e0 [ 726.061476] path_openat+0xee/0x2d60 [ 726.061496] ? __kernel_text_address+0xd/0x40 [ 726.061521] ? unwind_get_return_address+0x59/0xa0 [ 726.061541] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 726.061567] ? arch_stack_walk+0x9c/0xf0 [ 726.061599] ? __pfx_path_openat+0x10/0x10 [ 726.061620] ? perf_trace_lock+0xbb/0x4f0 [ 726.061644] ? __lock_acquire+0x451/0x2250 [ 726.061674] do_file_open+0x209/0x460 [ 726.061693] ? __pfx_do_file_open+0x10/0x10 [ 726.061724] ? find_held_lock+0x2b/0x80 [ 726.061753] ? alloc_fd+0x2c1/0x560 [ 726.061779] ? lock_release+0xc8/0x270 [ 726.061805] ? _raw_spin_unlock+0x1e/0x40 [ 726.061831] ? alloc_fd+0x2c1/0x560 [ 726.061859] do_sys_openat2+0xe7/0x210 [ 726.061883] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.061920] __x64_sys_openat+0x142/0x200 [ 726.061945] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.061982] do_syscall_64+0xbf/0x420 [ 726.062005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.062024] RIP: 0033:0x7fcf605ffa04 [ 726.062049] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 726.062067] RSP: 002b:00007fcf5dbc1ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 726.062086] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffa04 [ 726.062098] RDX: 0000000000000002 RSI: 00007fcf5dbc2000 RDI: 00000000ffffff9c [ 726.062110] RBP: 00007fcf5dbc2000 R08: 0000000000000000 R09: ffffffffffffffff [ 726.062122] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 726.062133] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 726.062160] [ 726.088296] FAULT_INJECTION: forcing a failure. [ 726.088296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 726.094117] CPU: 0 UID: 0 PID: 6305 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 726.094135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 726.094144] Call Trace: [ 726.094149] [ 726.094154] dump_stack_lvl+0xfa/0x120 [ 726.094177] should_fail_ex+0x4d7/0x5e0 [ 726.094202] _copy_from_user+0x30/0xd0 [ 726.094224] copy_msghdr_from_user+0x88/0x150 [ 726.094243] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 726.094259] ? __pfx__kstrtoull+0x10/0x10 [ 726.094275] ? kfree+0x2c5/0x5d0 [ 726.094294] ? __lock_acquire+0x451/0x2250 [ 726.094315] ___sys_recvmsg+0xbb/0x190 [ 726.094331] ? __pfx____sys_recvmsg+0x10/0x10 [ 726.094348] ? __pfx_perf_trace_lock+0x10/0x10 [ 726.094368] ? lock_acquire+0x15e/0x2d0 [ 726.094383] ? __might_fault+0xe0/0x190 [ 726.094396] ? find_held_lock+0x2b/0x80 [ 726.094415] ? __might_fault+0x138/0x190 [ 726.094433] do_recvmmsg+0x2c5/0x6f0 [ 726.094453] ? __pfx_do_recvmmsg+0x10/0x10 [ 726.094468] ? ksys_write+0x187/0x240 [ 726.094481] ? lock_release+0xc8/0x270 [ 726.094498] ? __mutex_unlock_slowpath+0x157/0x740 [ 726.094511] ? kernel_write+0x593/0x660 [ 726.094528] ? __fget_files+0x20d/0x3b0 [ 726.094547] __x64_sys_recvmmsg+0x211/0x260 [ 726.094565] ? ksys_write+0x1a3/0x240 [ 726.094576] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 726.094592] ? irqentry_exit+0xee/0x650 [ 726.094604] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 726.094620] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 726.094640] do_syscall_64+0xbf/0x420 [ 726.094655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.094669] RIP: 0033:0x7f4b915d8b19 [ 726.094680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 726.094691] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 726.094704] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 726.094713] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 726.094720] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 726.094728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 726.094735] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 726.094753] 00:52:06 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfefd, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:06 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 16) [ 726.176666] FAULT_INJECTION: forcing a failure. [ 726.176666] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 726.194320] CPU: 1 UID: 0 PID: 6316 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 726.194348] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 726.194360] Call Trace: [ 726.194367] [ 726.194374] dump_stack_lvl+0xfa/0x120 [ 726.194404] should_fail_ex+0x4d7/0x5e0 [ 726.194439] _copy_from_user+0x30/0xd0 [ 726.194471] copy_msghdr_from_user+0x88/0x150 [ 726.194499] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 726.194523] ? __pfx__kstrtoull+0x10/0x10 [ 726.194546] ? kfree+0x2c5/0x5d0 [ 726.194573] ? __lock_acquire+0x451/0x2250 [ 726.194603] ___sys_recvmsg+0xbb/0x190 [ 726.194628] ? __pfx____sys_recvmsg+0x10/0x10 [ 726.194654] ? __pfx_perf_trace_lock+0x10/0x10 [ 726.194683] ? lock_acquire+0x15e/0x2d0 [ 726.194704] ? __might_fault+0xe0/0x190 [ 726.194724] ? find_held_lock+0x2b/0x80 [ 726.194753] ? __might_fault+0x138/0x190 [ 726.194787] do_recvmmsg+0x2c5/0x6f0 [ 726.194821] ? __pfx_do_recvmmsg+0x10/0x10 [ 726.194843] ? ksys_write+0x187/0x240 [ 726.194861] ? lock_release+0xc8/0x270 [ 726.194888] ? __mutex_unlock_slowpath+0x157/0x740 [ 726.194906] ? kernel_write+0x593/0x660 [ 726.194930] ? __fget_files+0x20d/0x3b0 [ 726.194958] __x64_sys_recvmmsg+0x211/0x260 [ 726.194985] ? ksys_write+0x1a3/0x240 [ 726.195002] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 726.195027] ? irqentry_exit+0xee/0x650 [ 726.195044] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 726.195068] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 726.195099] do_syscall_64+0xbf/0x420 [ 726.195121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.195140] RIP: 0033:0x7f8ef3114b19 [ 726.195156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 726.195173] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 726.195192] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 726.195204] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 726.195215] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 726.195226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 726.195237] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 726.195264] 00:52:17 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfefdffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:17 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r0 = clone3(&(0x7f00000003c0)={0x1000800, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x5}, &(0x7f0000000140)=""/191, 0xbf, &(0x7f0000000200)=""/142, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r1) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x8, 0x9, 0x9, 0xf0, 0x0, 0x4d2a9165, 0x40, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_config_ext={0x3, 0x7}, 0x1a400, 0x100000001, 0x0, 0x3, 0xe0, 0x3f, 0x0, 0x0, 0x3, 0x0, 0x3}, r0, 0xd, r1, 0x0) fdatasync(0xffffffffffffffff) 00:52:17 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x80000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:17 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 17) 00:52:17 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 31) 00:52:17 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 24) 00:52:17 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = pkey_alloc(0x0, 0x4) pkey_mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000002, r0) pkey_mprotect(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1, r0) [ 737.440226] loop6: detected capacity change from 0 to 264192 [ 737.449580] FAULT_INJECTION: forcing a failure. [ 737.449580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 737.451488] CPU: 1 UID: 0 PID: 6334 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 737.451519] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 737.451533] Call Trace: [ 737.451542] [ 737.451551] dump_stack_lvl+0xfa/0x120 [ 737.451584] should_fail_ex+0x4d7/0x5e0 [ 737.451628] _copy_from_user+0x30/0xd0 [ 737.451667] copy_msghdr_from_user+0x88/0x150 [ 737.451702] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 737.451732] ? __pfx__kstrtoull+0x10/0x10 [ 737.451768] ? kfree+0x2c5/0x5d0 [ 737.451803] ? __lock_acquire+0x451/0x2250 [ 737.451840] ___sys_recvmsg+0xbb/0x190 [ 737.451872] ? __pfx____sys_recvmsg+0x10/0x10 [ 737.451906] ? __pfx_perf_trace_lock+0x10/0x10 [ 737.451943] ? lock_acquire+0x15e/0x2d0 [ 737.451971] ? __might_fault+0xe0/0x190 [ 737.451995] ? find_held_lock+0x2b/0x80 [ 737.452032] ? __might_fault+0x138/0x190 [ 737.452067] do_recvmmsg+0x2c5/0x6f0 [ 737.452106] ? __pfx_do_recvmmsg+0x10/0x10 [ 737.452135] ? ksys_write+0x187/0x240 [ 737.452158] ? lock_release+0xc8/0x270 [ 737.452192] ? __mutex_unlock_slowpath+0x157/0x740 [ 737.452215] ? kernel_write+0x593/0x660 [ 737.452248] ? __fget_files+0x20d/0x3b0 [ 737.452283] __x64_sys_recvmmsg+0x211/0x260 [ 737.452317] ? ksys_write+0x1a3/0x240 [ 737.452338] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 737.452370] ? irqentry_exit+0xee/0x650 [ 737.452392] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 737.452422] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 737.452462] do_syscall_64+0xbf/0x420 [ 737.452491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.452516] RIP: 0033:0x7f4b915d8b19 [ 737.452535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 737.452557] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 737.452582] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 737.452598] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 737.452612] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 737.452626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 737.452640] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 737.452674] [ 737.505746] FAULT_INJECTION: forcing a failure. [ 737.505746] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:52:18 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x2, &(0x7f0000c14000/0x4000)=nil) [ 737.517847] CPU: 0 UID: 0 PID: 6339 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 737.517875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 737.517888] Call Trace: [ 737.517894] [ 737.517902] dump_stack_lvl+0xfa/0x120 [ 737.517932] should_fail_ex+0x4d7/0x5e0 [ 737.517968] _copy_from_user+0x30/0xd0 [ 737.518001] copy_msghdr_from_user+0x88/0x150 [ 737.518030] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 737.518054] ? __pfx__kstrtoull+0x10/0x10 [ 737.518078] ? kfree+0x2c5/0x5d0 [ 737.518107] ? __lock_acquire+0x451/0x2250 [ 737.518137] ___sys_recvmsg+0xbb/0x190 [ 737.518173] ? __pfx____sys_recvmsg+0x10/0x10 [ 737.518201] ? __pfx_perf_trace_lock+0x10/0x10 [ 737.518231] ? lock_acquire+0x15e/0x2d0 [ 737.518254] ? __might_fault+0xe0/0x190 [ 737.518273] ? find_held_lock+0x2b/0x80 [ 737.518303] ? __might_fault+0x138/0x190 [ 737.518331] do_recvmmsg+0x2c5/0x6f0 [ 737.518363] ? __pfx_do_recvmmsg+0x10/0x10 [ 737.518386] ? ksys_write+0x187/0x240 [ 737.518405] ? lock_release+0xc8/0x270 [ 737.518432] ? __mutex_unlock_slowpath+0x157/0x740 [ 737.518451] ? kernel_write+0x593/0x660 [ 737.518477] ? __fget_files+0x20d/0x3b0 [ 737.518506] __x64_sys_recvmmsg+0x211/0x260 [ 737.518533] ? ksys_write+0x1a3/0x240 [ 737.518550] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 737.518576] ? irqentry_exit+0xee/0x650 [ 737.518594] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 737.518618] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 737.518650] do_syscall_64+0xbf/0x420 [ 737.518673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.518693] RIP: 0033:0x7f8ef3114b19 [ 737.518709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 737.518726] RSP: 002b:00007f8ef0669188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 737.518746] RAX: ffffffffffffffda RBX: 00007f8ef3228020 RCX: 00007f8ef3114b19 [ 737.518765] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 737.518777] RBP: 00007f8ef06691d0 R08: 0000000000000000 R09: 0000000000000000 [ 737.518788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 737.518800] R13: 00007ffe3438f3ff R14: 00007f8ef0669300 R15: 0000000000022000 [ 737.518828] 00:52:18 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = perf_event_open(&(0x7f0000000f00)={0x1, 0x80, 0x3, 0x1, 0x2, 0x4f, 0x0, 0x5, 0x100, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, @perf_config_ext={0x5, 0x8}, 0x41, 0x3, 0x6, 0xb, 0x3, 0xffff, 0x5, 0x0, 0x8, 0x0, 0xfffffffeffffffff}, 0x0, 0x5, 0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r4, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000013c0)=[{{&(0x7f0000000640)=@file={0x1, 'mnt\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f00000006c0)="0ae8a339924abe9490eef85469b0892b9878306c3aa50786573a39e6c284700ded119641e4b54d75a719a1761f0e3dc15309b97daf8756c3c752552e6d512baf9ff7ea38b1cc89063794634a69afb715657a1735d3be201376660bfe031e775bd79f0a61bbbc7084d384", 0x6a}], 0x1, &(0x7f0000000b40)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYRES32=r1, @ANYBLOB="24000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32=r0, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYBLOB="0000000030000000000010edfb8900004e1e5eca4ac27e9d077e3f83d300000000000202009200483a759240e60104169bda3184ccf56faf2f6f3ad9b016220a320fabce72331dfe730f5a18dc2b43507e1ad646a0a8b3dc6336984f91a53188a336a45746686106fe16a8b9d747597f4460bf4d2b83f4eeed0d0474cac837cddf4e7af87d06d03d33562ba1f45e512402adb697b95415216e375f17c84394239e82608aba906774fedd9b3e1611de0a7304211eb6563469f94eb657797763c166c5e1c722d11659f5d145ebae20a7b3f53fffeab80e90f62f8c81c4f36f35d7185d9d2fd6d8cc02a4bca0b0f3af90090149a50c345fd527a9be568773a2f81db478746bc47b9c9d181ed781f0dbdec49e06c0c76c35618e18ff0f03701640cedb7e8ff82c2fedd05feacfd7080a7a3c1fbb007eb9e5b592767f2660a552e909f7f4425fd9c1da4df70a0e255e652911cc4250a26c94af4beb8328b125fc1fc6d28ca22953925a0041e60fb8cfc255dce0a4de2632bee9f8e1ff4ec9165c097c1981cc15e8a54e37decedd0b247d7dc05ff006d810d6cf9f5d6ffde90fb37516a4a694813ad43aae6ae6813b8b04347be8ab95f1882739463278268621431d333af47cae49dc4391254161d2fb14462daca55284209f705628a606aa765c29b942d1515565a7511a13c5593803cdb294b5e60aa5ef9da5dda21b9c741f82538136b26b70edead4e9d659", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee00, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x100, 0x20040895}}, {{&(0x7f0000000940)=@file={0x0, 'mnt\x00'}, 0x6e, &(0x7f0000000ac0)=[{&(0x7f00000009c0)="8d46205036871438900b75", 0xb}, {&(0x7f0000000a00)="3b7174cfe7fecf33241942adc1f38d6038e163bbf6c9772fa2f78fb84281ea978bbf527f13a48b601bfab2828edd31b41318bb9a77b337d07104774f45e28e887209361b619141209936df875ce956318c1d17bd96de44d0c965d162afa7810bfc4e0ca567d0727f9e283ff8b38e2ed10ef1efc0cc160dd93f9e97949b5385186d61aad676efb450143f4769d8b28891b76e5e8673fb6daa6603ba8cc76cf125a6e4652d782975fa4a13136f7fe6ca34e739ff27202583853f9b6b672a", 0xbd}], 0x2, &(0x7f0000000f80)=[@rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x14, 0x1, 0x1, [r1]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r1, r1]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, r1, r1, 0xffffffffffffffff, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, r1, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @rights={{0x18, 0x1, 0x1, [r2, r4]}}], 0x118, 0x4}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000010c0)="e41bbaf41a56e5c8b77ffcbc596f41b7ff6600be6ea5b8911c79e409f290e315d175477248476d4ce16e5aafa5b854bec16064f4d66420d2ed4ca56cc8b3506c539df45e1845d127b481d4f8212d6b2f74b321894ee16ee1c7226d825c1a5db94078b77f7e2f000ca37047ad7466898e1c3c010012497deee0b8e530a72fb57c06d37ae006", 0x85}, {&(0x7f0000001180)="36d33df608d422b4d4ac7e6251b78a2d89c2bbed6b0bfa34bfd465dd6a1746a5105f0b3f107a5ae93b1482f5ba999452840817cd6f5729560dc103cf870d18eb4dca209d6b47d839beb216673d685fea48e2949fbb1b74484335f3a8288cf5a9c43a7333606a269daf40aa4efc5e098882a89a02d88081f9acbd7a10b51480002ec4a270970ec2b9cf1ada7e8a2d3c16a2feaa01e0fd8166b0703cb036a32d7ca4d349d6a21540302a18345bb6a7d7de9e5e895fa299e923b3855ed6662630f302820a9c896158833de479d4c97610f8d47902052add7a0b6eb2a122", 0xdc}, {&(0x7f0000001280)="f653e4ee5e7741d9bb811e0350e9edd865e2dd9635558f5dfe6656f61a7d3491f263160a53017d71a88e60e34c2f2186f39a48c5d324ff11c32bedd8fe7a8ff2f5f4cdce414853b883089a040edbde5b7612f5286b65dbecb8b35ac12f0aea26f8c74c934358870fc85f507df41d92795b3143d1dbf46d358591487cbaa9ef75b0536dacd1310e91aab4f8db88620ecb042b593e164b484d8eb3af9cadd30f82f6feda497f1d0272835defc61d6a09a122ec670982effe0e2d376aeba4bcd73215e9671421bf0ee76b00b529970d04f15d4520b4b74898b0d61df598c494fadde1208d8ef37de4ef819c0128f6f304f35a14e59c5b3795e63d9ff8", 0xfb}], 0x3, 0x0, 0x0, 0x48804}}], 0x3, 0x24000050) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r7, r8, 0x0) recvmmsg$unix(r7, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) dup3(r7, r6, 0x0) recvmmsg$unix(r5, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) dup3(r5, r1, 0x0) recvmmsg$unix(r6, &(0x7f0000000580)=[{{&(0x7f0000000000), 0x6e, &(0x7f0000000480)=[{&(0x7f0000000080)=""/130, 0x82}, {&(0x7f0000000180)=""/187, 0xbb}, {&(0x7f0000000240)=""/183, 0xb7}, {&(0x7f0000000300)=""/47, 0x2f}, {&(0x7f0000000340)=""/214, 0xd6}, {&(0x7f0000000440)=""/60, 0x3c}], 0x6, &(0x7f0000000500)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x70}}], 0x1, 0x0, &(0x7f00000005c0)={0x77359400}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x812e7000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r9, r10, 0x0) r11 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r11) setsockopt$inet_udp_encap(r11, 0x11, 0x64, &(0x7f0000000600)=0x2, 0x4) dup3(r10, r0, 0x0) 00:52:18 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 25) [ 737.640179] FAULT_INJECTION: forcing a failure. [ 737.640179] name failslab, interval 1, probability 0, space 0, times 0 [ 737.641530] CPU: 0 UID: 0 PID: 6348 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 737.641553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 737.641564] Call Trace: [ 737.641570] [ 737.641577] dump_stack_lvl+0xfa/0x120 [ 737.641604] should_fail_ex+0x4d7/0x5e0 [ 737.641636] ? security_file_alloc+0x35/0x130 [ 737.641656] should_failslab+0xc2/0x120 [ 737.641677] kmem_cache_alloc_noprof+0x80/0x760 [ 737.641703] ? __create_object+0x59/0x80 00:52:18 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfeffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 737.641733] ? security_file_alloc+0x35/0x130 [ 737.641751] security_file_alloc+0x35/0x130 [ 737.641776] init_file+0x95/0x480 [ 737.641799] alloc_empty_file+0x76/0x1e0 [ 737.641823] path_openat+0xee/0x2d60 [ 737.641842] ? __kernel_text_address+0xd/0x40 [ 737.641866] ? unwind_get_return_address+0x59/0xa0 [ 737.641885] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 737.641910] ? arch_stack_walk+0x9c/0xf0 [ 737.641940] ? __pfx_path_openat+0x10/0x10 [ 737.641959] ? perf_trace_lock+0xbb/0x4f0 [ 737.641982] ? __lock_acquire+0x451/0x2250 [ 737.642012] do_file_open+0x209/0x460 [ 737.642030] ? __pfx_do_file_open+0x10/0x10 [ 737.642059] ? find_held_lock+0x2b/0x80 [ 737.642086] ? alloc_fd+0x2c1/0x560 [ 737.642104] ? lock_release+0xc8/0x270 [ 737.642129] ? _raw_spin_unlock+0x1e/0x40 [ 737.642154] ? alloc_fd+0x2c1/0x560 [ 737.642190] do_sys_openat2+0xe7/0x210 [ 737.642213] ? __pfx_do_sys_openat2+0x10/0x10 [ 737.642248] __x64_sys_openat+0x142/0x200 [ 737.642271] ? __pfx___x64_sys_openat+0x10/0x10 [ 737.642306] do_syscall_64+0xbf/0x420 [ 737.642328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.642346] RIP: 0033:0x7fcf605ffa04 [ 737.642360] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 737.642378] RSP: 002b:00007fcf5dbc1ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 737.642395] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf605ffa04 [ 737.642408] RDX: 0000000000000002 RSI: 00007fcf5dbc2000 RDI: 00000000ffffff9c [ 737.642419] RBP: 00007fcf5dbc2000 R08: 0000000000000000 R09: ffffffffffffffff [ 737.642430] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 737.642440] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 737.642465] 00:52:18 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffdef, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:18 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 32) 00:52:18 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 18) 00:52:18 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001240)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001200)={&(0x7f0000001140)={{0x14}, [@NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x101, 0x0, 0x0, {}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_DATA={0x4}}, @NFT_MSG_DELCHAIN={0x14}], {0x14}}, 0x54}}, 0x0) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000005c0)={'ip6gre0\x00', &(0x7f0000000540)={'sit0\x00', r2, 0x4, 0x3, 0x74, 0x1, 0x72, @private0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x700, 0x4, 0x100}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000680)={'sit0\x00', &(0x7f0000000600)={'syztnl1\x00', r2, 0x29, 0x76, 0x98, 0x9, 0x9, @remote, @mcast1, 0x8001, 0x10, 0x0, 0x7cb}}) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000d00)={&(0x7f00000006c0)={0x63c, r3, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x290, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x101}, @ETHTOOL_A_BITSET_VALUE={0xbe, 0x4, "5c28405fffae191d5c6521628641ad6db2582771b61479b612e3f454052b53fd3367a70a305aa47ca86f5b26638891f0b076b9eca822ee0e3dffb02e13502e0cd102daa377b5d276cd94e97815ae8ee7702ef040932c00b0b215d9010dc62072decfd3cfed655ec3642ca7cbe718706f361874bd770c5ba2121f9c1f2894493ea51f1817cea5ebf995a535b099df92601ddf67eae178cb781237f9e0d48e397cf6b92bf56f25cf666b05c0d03f2839625941ff4ec4e7cfcd69d3"}, @ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_BITS={0x150, 0x3, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '@\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '-\\%\xf2\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, 'H\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xdbe}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc0b}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '*-\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6c7f}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '%/)&-]+\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\x1e/(!%\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffff}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '[\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffff7c1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '\'@)\\\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x200}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8000}, @ETHTOOL_A_BITSET_VALUE={0x5d, 0x4, "5c43471a15ae4675b3246ff366ffc3bd3100592725fcdfdb4d2265f7a0a278df935ca9dd3f6561c408cc423882dbea7d8f5734294883f1299ab7f0236be2f5e4fc3942d6bd84dc8fde8a6f5f4f1061483b45618471112b7a7f"}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x1f8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x64, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7dca}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'sit0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3ff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0x88}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x80000000}, @ETHTOOL_A_BITSET_MASK={0xa2, 0x5, "f42b41cf1dcdfe264de17cfdd031c824475ad44b1e23493cd7eec18421d47b5e26a7c83346628a0ed5a1f46fa6d6dabd1e2e339c87bfea586acf4e2ede235d3d9833a0b7dfa07ad7305b8b882f063d0b6a4d4a15426c896b49acaa2c3fa3aff622e4a7a2d9cc3d8bc70c97b4c10ae6111a0a40b386a84194081dd7b71e39581b407989a3ebd3dfc74d0dc72f6e2f12671325402d387d730516f5bf340e3a"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7f}, @ETHTOOL_A_BITSET_BITS={0x4c, 0x3, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '*^%,\xe8&^)\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '@\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '@\x00'}]}]}]}, @ETHTOOL_A_DEBUG_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xd4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}, @ETHTOOL_A_BITSET_MASK={0xba, 0x5, "d447c6cc48bca2c1d1d7f41c396d42d46a096078b2a083fcaf35f1a6407e4ddcf3bab5dccb8d614d6d8f69ae0f7de96d9173e32cf8ceb78483710b9abcf7dd52ec819d0f1bdea219895e75479a130e9d29ebbdb53aaa6e97ad3d5a0e1ec720ea0744e12405c29a2a1906612eeceb214edf7d6a479d8adffce89282ea6e21d6bfa18f62127dc356eff1745c8fc725206b7ce41c8dcf44a56e8e73093749a0df0d723979d0ab0cff936f0c4296e887164494735a910583"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}, @ETHTOOL_A_DEBUG_HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x38, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x2a, 0x4, "6ad910151609a57c5599f492603bb974967371b2d0b677b769a6c1310eae7eb19e4e17fe9d55"}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x63c}, 0x1, 0x0, 0x0, 0x4}, 0x4040) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000180)={@dev, r2}, 0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x4, 0x20, 0x30, 0x1, 0x40, @mcast2, @remote, 0x8000, 0x8, 0x1, 0x1}}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000140)={{{@in=@empty, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@empty}}, &(0x7f0000000240)=0xe8) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r9 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r8, 0x29, 0x32, &(0x7f0000000180)={@dev, r10}, 0x14) sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="98010000", @ANYRES16=0x0, @ANYBLOB="080025bd7000fedbdf250b00000014000180080003000200000008000300030000003400018008000100", @ANYRES32=0x0, @ANYBLOB="14000200697036677265746170300000000000001400020076657468305f6d616376746170000000200001800800030001000000140002006d6163766c616e3000000000000000002800018008000100", @ANYRES32=r2, @ANYBLOB="140002006361696630000000000000000000000008000300010000002800018008000100", @ANYRES32=0x0, @ANYBLOB="080003000200000014000200697036746e6c300000000000000000007800018008000100", @ANYRES32=0x0, @ANYBLOB="0800030000000000080003000100000008000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="140002006e72300000252944c6000000000000001400020069ba6c5f76746930000000030000000000314e2d791431", @ANYRES32=r7, @ANYBLOB="1400020076657468305f746f5f627269646765004000018008000100", @ANYRES32=0x0, @ANYBLOB="080003000200000008000100", @ANYRES32=r10, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f746f5f6873720000000008000300030000001400018008000300020000000800030001000000"], 0x198}, 0x1, 0x0, 0x0, 0x2008100}, 0x4000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000000)=0x6, 0x81, 0x1) [ 737.836000] FAULT_INJECTION: forcing a failure. [ 737.836000] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 737.852864] CPU: 1 UID: 0 PID: 6360 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 737.852899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 737.852913] Call Trace: [ 737.852922] [ 737.852931] dump_stack_lvl+0xfa/0x120 [ 737.852966] should_fail_ex+0x4d7/0x5e0 [ 737.853008] _copy_from_user+0x30/0xd0 [ 737.853047] copy_msghdr_from_user+0x88/0x150 [ 737.853081] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 737.853112] ? __pfx__kstrtoull+0x10/0x10 [ 737.853141] ? kfree+0x2c5/0x5d0 [ 737.853175] ? __lock_acquire+0x451/0x2250 [ 737.853212] ___sys_recvmsg+0xbb/0x190 [ 737.853244] ? __pfx____sys_recvmsg+0x10/0x10 [ 737.853277] ? __pfx_perf_trace_lock+0x10/0x10 [ 737.853314] ? lock_acquire+0x15e/0x2d0 [ 737.853342] ? __might_fault+0xe0/0x190 [ 737.853366] ? find_held_lock+0x2b/0x80 [ 737.853403] ? __might_fault+0x138/0x190 [ 737.853440] do_recvmmsg+0x2c5/0x6f0 [ 737.853478] ? __pfx_do_recvmmsg+0x10/0x10 [ 737.853507] ? ksys_write+0x187/0x240 [ 737.853530] ? lock_release+0xc8/0x270 [ 737.853564] ? __mutex_unlock_slowpath+0x157/0x740 [ 737.853588] ? kernel_write+0x593/0x660 [ 737.853620] ? __fget_files+0x20d/0x3b0 [ 737.853655] __x64_sys_recvmmsg+0x211/0x260 [ 737.853688] ? ksys_write+0x1a3/0x240 [ 737.853710] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 737.853742] ? irqentry_exit+0xee/0x650 [ 737.853763] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 737.853794] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 737.853834] do_syscall_64+0xbf/0x420 [ 737.853862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.853887] RIP: 0033:0x7f4b915d8b19 [ 737.853907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 737.853931] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 737.853956] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 737.853972] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 737.853987] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 737.854001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 737.854015] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 737.854049] [ 737.908325] FAULT_INJECTION: forcing a failure. [ 737.908325] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 737.909899] CPU: 0 UID: 0 PID: 6363 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 737.909919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 737.909928] Call Trace: [ 737.909934] [ 737.909940] dump_stack_lvl+0xfa/0x120 [ 737.909964] should_fail_ex+0x4d7/0x5e0 [ 737.909992] _copy_from_user+0x30/0xd0 [ 737.910017] copy_msghdr_from_user+0x88/0x150 [ 737.910039] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 737.910058] ? __pfx__kstrtoull+0x10/0x10 [ 737.910077] ? kfree+0x2c5/0x5d0 [ 737.910098] ? __lock_acquire+0x451/0x2250 [ 737.910123] ___sys_recvmsg+0xbb/0x190 [ 737.910142] ? __pfx____sys_recvmsg+0x10/0x10 [ 737.910172] ? __pfx_perf_trace_lock+0x10/0x10 [ 737.910200] ? lock_acquire+0x15e/0x2d0 [ 737.910217] ? __might_fault+0xe0/0x190 [ 737.910232] ? find_held_lock+0x2b/0x80 [ 737.910255] ? __might_fault+0x138/0x190 [ 737.910277] do_recvmmsg+0x2c5/0x6f0 [ 737.910300] ? __pfx_do_recvmmsg+0x10/0x10 [ 737.910318] ? ksys_write+0x187/0x240 [ 737.910333] ? lock_release+0xc8/0x270 [ 737.910354] ? __mutex_unlock_slowpath+0x157/0x740 [ 737.910368] ? kernel_write+0x593/0x660 [ 737.910387] ? __fget_files+0x20d/0x3b0 [ 737.910410] __x64_sys_recvmmsg+0x211/0x260 [ 737.910430] ? ksys_write+0x1a3/0x240 [ 737.910444] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 737.910463] ? irqentry_exit+0xee/0x650 [ 737.910476] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 737.910495] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 737.910519] do_syscall_64+0xbf/0x420 [ 737.910537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.910552] RIP: 0033:0x7f8ef3114b19 [ 737.910565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 737.910579] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 737.910594] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 737.910604] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 737.910613] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 737.910622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 737.910630] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 737.910651] 00:52:29 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x44000, 0x0) syz_io_uring_setup(0x5a29, &(0x7f0000000040)={0x0, 0xa47c, 0x1, 0x2, 0x30c, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) madvise(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x16) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000ffa000/0x4000)=nil) 00:52:29 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 26) 00:52:29 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 33) 00:52:29 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 19) 00:52:29 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffdfc, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:29 executing program 7: ptrace(0x4207, 0xffffffffffffffff) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:52:29 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:29 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x33d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) connect$netlink(r0, &(0x7f0000000040)=@unspec, 0xc) r1 = fsmount(r0, 0x1, 0x8d) fdatasync(0xffffffffffffffff) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) sendto$packet(r2, &(0x7f0000000100)="54e7c23c5683a1edaf7df411e92bdc08e19334dc36c2340bd23afa8669e9483b0b6a0c7b376855073bb06066457fa6efd92c2186a5c67d743945ad11b218d8d93f068fc4e9d2f3c73ab97f69215c9a4ed52f6227f1", 0x55, 0x84, &(0x7f0000000180)={0x11, 0xf7, 0x0, 0x1, 0x3}, 0x14) close(r1) [ 748.833401] loop6: detected capacity change from 0 to 264192 [ 748.836196] FAULT_INJECTION: forcing a failure. [ 748.836196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 748.843960] CPU: 0 UID: 0 PID: 6385 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 748.843994] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 748.844008] Call Trace: [ 748.844017] [ 748.844026] dump_stack_lvl+0xfa/0x120 [ 748.844061] should_fail_ex+0x4d7/0x5e0 [ 748.844104] _copy_from_user+0x30/0xd0 [ 748.844144] copy_msghdr_from_user+0x88/0x150 [ 748.844178] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 748.844208] ? __pfx__kstrtoull+0x10/0x10 [ 748.844237] ? kfree+0x2c5/0x5d0 [ 748.844271] ? __lock_acquire+0x451/0x2250 [ 748.844307] ___sys_recvmsg+0xbb/0x190 [ 748.844338] ? __pfx____sys_recvmsg+0x10/0x10 [ 748.844371] ? __pfx_perf_trace_lock+0x10/0x10 [ 748.844408] ? lock_acquire+0x15e/0x2d0 [ 748.844435] ? __might_fault+0xe0/0x190 [ 748.844459] ? find_held_lock+0x2b/0x80 [ 748.844495] ? __might_fault+0x138/0x190 [ 748.844529] do_recvmmsg+0x2c5/0x6f0 [ 748.844567] ? __pfx_do_recvmmsg+0x10/0x10 [ 748.844595] ? ksys_write+0x187/0x240 [ 748.844617] ? lock_release+0xc8/0x270 [ 748.844653] ? __mutex_unlock_slowpath+0x157/0x740 [ 748.844678] ? kernel_write+0x593/0x660 [ 748.844709] ? __fget_files+0x20d/0x3b0 [ 748.844744] __x64_sys_recvmmsg+0x211/0x260 [ 748.844785] ? ksys_write+0x1a3/0x240 [ 748.844806] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 748.844837] ? irqentry_exit+0xee/0x650 [ 748.844859] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 748.844889] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 748.844928] do_syscall_64+0xbf/0x420 [ 748.844957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.844982] RIP: 0033:0x7f8ef3114b19 [ 748.845002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 748.845024] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 748.845048] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 748.845065] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 748.845080] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 748.845095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 748.845109] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 748.845145] [ 748.876718] FAULT_INJECTION: forcing a failure. [ 748.876718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 748.881042] CPU: 0 UID: 0 PID: 6382 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 748.881073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 748.881086] Call Trace: [ 748.881094] [ 748.881111] dump_stack_lvl+0xfa/0x120 [ 748.881142] should_fail_ex+0x4d7/0x5e0 [ 748.881182] _copy_from_user+0x30/0xd0 [ 748.881219] copy_msghdr_from_user+0x88/0x150 [ 748.881251] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 748.881280] ? __pfx__kstrtoull+0x10/0x10 [ 748.881308] ? kfree+0x2c5/0x5d0 [ 748.881341] ? __lock_acquire+0x451/0x2250 [ 748.881376] ___sys_recvmsg+0xbb/0x190 [ 748.881406] ? __pfx____sys_recvmsg+0x10/0x10 [ 748.881438] ? __pfx_perf_trace_lock+0x10/0x10 [ 748.881474] ? lock_acquire+0x15e/0x2d0 [ 748.881501] ? __might_fault+0xe0/0x190 [ 748.881523] ? find_held_lock+0x2b/0x80 [ 748.881558] ? __might_fault+0x138/0x190 [ 748.881592] do_recvmmsg+0x2c5/0x6f0 [ 748.881629] ? __pfx_do_recvmmsg+0x10/0x10 [ 748.881657] ? ksys_write+0x187/0x240 [ 748.881678] ? lock_release+0xc8/0x270 [ 748.881710] ? __mutex_unlock_slowpath+0x157/0x740 [ 748.881732] ? kernel_write+0x593/0x660 [ 748.881763] ? __fget_files+0x20d/0x3b0 [ 748.881796] __x64_sys_recvmmsg+0x211/0x260 [ 748.881828] ? ksys_write+0x1a3/0x240 [ 748.881849] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 748.881880] ? irqentry_exit+0xee/0x650 [ 748.881900] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 748.881929] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 748.881966] do_syscall_64+0xbf/0x420 [ 748.881994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.882017] RIP: 0033:0x7f4b915d8b19 [ 748.882035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 748.882056] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 748.882078] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 748.882093] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 748.882107] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 748.882120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 748.882133] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 748.882166] 00:52:29 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffdfe, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:29 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:29 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r1) ioctl$KIOCSOUND(r1, 0x4b2f, 0x7) mremap(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x11000, 0x3, &(0x7f0000fee000/0x11000)=nil) mlock2(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0) 00:52:29 executing program 2: mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) 00:52:29 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 20) 00:52:29 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffe00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:29 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 34) [ 749.189792] FAULT_INJECTION: forcing a failure. [ 749.189792] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 749.199230] CPU: 0 UID: 0 PID: 6402 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 749.199257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 749.199268] Call Trace: [ 749.199275] [ 749.199282] dump_stack_lvl+0xfa/0x120 [ 749.199310] should_fail_ex+0x4d7/0x5e0 [ 749.199347] _copy_from_user+0x30/0xd0 [ 749.199378] copy_msghdr_from_user+0x88/0x150 [ 749.199405] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 749.199428] ? __pfx__kstrtoull+0x10/0x10 [ 749.199451] ? kfree+0x2c5/0x5d0 [ 749.199477] ? __lock_acquire+0x451/0x2250 [ 749.199506] ___sys_recvmsg+0xbb/0x190 [ 749.199530] ? __pfx____sys_recvmsg+0x10/0x10 [ 749.199556] ? __pfx_perf_trace_lock+0x10/0x10 [ 749.199585] ? lock_acquire+0x15e/0x2d0 [ 749.199606] ? __might_fault+0xe0/0x190 [ 749.199625] ? find_held_lock+0x2b/0x80 [ 749.199660] ? __might_fault+0x138/0x190 [ 749.199687] do_recvmmsg+0x2c5/0x6f0 [ 749.199716] ? __pfx_do_recvmmsg+0x10/0x10 [ 749.199739] ? ksys_write+0x187/0x240 [ 749.199756] ? lock_release+0xc8/0x270 [ 749.199782] ? __mutex_unlock_slowpath+0x157/0x740 [ 749.199800] ? kernel_write+0x593/0x660 [ 749.199824] ? __fget_files+0x20d/0x3b0 [ 749.199851] __x64_sys_recvmmsg+0x211/0x260 [ 749.199876] ? ksys_write+0x1a3/0x240 [ 749.199893] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 749.199917] ? irqentry_exit+0xee/0x650 [ 749.199937] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 749.199967] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 749.200006] do_syscall_64+0xbf/0x420 [ 749.200035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.200053] RIP: 0033:0x7f8ef3114b19 [ 749.200068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 749.200085] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 749.200102] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 749.200115] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 749.200125] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 749.200136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 749.200146] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 749.200172] [ 749.244646] FAULT_INJECTION: forcing a failure. [ 749.244646] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 749.246363] CPU: 0 UID: 0 PID: 6405 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 749.246392] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 749.246406] Call Trace: [ 749.246414] [ 749.246423] dump_stack_lvl+0xfa/0x120 [ 749.246455] should_fail_ex+0x4d7/0x5e0 [ 749.246495] _copy_from_user+0x30/0xd0 [ 749.246533] copy_msghdr_from_user+0x88/0x150 [ 749.246565] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 749.246594] ? __pfx__kstrtoull+0x10/0x10 [ 749.246621] ? kfree+0x2c5/0x5d0 [ 749.246654] ? __lock_acquire+0x451/0x2250 [ 749.246689] ___sys_recvmsg+0xbb/0x190 [ 749.246719] ? __pfx____sys_recvmsg+0x10/0x10 [ 749.246751] ? __pfx_perf_trace_lock+0x10/0x10 [ 749.246793] ? lock_acquire+0x15e/0x2d0 [ 749.246819] ? __might_fault+0xe0/0x190 [ 749.246841] ? find_held_lock+0x2b/0x80 [ 749.246876] ? __might_fault+0x138/0x190 [ 749.246910] do_recvmmsg+0x2c5/0x6f0 [ 749.246946] ? __pfx_do_recvmmsg+0x10/0x10 [ 749.246973] ? ksys_write+0x187/0x240 [ 749.246996] ? lock_release+0xc8/0x270 [ 749.247028] ? __mutex_unlock_slowpath+0x157/0x740 [ 749.247050] ? kernel_write+0x593/0x660 [ 749.247080] ? __fget_files+0x20d/0x3b0 [ 749.247114] __x64_sys_recvmmsg+0x211/0x260 [ 749.247145] ? ksys_write+0x1a3/0x240 [ 749.247165] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 749.247195] ? irqentry_exit+0xee/0x650 [ 749.247216] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 749.247244] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 749.247281] do_syscall_64+0xbf/0x420 [ 749.247308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.247332] RIP: 0033:0x7f4b915d8b19 [ 749.247350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 749.247371] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 749.247393] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 749.247408] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 749.247421] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 749.247434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 749.247448] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 749.247480] 00:52:41 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:41 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x7ffffffff000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:41 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 35) 00:52:41 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mbind(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, &(0x7f0000000000)=0x8000, 0x0, 0x5) 00:52:41 executing program 4: perf_event_open(&(0x7f0000000340)={0x5, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x2000000, 0xffffffff, 0x0, 0x1e, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff21}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:52:41 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 21) 00:52:41 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 27) 00:52:41 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x2, &(0x7f0000ffe000/0x2000)=nil) r0 = pkey_alloc(0x0, 0x3) pkey_mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000, r0) [ 760.768879] FAULT_INJECTION: forcing a failure. [ 760.768879] name failslab, interval 1, probability 0, space 0, times 0 [ 760.770607] CPU: 0 UID: 0 PID: 6418 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 760.770635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 760.770649] Call Trace: [ 760.770658] [ 760.770667] dump_stack_lvl+0xfa/0x120 [ 760.770698] should_fail_ex+0x4d7/0x5e0 [ 760.770739] ? __kernfs_new_node+0xd3/0x940 [ 760.770777] should_failslab+0xc2/0x120 [ 760.770804] kmem_cache_alloc_noprof+0x80/0x760 [ 760.770838] ? __pfx_avc_has_perm+0x10/0x10 [ 760.770871] ? __kernfs_new_node+0xd3/0x940 [ 760.770900] __kernfs_new_node+0xd3/0x940 [ 760.770929] ? __lock_acquire+0x451/0x2250 [ 760.770962] ? __pfx___kernfs_new_node+0x10/0x10 [ 760.770998] ? lock_acquire+0x15e/0x2d0 [ 760.771025] ? kernfs_root+0x23/0x2a0 [ 760.771054] ? find_held_lock+0x2b/0x80 [ 760.771090] ? kernfs_root+0xee/0x2a0 [ 760.771119] ? lock_release+0xc8/0x270 [ 760.771144] ? lock_is_held_type+0x9e/0x120 [ 760.771173] kernfs_new_node+0x13c/0x1e0 [ 760.771214] kernfs_create_dir_ns+0x4d/0x1a0 [ 760.771240] internal_create_group+0x440/0xeb0 [ 760.771274] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 760.771306] ? __pfx_internal_create_group+0x10/0x10 [ 760.771338] ? blk_validate_limits+0xe47/0x15d0 [ 760.771371] ? lock_is_held_type+0x9e/0x120 [ 760.771396] loop_configure+0xc46/0x15a0 [ 760.771456] ? __pfx_loop_configure+0x10/0x10 [ 760.771506] ? avc_has_extended_perms+0x107/0xf20 [ 760.771533] ? find_held_lock+0x2b/0x80 [ 760.771567] ? avc_has_extended_perms+0x23b/0xf20 [ 760.771593] ? lock_release+0xc8/0x270 [ 760.771624] lo_ioctl+0x674/0x1cb0 [ 760.771661] ? __pfx_lo_ioctl+0x10/0x10 [ 760.771691] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 760.771715] ? __lock_acquire+0x451/0x2250 [ 760.771747] ? __pfx_perf_trace_lock+0x10/0x10 [ 760.771774] ? update_load_avg+0x153/0x1c90 [ 760.771810] ? perf_trace_lock+0xbb/0x4f0 [ 760.771838] ? __lock_acquire+0x451/0x2250 [ 760.771865] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 760.771902] ? blkdev_common_ioctl+0x1c3/0x2860 [ 760.771971] ? debug_mutex_remove_waiter+0x1a0/0x3f0 [ 760.772006] ? __fget_files+0x34/0x3b0 [ 760.772029] ? find_held_lock+0x2b/0x80 [ 760.772064] ? __fget_files+0x203/0x3b0 [ 760.772088] ? __pfx_lo_ioctl+0x10/0x10 [ 760.772118] blkdev_ioctl+0x365/0x6d0 [ 760.772146] ? __pfx_blkdev_ioctl+0x10/0x10 [ 760.772174] ? selinux_file_ioctl+0xb9/0x280 [ 760.772211] ? __pfx_blkdev_ioctl+0x10/0x10 [ 760.772242] __x64_sys_ioctl+0x18f/0x210 [ 760.772278] do_syscall_64+0xbf/0x420 [ 760.772305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.772329] RIP: 0033:0x7fcf6064c8d7 [ 760.772346] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 760.772367] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 760.772388] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf6064c8d7 [ 760.772403] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 760.772416] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 760.772430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 760.772443] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 760.772475] [ 760.827822] FAULT_INJECTION: forcing a failure. [ 760.827822] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 760.829925] CPU: 0 UID: 0 PID: 6420 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 760.829956] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 760.829969] Call Trace: [ 760.829983] [ 760.829992] dump_stack_lvl+0xfa/0x120 [ 760.830018] should_fail_ex+0x4d7/0x5e0 [ 760.830055] _copy_from_user+0x30/0xd0 [ 760.830092] copy_msghdr_from_user+0x88/0x150 [ 760.830124] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 760.830152] ? __pfx__kstrtoull+0x10/0x10 [ 760.830180] ? kfree+0x2c5/0x5d0 [ 760.830211] ? __lock_acquire+0x451/0x2250 [ 760.830244] ___sys_recvmsg+0xbb/0x190 [ 760.830273] ? __pfx____sys_recvmsg+0x10/0x10 [ 760.830305] ? __pfx_perf_trace_lock+0x10/0x10 [ 760.830339] ? lock_acquire+0x15e/0x2d0 [ 760.830365] ? __might_fault+0xe0/0x190 [ 760.830388] ? find_held_lock+0x2b/0x80 [ 760.830437] ? __might_fault+0x138/0x190 [ 760.830470] do_recvmmsg+0x2c5/0x6f0 [ 760.830506] ? __pfx_do_recvmmsg+0x10/0x10 [ 760.830533] ? ksys_write+0x187/0x240 [ 760.830554] ? lock_release+0xc8/0x270 [ 760.830586] ? __mutex_unlock_slowpath+0x157/0x740 [ 760.830606] ? kernel_write+0x593/0x660 [ 760.830642] ? __fget_files+0x20d/0x3b0 [ 760.830674] __x64_sys_recvmmsg+0x211/0x260 [ 760.830706] ? ksys_write+0x1a3/0x240 [ 760.830727] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 760.830756] ? irqentry_exit+0xee/0x650 [ 760.830776] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 760.830805] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 760.830841] do_syscall_64+0xbf/0x420 [ 760.830867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.830889] RIP: 0033:0x7f4b915d8b19 [ 760.830906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 760.830927] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 760.830948] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 760.830962] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 760.830976] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 760.830989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 760.831002] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 760.831034] [ 760.845792] loop6: detected capacity change from 0 to 264192 00:52:41 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000040)=0x1, 0x4) fdatasync(0xffffffffffffffff) [ 760.932142] FAULT_INJECTION: forcing a failure. [ 760.932142] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 760.934051] CPU: 1 UID: 0 PID: 6428 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 760.934080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 760.934093] Call Trace: [ 760.934101] [ 760.934110] dump_stack_lvl+0xfa/0x120 [ 760.934143] should_fail_ex+0x4d7/0x5e0 [ 760.934184] _copy_from_user+0x30/0xd0 [ 760.934221] copy_msghdr_from_user+0x88/0x150 [ 760.934254] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 760.934283] ? __pfx__kstrtoull+0x10/0x10 [ 760.934310] ? kfree+0x2c5/0x5d0 [ 760.934351] ? __lock_acquire+0x451/0x2250 [ 760.934390] ___sys_recvmsg+0xbb/0x190 [ 760.934435] ? __pfx____sys_recvmsg+0x10/0x10 [ 760.934468] ? __pfx_perf_trace_lock+0x10/0x10 [ 760.934502] ? lock_acquire+0x15e/0x2d0 [ 760.934529] ? __might_fault+0xe0/0x190 [ 760.934552] ? find_held_lock+0x2b/0x80 00:52:41 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 36) [ 760.934586] ? __might_fault+0x138/0x190 [ 760.934619] do_recvmmsg+0x2c5/0x6f0 [ 760.934656] ? __pfx_do_recvmmsg+0x10/0x10 [ 760.934682] ? ksys_write+0x187/0x240 [ 760.934704] ? lock_release+0xc8/0x270 [ 760.934735] ? __mutex_unlock_slowpath+0x157/0x740 [ 760.934763] ? kernel_write+0x593/0x660 [ 760.934794] ? __fget_files+0x20d/0x3b0 [ 760.934827] __x64_sys_recvmmsg+0x211/0x260 [ 760.934858] ? ksys_write+0x1a3/0x240 [ 760.934885] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 760.934922] ? irqentry_exit+0xee/0x650 [ 760.934943] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 760.934972] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 760.935008] do_syscall_64+0xbf/0x420 [ 760.935036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.935058] RIP: 0033:0x7f8ef3114b19 [ 760.935076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 760.935096] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 760.935118] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 760.935134] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 760.935147] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 760.935160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 760.935173] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 760.935205] 00:52:41 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:41 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 761.075962] FAULT_INJECTION: forcing a failure. [ 761.075962] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 761.084198] CPU: 0 UID: 0 PID: 6434 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 761.084227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 761.084239] Call Trace: [ 761.084246] [ 761.084253] dump_stack_lvl+0xfa/0x120 [ 761.084283] should_fail_ex+0x4d7/0x5e0 [ 761.084318] _copy_from_user+0x30/0xd0 [ 761.084350] copy_msghdr_from_user+0x88/0x150 [ 761.084379] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 761.084404] ? __pfx__kstrtoull+0x10/0x10 [ 761.084428] ? kfree+0x2c5/0x5d0 [ 761.084456] ? __lock_acquire+0x451/0x2250 [ 761.084487] ___sys_recvmsg+0xbb/0x190 [ 761.084513] ? __pfx____sys_recvmsg+0x10/0x10 [ 761.084541] ? __pfx_perf_trace_lock+0x10/0x10 [ 761.084572] ? lock_acquire+0x15e/0x2d0 [ 761.084595] ? __might_fault+0xe0/0x190 [ 761.084614] ? find_held_lock+0x2b/0x80 [ 761.084645] ? __might_fault+0x138/0x190 [ 761.084674] do_recvmmsg+0x2c5/0x6f0 [ 761.084705] ? __pfx_do_recvmmsg+0x10/0x10 [ 761.084732] ? ksys_write+0x187/0x240 [ 761.084753] ? lock_release+0xc8/0x270 [ 761.084789] ? __mutex_unlock_slowpath+0x157/0x740 [ 761.084808] ? kernel_write+0x593/0x660 [ 761.084834] ? __fget_files+0x20d/0x3b0 [ 761.084863] __x64_sys_recvmmsg+0x211/0x260 [ 761.084891] ? ksys_write+0x1a3/0x240 [ 761.084908] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 761.084934] ? irqentry_exit+0xee/0x650 [ 761.084951] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 761.084977] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 761.085009] do_syscall_64+0xbf/0x420 [ 761.085033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.085053] RIP: 0033:0x7f4b915d8b19 [ 761.085069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 761.085088] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 761.085108] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 761.085121] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 761.085133] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 761.085144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 761.085155] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 761.085183] 00:52:41 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 28) 00:52:41 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 22) [ 761.171691] FAULT_INJECTION: forcing a failure. [ 761.171691] name failslab, interval 1, probability 0, space 0, times 0 [ 761.173373] CPU: 0 UID: 0 PID: 6440 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 761.173397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 761.173408] Call Trace: [ 761.173414] [ 761.173421] dump_stack_lvl+0xfa/0x120 [ 761.173444] should_fail_ex+0x4d7/0x5e0 [ 761.173477] ? __kernfs_new_node+0xd3/0x940 [ 761.173503] should_failslab+0xc2/0x120 [ 761.173524] kmem_cache_alloc_noprof+0x80/0x760 [ 761.173552] ? __pfx_avc_has_perm+0x10/0x10 [ 761.173580] ? __kernfs_new_node+0xd3/0x940 [ 761.173604] __kernfs_new_node+0xd3/0x940 [ 761.173628] ? __lock_acquire+0x451/0x2250 [ 761.173654] ? __pfx___kernfs_new_node+0x10/0x10 [ 761.173684] ? lock_acquire+0x15e/0x2d0 [ 761.173706] ? kernfs_root+0x23/0x2a0 [ 761.173730] ? find_held_lock+0x2b/0x80 [ 761.173766] ? kernfs_root+0xee/0x2a0 [ 761.173790] ? lock_release+0xc8/0x270 [ 761.173811] ? lock_is_held_type+0x9e/0x120 [ 761.173835] kernfs_new_node+0x13c/0x1e0 [ 761.173869] kernfs_create_dir_ns+0x4d/0x1a0 [ 761.173890] internal_create_group+0x440/0xeb0 [ 761.173918] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 761.173945] ? __pfx_internal_create_group+0x10/0x10 [ 761.173971] ? blk_validate_limits+0xe47/0x15d0 [ 761.173998] ? lock_is_held_type+0x9e/0x120 [ 761.174018] loop_configure+0xc46/0x15a0 [ 761.174068] ? __pfx_loop_configure+0x10/0x10 [ 761.174109] ? avc_has_extended_perms+0x107/0xf20 [ 761.174131] ? find_held_lock+0x2b/0x80 [ 761.174159] ? avc_has_extended_perms+0x23b/0xf20 [ 761.174180] ? lock_release+0xc8/0x270 [ 761.174206] lo_ioctl+0x674/0x1cb0 [ 761.174237] ? __pfx_lo_ioctl+0x10/0x10 [ 761.174261] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 761.174284] ? __pfx_perf_trace_lock+0x10/0x10 [ 761.174312] ? lock_acquire+0x15e/0x2d0 [ 761.174334] ? __virt_addr_valid+0x1c6/0x5d0 [ 761.174357] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 761.174382] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 761.174406] ? lock_release+0xc8/0x270 [ 761.174440] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 761.174471] ? blkdev_common_ioctl+0x1c3/0x2860 [ 761.174523] ? debug_mutex_remove_waiter+0x1a0/0x3f0 [ 761.174552] ? __fget_files+0x34/0x3b0 [ 761.174571] ? find_held_lock+0x2b/0x80 [ 761.174599] ? __fget_files+0x203/0x3b0 [ 761.174619] ? __pfx_lo_ioctl+0x10/0x10 [ 761.174644] blkdev_ioctl+0x365/0x6d0 [ 761.174667] ? __pfx_blkdev_ioctl+0x10/0x10 [ 761.174691] ? selinux_file_ioctl+0xb9/0x280 [ 761.174721] ? __pfx_blkdev_ioctl+0x10/0x10 [ 761.174746] __x64_sys_ioctl+0x18f/0x210 [ 761.174776] do_syscall_64+0xbf/0x420 [ 761.174799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.174818] RIP: 0033:0x7fcf6064c8d7 [ 761.174832] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 761.174850] RSP: 002b:00007fcf5dbc1f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 761.174868] RAX: ffffffffffffffda RBX: 00007fcf60696970 RCX: 00007fcf6064c8d7 [ 761.174880] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 761.174891] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 761.174902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 761.174913] R13: 0000000000000004 R14: 0000000020000248 R15: 0000000000000003 [ 761.174939] 00:52:41 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x3, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4a8, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xf, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) r1 = open(&(0x7f0000000040)='./file0\x00', 0x80, 0x63) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r4, 0x0) recvmmsg$unix(r3, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x301001, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000200)=0x10, 0x4) r7 = syz_open_pts(r1, 0x81) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r10, r11, 0x0) recvmmsg$unix(r10, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) recvfrom(r10, &(0x7f0000000240)=""/107, 0x6b, 0x10060, &(0x7f00000002c0)=@isdn={0x22, 0x6, 0x81, 0x9, 0xff}, 0x80) dup3(r8, r9, 0x0) ppoll(&(0x7f0000000100)=[{r2, 0xa100}, {r0, 0x84}, {r3, 0x2}, {r5, 0x3004}, {r6, 0x8100}, {r7, 0x4200}, {r2, 0x42}, {r9, 0x4}, {r0, 0x16c863f5ecd8c1cb}], 0x9, &(0x7f0000000180), &(0x7f00000001c0)={[0x7f]}, 0x8) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) [ 761.249722] loop6: detected capacity change from 0 to 264192 [ 761.262241] FAULT_INJECTION: forcing a failure. [ 761.262241] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 761.264028] CPU: 1 UID: 0 PID: 6442 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 761.264073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 761.264094] Call Trace: [ 761.264106] [ 761.264120] dump_stack_lvl+0xfa/0x120 [ 761.264167] should_fail_ex+0x4d7/0x5e0 [ 761.264232] _copy_from_user+0x30/0xd0 [ 761.264294] copy_msghdr_from_user+0x88/0x150 [ 761.264348] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 761.264398] ? __pfx__kstrtoull+0x10/0x10 [ 761.264443] ? kfree+0x2c5/0x5d0 [ 761.264496] ? __lock_acquire+0x451/0x2250 [ 761.264553] ___sys_recvmsg+0xbb/0x190 [ 761.264603] ? __pfx____sys_recvmsg+0x10/0x10 [ 761.264645] ? __pfx_perf_trace_lock+0x10/0x10 [ 761.264680] ? lock_acquire+0x15e/0x2d0 [ 761.264706] ? __might_fault+0xe0/0x190 [ 761.264729] ? find_held_lock+0x2b/0x80 [ 761.264771] ? __might_fault+0x138/0x190 [ 761.264805] do_recvmmsg+0x2c5/0x6f0 [ 761.264841] ? __pfx_do_recvmmsg+0x10/0x10 [ 761.264868] ? ksys_write+0x187/0x240 [ 761.264889] ? lock_release+0xc8/0x270 [ 761.264921] ? __mutex_unlock_slowpath+0x157/0x740 [ 761.264943] ? kernel_write+0x593/0x660 [ 761.264972] ? __fget_files+0x20d/0x3b0 [ 761.265005] __x64_sys_recvmmsg+0x211/0x260 [ 761.265038] ? ksys_write+0x1a3/0x240 [ 761.265058] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 761.265088] ? irqentry_exit+0xee/0x650 [ 761.265108] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 761.265137] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 761.265173] do_syscall_64+0xbf/0x420 [ 761.265200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.265224] RIP: 0033:0x7f8ef3114b19 [ 761.265242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 761.265263] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 761.265285] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 761.265301] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 761.265314] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 761.265328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 761.265341] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 761.265373] 00:52:51 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r2, 0x0) recvmmsg$unix(r1, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) r3 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x800) r4 = syz_open_dev$vcsa(&(0x7f0000000040), 0x7, 0x20000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r6, 0x0) ppoll(&(0x7f0000000080)=[{r1, 0x8000}, {r3, 0xb002}, {0xffffffffffffffff, 0x2000}, {r4, 0x2139}, {r0, 0x4}, {r0, 0x8000}, {r6, 0x2010}], 0x7, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000100)={[0xffffffffffffffff]}, 0x8) fdatasync(0xffffffffffffffff) 00:52:51 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 29) 00:52:51 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) syz_io_uring_setup(0x6fb6, &(0x7f0000000000)={0x0, 0xb953, 0x0, 0x0, 0x1ac}, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000000)={0x0, @xdp={0x2c, 0x0, 0x0, 0x34}, @in={0x2, 0x4e24, @empty}, @llc={0x1a, 0xffff, 0x1, 0xff, 0x0, 0xff}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x10000000007f, 0x2}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r6}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000180)={'syztnl1\x00', r6, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback, 0x0, 0x20}}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000740)=0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000980)={&(0x7f0000000c80)=ANY=[@ANYBLOB="dc0100001800000125bd7000fedbdf25000000000000000000000000000000000a0101020000000000000000000000004e2404014e2300000000000000000012005232c5631a1d434f42f8ca6687aacaf5d7eb630080743b56b9bf4c6651c3acf892efcc9e6878d11a5d78000000226f3d17103ea23501b5dad13754c00ea648501359a29af75a551c5e3b60b89ad6ac95000000000000000000000000000000006dff4b89cf9b535ed03b96c561f21cd6086e7b5afc211e1e6c227c79e50ef42b9eab243308444b698acab9572ddcb382e41280", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a010100000000000000000000000000000004d23300000064010100000000000000000000000000c5ffffffffffffff05000000000000e900040000000000002100000000000000ff0000000000000040000000000000fd030000000000000000fcffffffffffff0104000000000000d10200000000000009000000000000000800000000000000000800bb0200000002000027bd70000740bf49916e7bb313eb5f1b3500000a0006060200000000000000b500000000000000e4000600fe800000000000000000000000000037000000000000000000000000000000004e20009b4e23", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="ac1414aa000000000000000000000000000004d46c00000000000000000000000000000000000000dd0e0000000000004d0000000000000000010000000000000200000000000000060000000000000005000000000000010000000000000000000005000000000000005f9300000000000008000000000000002000000007000000500f000028bd700007350000060002d64700"/168], 0x1dc}, 0x1, 0x0, 0x0, 0x4000011}, 0x40084) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=@ll={0x11, 0xf5, r6, 0x1, 0x4, 0x6, @random="d8f4d14d8f2d"}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="f367f041c470da6da401aca4a15f7894e27eba90d9e338f4d5f3c06f888f264896603bdb69b8", 0x26}], 0x1, &(0x7f00000013c0)=ANY=[@ANYBLOB="78000000000000001801000000020000a08c91caac0f43fc3cb00da6deaa503d79c2788ee4d392585369571d6b3b5fe333a0101160d84446c61524fe40193f23bd7e51071f6d5ea4046c878dde9afb63a167d45f7ad6a6e6e78ef400108f16fa06ea13f8a810f24df6dab8adf0da7f78379300000000000000b000000000000000080100000100000013deec1a0eb8fbb8006a7f053477a6bb35ded80f390fc302bb2c2fc621d130b0a9faac44ad575c375bebc64be388335dde0396309a0f26e04bf2c811cf1b186a172737036879eb03e1af7b9f0f546b0418833748770cd99f2a070a53897783c6969afed592c6a33544c9aa20b2b857d0cec7eec10a9c9ba8b3523e6a57e4afca28e8a6483606d1adc06cbc507380769d127557ee3fd661eb1de8470ed0d870000000ac88e3ed900000000000000010010000080000000e15cb0fa60f112f155fed0e14594608dba2c60edc3f67a64c32dad570e1cad670c937ba9d86ad5fdcc8d5d29972e7bbee34dc5efeb89089924e9f3894a588d10de678f4cb1493b73f2595f213ced0433e4f7e6491d46b73be682f279e1ebda8aec575151e6cd43977a3fc1d843fde3d272e162fa30e3307e1afdc00000000007502ab9cf99b8711100100005a0c0000dc0acc25165a6643ec30c42bc00e4b94c40da6103d8409d01471b0d21e703f331dbe40d13402c97552900264ee5f43ae09743d2d8359819e4259e54d4d5fa4c9e239eb947418a389d38f1707078344084de6ab59f44b4c1d3a5ef99cdc3f7c232f29996710047ac144e234ce926ff9c57281e30ba564a30902d942db2f337f52a9702b3d16f33505d3310fdddfdcd44ea54f610bae7d4948e15aef8081cb8dc9fa76cc812b17279f7fd65d866b36e85e1a385716864215bcabc555e2704b158073bf3993f9424521ee878ab65f9f3212cd7fee5dfc181d937b86f5f2473f08557e5c842510010000000000000101000000020000c593133edd9b0501b546088b8b7199e31f1d4479443cd500f307183db7c0eff02809b2448ac3fb9306000000000000002ed87c2ffbae74f34361fb3cd7c734a39724003df6e9765293f411501ad1f8a90101c525c29e54173c6e633edf30ce98c9338d522a50b3ebf809ee5df432ec41f9b47f7a1ba2f9474aaeb91150a94012913776a97426414b504fb5cf5d865dfdfa63108a18cf03a9c3d58014209ef9c5021a637f4b1036a2658b1b2a7edf0724ceb130f63f1045c70d1d58ecad85718f9046565ca300da940d64b248bcbf8601157786d886c84eacbb06a53d17363bce8c5b2b4b45dacbb8e53aed6f45fd3965aae271dbc75651a0d54920e034d2ba1928e5d10000000066a5d91d703d97317a8cbc869dd93bd874942735ba3867067a38ff7405e6d6f9997b472d6f2641f1abd56388dca26a64a2d3ae0a6013f4d53977b047ba150afe2c345613677f03dfc4bddf7226e7e3a3f908675787a4f3000000000000000000000000000000bb4071768aaae2e8cb2d8b701dbfe590faee3b1c243706e23cb5074d1ea55e1a17f0b23381467d1aeb2fd3a9000000000000000000000000305d1441fd648348c98a83520c649d3a6f15a4670651efc41530ec8811905b5ed7fa6b16bdb69e5ac79db852e7e33a70bcc0b526d7ac941dd3d79aadff04ac7c79f12d7970cdffe13e83c6b52076a90d0a4c7433a410e9dbde"], 0x3d0}, 0x0, 0x8000000, 0x1, {0x0, r8}}, 0x6) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1, {0x0, r8}}, 0x3f) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, r1, &(0x7f0000000000)={0x200000, 0x92}, &(0x7f0000000040)='./file0\x00', 0x18, 0x0, 0x23456}, 0x1) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0xb, 0x0, 0x1d, 0x0, &(0x7f0000000000)="b438b73bad3d9487a68775ed17406ebc12cb7ca57417e0b180279fef5f5855318d8df031610fa0445600402880644d3fdd1b34f51a89fac836cbbf2e91f91384890a0f69b67f04d78a", 0x8001, 0x0, 0x1, {0x3}}, 0x2cba) 00:52:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 37) 00:52:51 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x5000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:52:51 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf0ffffff7f0000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:52:51 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil) r0 = syz_io_uring_setup(0x244a, &(0x7f0000000040)={0x0, 0x8824, 0x4, 0x2, 0x3b9}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000000)={0x0, @xdp={0x2c, 0x0, 0x0, 0x34}, @in={0x2, 0x4e24, @empty}, @llc={0x1a, 0xffff, 0x1, 0xff, 0x0, 0xff}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x10000000007f, 0x2}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r4}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000180)={'syztnl1\x00', r4, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback, 0x0, 0x20}}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000740)=0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000980)={&(0x7f0000000c80)=ANY=[@ANYBLOB="dc0100001800000125bd7000fedbdf25000000000000000000000000000000000a0101020000000000000000000000004e2404014e2300000000000000000012005232c5631a1d434f42f8ca6687aacaf5d7eb630080743b56b9bf4c6651c3acf892efcc9e6878d11a5d78000000226f3d17103ea23501b5dad13754c00ea648501359a29af75a551c5e3b60b89ad6ac95000000000000000000000000000000006dff4b89cf9b535ed03b96c561f21cd6086e7b5afc211e1e6c227c79e50ef42b9eab243308444b698acab9572ddcb382e41280", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a010100000000000000000000000000000004d23300000064010100000000000000000000000000c5ffffffffffffff05000000000000e900040000000000002100000000000000ff0000000000000040000000000000fd030000000000000000fcffffffffffff0104000000000000d10200000000000009000000000000000800000000000000000800bb0200000002000027bd70000740bf49916e7bb313eb5f1b3500000a0006060200000000000000b500000000000000e4000600fe800000000000000000000000000037000000000000000000000000000000004e20009b4e23", @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="ac1414aa000000000000000000000000000004d46c00000000000000000000000000000000000000dd0e0000000000004d0000000000000000010000000000000200000000000000060000000000000005000000000000010000000000000000000005000000000000005f9300000000000008000000000000002000000007000000500f000028bd700007350000060002d64700"/168], 0x1dc}, 0x1, 0x0, 0x0, 0x4000011}, 0x40084) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=@ll={0x11, 0xf5, r4, 0x1, 0x4, 0x6, @random="d8f4d14d8f2d"}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="f367f041c470da6da401aca4a15f7894e27eba90d9e338f4d5f3c06f888f264896603bdb69b8", 0x26}], 0x1, &(0x7f00000013c0)=ANY=[@ANYBLOB="78000000000000001801000000020000a08c91caac0f43fc3cb00da6deaa503d79c2788ee4d392585369571d6b3b5fe333a0101160d84446c61524fe40193f23bd7e51071f6d5ea4046c878dde9afb63a167d45f7ad6a6e6e78ef400108f16fa06ea13f8a810f24df6dab8adf0da7f78379300000000000000b000000000000000080100000100000013deec1a0eb8fbb8006a7f053477a6bb35ded80f390fc302bb2c2fc621d130b0a9faac44ad575c375bebc64be388335dde0396309a0f26e04bf2c811cf1b186a172737036879eb03e1af7b9f0f546b0418833748770cd99f2a070a53897783c6969afed592c6a33544c9aa20b2b857d0cec7eec10a9c9ba8b3523e6a57e4afca28e8a6483606d1adc06cbc507380769d127557ee3fd661eb1de8470ed0d870000000ac88e3ed900000000000000010010000080000000e15cb0fa60f112f155fed0e14594608dba2c60edc3f67a64c32dad570e1cad670c937ba9d86ad5fdcc8d5d29972e7bbee34dc5efeb89089924e9f3894a588d10de678f4cb1493b73f2595f213ced0433e4f7e6491d46b73be682f279e1ebda8aec575151e6cd43977a3fc1d843fde3d272e162fa30e3307e1afdc00000000007502ab9cf99b8711100100005a0c0000dc0acc25165a6643ec30c42bc00e4b94c40da6103d8409d01471b0d21e703f331dbe40d13402c97552900264ee5f43ae09743d2d8359819e4259e54d4d5fa4c9e239eb947418a389d38f1707078344084de6ab59f44b4c1d3a5ef99cdc3f7c232f29996710047ac144e234ce926ff9c57281e30ba564a30902d942db2f337f52a9702b3d16f33505d3310fdddfdcd44ea54f610bae7d4948e15aef8081cb8dc9fa76cc812b17279f7fd65d866b36e85e1a385716864215bcabc555e2704b158073bf3993f9424521ee878ab65f9f3212cd7fee5dfc181d937b86f5f2473f08557e5c842510010000000000000101000000020000c593133edd9b0501b546088b8b7199e31f1d4479443cd500f307183db7c0eff02809b2448ac3fb9306000000000000002ed87c2ffbae74f34361fb3cd7c734a39724003df6e9765293f411501ad1f8a90101c525c29e54173c6e633edf30ce98c9338d522a50b3ebf809ee5df432ec41f9b47f7a1ba2f9474aaeb91150a94012913776a97426414b504fb5cf5d865dfdfa63108a18cf03a9c3d58014209ef9c5021a637f4b1036a2658b1b2a7edf0724ceb130f63f1045c70d1d58ecad85718f9046565ca300da940d64b248bcbf8601157786d886c84eacbb06a53d17363bce8c5b2b4b45dacbb8e53aed6f45fd3965aae271dbc75651a0d54920e034d2ba1928e5d10000000066a5d91d703d97317a8cbc869dd93bd874942735ba3867067a38ff7405e6d6f9997b472d6f2641f1abd56388dca26a64a2d3ae0a6013f4d53977b047ba150afe2c345613677f03dfc4bddf7226e7e3a3f908675787a4f3000000000000000000000000000000bb4071768aaae2e8cb2d8b701dbfe590faee3b1c243706e23cb5074d1ea55e1a17f0b23381467d1aeb2fd3a9000000000000000000000000305d1441fd648348c98a83520c649d3a6f15a4670651efc41530ec8811905b5ed7fa6b16bdb69e5ac79db852e7e33a70bcc0b526d7ac941dd3d79aadff04ac7c79f12d7970cdffe13e83c6b52076a90d0a4c7433a410e9dbde"], 0x3d0}, 0x0, 0x8000000, 0x1, {0x0, r6}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index, 0x3f, 0x0, 0x0, 0x0, 0x1, {0x0, r6}}, 0x3f) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_OPENAT2={0x1c, 0x2, 0x0, 0xffffffffffffffff, &(0x7f0000000000)={0x200000, 0x92}, &(0x7f0000000040)='./file0\x00', 0x18, 0x0, 0x23456}, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x989680}, 0x1, 0x0, 0x1}, 0x8) syz_io_uring_setup(0x4c0d, &(0x7f0000000140)={0x0, 0x1672, 0x0, 0x1, 0x171, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1) munlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, &(0x7f0000000000)=0x7, 0x9, 0x4) 00:52:51 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 23) [ 771.038409] loop6: detected capacity change from 0 to 264192 [ 771.118263] FAULT_INJECTION: forcing a failure. [ 771.118263] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 771.119298] CPU: 0 UID: 0 PID: 6467 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 00:52:51 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfeffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 771.119316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 771.119324] Call Trace: [ 771.119330] [ 771.119336] dump_stack_lvl+0xfa/0x120 [ 771.119359] should_fail_ex+0x4d7/0x5e0 [ 771.119386] _copy_from_user+0x30/0xd0 [ 771.119413] copy_msghdr_from_user+0x88/0x150 [ 771.119440] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 771.119463] ? __pfx__kstrtoull+0x10/0x10 [ 771.119480] ? kfree+0x2c5/0x5d0 [ 771.119502] ? __lock_acquire+0x451/0x2250 [ 771.119525] ___sys_recvmsg+0xbb/0x190 [ 771.119547] ? __pfx____sys_recvmsg+0x10/0x10 00:52:51 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 30) [ 771.119568] ? __pfx_perf_trace_lock+0x10/0x10 [ 771.119594] ? lock_acquire+0x15e/0x2d0 [ 771.119613] ? __might_fault+0xe0/0x190 [ 771.119636] ? find_held_lock+0x2b/0x80 [ 771.119656] ? __might_fault+0x138/0x190 [ 771.119674] do_recvmmsg+0x2c5/0x6f0 [ 771.119694] ? __pfx_do_recvmmsg+0x10/0x10 [ 771.119709] ? ksys_write+0x187/0x240 [ 771.119722] ? lock_release+0xc8/0x270 [ 771.119739] ? __mutex_unlock_slowpath+0x157/0x740 [ 771.119751] ? kernel_write+0x593/0x660 [ 771.119772] ? __fget_files+0x20d/0x3b0 [ 771.119791] __x64_sys_recvmmsg+0x211/0x260 [ 771.119809] ? ksys_write+0x1a3/0x240 00:52:51 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 24) [ 771.119820] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 771.119836] ? irqentry_exit+0xee/0x650 [ 771.119847] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 771.119864] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 771.119884] do_syscall_64+0xbf/0x420 [ 771.119899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.119912] RIP: 0033:0x7f8ef3114b19 [ 771.119922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 00:52:51 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:52:51 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x17) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x99ad) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r1) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000002, 0x810, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) syz_io_uring_submit(r2, 0x0, &(0x7f0000000080)=@IORING_OP_OPENAT={0x12, 0x1, 0x0, r0, 0x0, &(0x7f0000000000)='./file0\x00', 0xe9, 0x280000}, 0x44005) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) [ 771.119934] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 771.119947] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 00:52:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 38) [ 771.119955] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 771.119963] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 771.119970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.119977] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 771.119994] [ 771.169951] FAULT_INJECTION: forcing a failure. [ 771.169951] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:52:51 executing program 2: ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000000)) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:52:51 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup(r0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 771.169994] CPU: 1 UID: 0 PID: 6479 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 771.170022] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 771.170035] Call Trace: [ 771.170043] [ 771.170051] dump_stack_lvl+0xfa/0x120 [ 771.170083] should_fail_ex+0x4d7/0x5e0 [ 771.170124] _copy_from_user+0x30/0xd0 [ 771.170161] copy_msghdr_from_user+0x88/0x150 [ 771.170193] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 771.170221] ? __pfx__kstrtoull+0x10/0x10 [ 771.170248] ? kfree+0x2c5/0x5d0 [ 771.170281] ? __lock_acquire+0x451/0x2250 [ 771.170315] ___sys_recvmsg+0xbb/0x190 [ 771.170345] ? __pfx____sys_recvmsg+0x10/0x10 [ 771.170376] ? __pfx_perf_trace_lock+0x10/0x10 [ 771.170411] ? lock_acquire+0x15e/0x2d0 [ 771.170437] ? __might_fault+0xe0/0x190 [ 771.170459] ? find_held_lock+0x2b/0x80 00:52:51 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 31) [ 771.170494] ? __might_fault+0x138/0x190 [ 771.170527] do_recvmmsg+0x2c5/0x6f0 [ 771.170577] ? __pfx_do_recvmmsg+0x10/0x10 [ 771.170604] ? ksys_write+0x187/0x240 [ 771.170626] ? lock_release+0xc8/0x270 [ 771.170657] ? __mutex_unlock_slowpath+0x157/0x740 [ 771.170679] ? kernel_write+0x593/0x660 [ 771.170709] ? __fget_files+0x20d/0x3b0 [ 771.170742] __x64_sys_recvmmsg+0x211/0x260 [ 771.170781] ? ksys_write+0x1a3/0x240 [ 771.170801] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 771.170831] ? irqentry_exit+0xee/0x650 [ 771.170851] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 771.170879] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 771.170916] do_syscall_64+0xbf/0x420 [ 771.170943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.170966] RIP: 0033:0x7f4b915d8b19 [ 771.170984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 771.171005] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 771.171027] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 771.171042] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 771.171056] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 771.171069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.171083] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 771.171115] [ 771.277269] FAULT_INJECTION: forcing a failure. [ 771.277269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 771.277299] CPU: 0 UID: 0 PID: 6486 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 771.277315] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 771.277328] Call Trace: [ 771.277332] [ 771.277338] dump_stack_lvl+0xfa/0x120 [ 771.277359] should_fail_ex+0x4d7/0x5e0 [ 771.277383] _copy_from_user+0x30/0xd0 [ 771.277405] copy_msghdr_from_user+0x88/0x150 [ 771.277423] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 771.277439] ? __pfx__kstrtoull+0x10/0x10 [ 771.277455] ? kfree+0x2c5/0x5d0 [ 771.277474] ? __lock_acquire+0x451/0x2250 [ 771.277493] ___sys_recvmsg+0xbb/0x190 [ 771.277509] ? __pfx____sys_recvmsg+0x10/0x10 [ 771.277526] ? __pfx_perf_trace_lock+0x10/0x10 [ 771.277546] ? lock_acquire+0x15e/0x2d0 [ 771.277560] ? __might_fault+0xe0/0x190 [ 771.277573] ? find_held_lock+0x2b/0x80 [ 771.277592] ? __might_fault+0x138/0x190 [ 771.277609] do_recvmmsg+0x2c5/0x6f0 [ 771.277630] ? __pfx_do_recvmmsg+0x10/0x10 [ 771.277644] ? ksys_write+0x187/0x240 [ 771.277656] ? lock_release+0xc8/0x270 [ 771.277673] ? __mutex_unlock_slowpath+0x157/0x740 [ 771.277685] ? kernel_write+0x593/0x660 [ 771.277702] ? __fget_files+0x20d/0x3b0 [ 771.277721] __x64_sys_recvmmsg+0x211/0x260 [ 771.277739] ? ksys_write+0x1a3/0x240 [ 771.277750] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 771.277766] ? irqentry_exit+0xee/0x650 [ 771.277778] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 771.277794] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 771.277814] do_syscall_64+0xbf/0x420 [ 771.277829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.277843] RIP: 0033:0x7f8ef3114b19 [ 771.277853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 771.277865] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 771.277878] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 771.277886] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 771.277894] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 771.277901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.277909] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 771.277926] [ 771.375842] FAULT_INJECTION: forcing a failure. [ 771.375842] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 771.375987] CPU: 1 UID: 0 PID: 6495 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 771.376015] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 771.376028] Call Trace: [ 771.376036] [ 771.376045] dump_stack_lvl+0xfa/0x120 [ 771.376077] should_fail_ex+0x4d7/0x5e0 [ 771.376118] should_fail_alloc_page+0xe0/0x110 [ 771.376145] prepare_alloc_pages+0x1eb/0x550 [ 771.376171] ? __is_insn_slot_addr+0x140/0x290 [ 771.376201] __alloc_frozen_pages_noprof+0x186/0x25b0 [ 771.376231] ? __kernel_text_address+0xd/0x40 [ 771.376260] ? unwind_get_return_address+0x59/0xa0 [ 771.376286] ? arch_stack_walk+0x9c/0xf0 [ 771.376318] ? perf_trace_lock+0xbb/0x4f0 [ 771.376346] ? __lock_acquire+0x451/0x2250 [ 771.376378] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 771.376407] ? perf_trace_lock+0xbb/0x4f0 [ 771.376434] ? __lock_acquire+0x451/0x2250 [ 771.376466] ? __pfx_perf_trace_lock+0x10/0x10 [ 771.376500] ? lock_acquire+0x15e/0x2d0 [ 771.376526] ? __is_insn_slot_addr+0x2e/0x290 [ 771.376551] ? find_held_lock+0x2b/0x80 [ 771.376583] ? look_up_lock_class+0x56/0x130 [ 771.376621] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 771.376656] ? policy_nodemask+0xeb/0x4e0 [ 771.376691] alloc_pages_mpol+0xed/0x340 [ 771.376723] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 771.376754] ? __pfx_perf_trace_lock+0x10/0x10 [ 771.376791] ? get_vma_policy+0x23b/0x350 [ 771.376828] vma_alloc_folio_noprof+0xe9/0x440 [ 771.376862] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 771.376898] ? lock_release+0xc8/0x270 [ 771.376931] do_wp_page+0x1386/0x2fe0 [ 771.376970] ? __pfx_do_wp_page+0x10/0x10 [ 771.376998] ? do_raw_spin_lock+0x123/0x260 [ 771.377031] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 771.377074] __handle_mm_fault+0xd9e/0x2fa0 [ 771.377103] ? mt_find+0x744/0x9b0 [ 771.377129] ? __pfx_mt_find+0x10/0x10 [ 771.377155] ? __pfx___handle_mm_fault+0x10/0x10 [ 771.377202] ? find_vma+0xbf/0x140 [ 771.377224] ? __pfx_find_vma+0x10/0x10 [ 771.377254] handle_mm_fault+0x2d8/0x750 [ 771.377283] ? access_error+0x17d/0x380 [ 771.377311] ? lock_mm_and_find_vma+0xae/0x1380 [ 771.377350] do_user_addr_fault+0x3cc/0x12b0 [ 771.377391] exc_page_fault+0xb0/0x180 [ 771.377427] asm_exc_page_fault+0x26/0x30 [ 771.377449] RIP: 0010:__put_user_nocheck_4+0x3/0x10 [ 771.377476] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca e9 37 70 03 00 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca e9 11 70 03 00 90 90 90 90 90 90 90 90 90 90 [ 771.377497] RSP: 0018:ffff88801b147a00 EFLAGS: 00050206 [ 771.377516] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020002030 [ 771.377529] RDX: 0000000000040000 RSI: ffffffff83cc816b RDI: 0000000000000005 [ 771.377543] RBP: ffff88801b147da0 R08: 0000000000000001 R09: ffffed1003628ed4 [ 771.377557] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 771.377570] R13: 0000000020002030 R14: 0000000000000000 R15: 0000000000000000 [ 771.377595] ? ____sys_recvmsg+0x2eb/0x670 [ 771.377636] ____sys_recvmsg+0x2f6/0x670 [ 771.377679] ? __pfx_____sys_recvmsg+0x10/0x10 [ 771.377716] ? copy_msghdr_from_user+0xfb/0x150 [ 771.377746] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 771.377774] ? __pfx__kstrtoull+0x10/0x10 [ 771.377809] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 771.377846] ___sys_recvmsg+0xf1/0x190 [ 771.377876] ? __pfx____sys_recvmsg+0x10/0x10 [ 771.377915] ? lock_acquire+0x15e/0x2d0 [ 771.377941] ? __might_fault+0xe0/0x190 [ 771.377963] ? find_held_lock+0x2b/0x80 [ 771.377997] ? __might_fault+0x138/0x190 [ 771.378030] do_recvmmsg+0x2c5/0x6f0 [ 771.378067] ? __pfx_do_recvmmsg+0x10/0x10 [ 771.378094] ? ksys_write+0x187/0x240 [ 771.378115] ? lock_release+0xc8/0x270 [ 771.378147] ? __mutex_unlock_slowpath+0x157/0x740 [ 771.378169] ? kernel_write+0x593/0x660 [ 771.378199] ? __fget_files+0x20d/0x3b0 [ 771.378233] __x64_sys_recvmmsg+0x211/0x260 [ 771.378265] ? ksys_write+0x1a3/0x240 [ 771.378285] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 771.378315] ? irqentry_exit+0xee/0x650 [ 771.378335] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 771.378362] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 771.378399] do_syscall_64+0xbf/0x420 [ 771.378425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.378447] RIP: 0033:0x7f4b915d8b19 [ 771.378464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 771.378485] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 771.378505] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 771.378519] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 771.378545] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 771.378558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.378571] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 771.378604] [ 771.437210] loop6: detected capacity change from 0 to 264192 00:53:02 executing program 2: mremap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4000, 0x668b1b3f3411e17, &(0x7f0000ff7000/0x4000)=nil) 00:53:02 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x6000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:02 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x100000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:53:02 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x1bc, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x3, 0x3e}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x7}, @NL80211_ATTR_VENDOR_DATA={0xb0, 0xc5, "433faae4d4e9844efc2b93a0c23446612e4ff2a20872c70607f79b004deea077b5c36dd29eb551dc31c7a8e8ecc6cc4def3822b969986f8644e95c3242afdbf0c9d032fc39da8d0c4113613ba23576d8af0bb131e90ebe9d0cafaca3d509864437ccd4b39656cbf161983b4171727c0f49999905130bc6966dbb8af70ab618f5fd7248fe38cc8a2d65ae1e753dc74cbb19cc4fc686d8dd15b85459d0d39b88a11f620ffc4202f30846188f20"}, @NL80211_ATTR_VENDOR_DATA={0xa, 0xc5, "058b59df936c"}, @NL80211_ATTR_VENDOR_DATA={0xd0, 0xc5, "9329d81424f960d21765296eeb5e821710cad5b956a419b6a42203a8e84cdb78f97c90cb8708e8ab981a4915bde803e476dc14eea1ec934593e22eeda8983dbb38bf1d089bd248253a71c411358c239c8c846fbe139fcf5e110f02babea15cfaf7773172ec632575ba8a79d642df2b71853f5fb7895020155ec7812a6522940c931fbe0c63d7a6581ea335d49998e405ee0d8044194243d08cf066d04ad10cb5e8d02dbcd58283e5fc348665ec50692316f433c88ecad3f4cbe2ada74dc77ab1fdacc586446d2932e2ae1d8e"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x80}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x8050}, 0x4000000) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "9e1961fbccfc2dbd90fd623df5c3d66f"}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_FLUSH_PMKSA(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0000000000010000ab1b9c23549edcfa64427a7c413b39da0025360108002300", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x24040881) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x1) read(0xffffffffffffffff, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r4) openat(r4, &(0x7f0000000180)='mnt\x00', 0x109000, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r5) ioctl$HIDIOCGFIELDINFO(r5, 0xc038480a, &(0x7f0000000100)={0x2, 0x100, 0x7ff, 0x6, 0x401, 0x0, 0x5d01, 0x80, 0xfffffff9, 0x1ff, 0x3, 0x5, 0x1, 0x6}) fdatasync(0xffffffffffffffff) 00:53:02 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 39) 00:53:02 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 32) 00:53:02 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 25) 00:53:02 executing program 7: sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x1, 0x6, 0x801, 0x0, 0x0, {0xd, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x8000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x5000, 0x6, &(0x7f0000ff7000/0x5000)=nil) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100)={[0xffffffffffffffff]}, 0x8) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xd8, r1, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7fffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7ff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40010}, 0x4) [ 782.285896] loop6: detected capacity change from 0 to 264192 [ 782.296935] FAULT_INJECTION: forcing a failure. [ 782.296935] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.301927] CPU: 0 UID: 0 PID: 6511 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 782.301949] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 782.301958] Call Trace: [ 782.301964] [ 782.301970] dump_stack_lvl+0xfa/0x120 [ 782.301993] should_fail_ex+0x4d7/0x5e0 [ 782.302021] _copy_from_user+0x30/0xd0 [ 782.302047] copy_msghdr_from_user+0x88/0x150 [ 782.302069] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 782.302089] ? __pfx__kstrtoull+0x10/0x10 [ 782.302107] ? kfree+0x2c5/0x5d0 [ 782.302130] ? __lock_acquire+0x451/0x2250 [ 782.302154] ___sys_recvmsg+0xbb/0x190 [ 782.302175] ? __pfx____sys_recvmsg+0x10/0x10 [ 782.302197] ? __pfx_perf_trace_lock+0x10/0x10 [ 782.302221] ? lock_acquire+0x15e/0x2d0 [ 782.302238] ? __might_fault+0xe0/0x190 [ 782.302254] ? find_held_lock+0x2b/0x80 [ 782.302278] ? __might_fault+0x138/0x190 [ 782.302300] do_recvmmsg+0x2c5/0x6f0 [ 782.302325] ? __pfx_do_recvmmsg+0x10/0x10 [ 782.302343] ? ksys_write+0x187/0x240 [ 782.302358] ? lock_release+0xc8/0x270 [ 782.302380] ? __mutex_unlock_slowpath+0x157/0x740 [ 782.302395] ? kernel_write+0x593/0x660 [ 782.302416] ? __fget_files+0x20d/0x3b0 [ 782.302439] __x64_sys_recvmmsg+0x211/0x260 [ 782.302460] ? ksys_write+0x1a3/0x240 [ 782.302474] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 782.302494] ? irqentry_exit+0xee/0x650 [ 782.302508] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 782.302528] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 782.302554] do_syscall_64+0xbf/0x420 [ 782.302573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.302589] RIP: 0033:0x7f8ef3114b19 [ 782.302601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 782.302615] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 782.302631] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 782.302641] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 782.302651] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 782.302672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 782.302681] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 782.302703] 00:53:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000000)=ANY=[@ANYBLOB="010037000100000018001000", @ANYRES32=r0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00mnt\x00']) ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f0000000100)={{r1}, "00219f57e3ab5e14b056fe589825bd12ddecf442b85de2a103b544af521490af8b2646244d23c70562e6505ab036cf2e85ff06f1db3d87f30cd9366013b16161496b798bb6ab874468191113c2cb2499699fb97136cb5028952e6c4852218832adc795866d1ae37006aef9682729411b3584cf377374f5053d95cdecd0d4bc899d98c8a97f174bbb9e151ced9df6b11c56d0ca81f2e89c6022bee7a4c7cc96ac005358dcb3592a8d64d014d22d7189ddad87e1acbc3fbd42b40866c43cd02b385e9374699c27755f7e8bd7ef28f6d885c42dffd54658bdb63be921e2c4cc0322bd1642bcde189b87e6179814cf24dfe911a0d7c6f26c4597a8d609700c2e1b4f8819fc548009b9b731d2601145027805370f44303effcbe23e38fcae87c8c0a764a3b960ce38d4cbc3075d1db5aee1a42c3c83628a535464014ab9a2676ad6c1184c2ebd91e232ed755dcf91ee87dd6b85879cc3b86115e42ab6498b5ed188a6531c3e7338aa4ed15ea61e7ecb1211acc2806ee456c9fe3c2a5f09140c109a2fb32262a97bc7fe19f0baff7ab276f850e9aaad76b4c0208d18d216c4bf6dd884014f6e47dc883b52e4e955d7b7e109bdc5c116d66931335d47a755f6191b3544790fe75d45356fb296697145e16fdc19ee6c31303de025142d5b61c187b445a8a9d6eea7298533e93c150bb8e25570d95e05c0e48c88bbc6a931280d88b965ebe7582a29b69899eb8598cdc7be154f95e691166868f25c0d3e0e361ef3d21e63e5e3558da954366587d741d252256a7d332864a022b5f0780b69e41c92cb22ecd44e9eccca70d9d900576d9591e5666aa092b6bc50b0eee83e5a1814ad8eb2dd8d25de7f6e1776c63a290fe1b01ce36593485ef7d01b4b5287a25570935bc29dd209a4bb071dce60227bb9ba4adc3f1f2eb9133de603ba0bf2261b122b14d841bc623663213c0488a629e5d88fe4064123bac1a5132cb1d1805131a8f93f13b6845a4784f14ca13a0c41107d205a376ac948465ad23b3bad47635542199df979b2b716b047899bc4294949ffb838d09c787357e190c6e656a823bad2847902702cb7e2733eb6161f97be04557f12971372c805e76974db4df3ec5d0a97e94eae285bfbb28fde51da9916fe5e15cc57e290e4b89be5670a724ea9ba059f5647279476e442b9be3cd790a47db44071b5338cac149039100882af0ac779c3ac35ef849ce737c509671fbb9e6c5d172694eaecd1561d7f3af9b5fe37d896aa71c448094ca82c30a4e60e59e4c00b1f74ffeed9566c2f0f5c82cfaadc1d2124219d576c5d76a52019f02f68c2b80a9a087f5ec95825efc437202f3fefb444aa178a5a5d622df94f61fe0f789ed0fdba0aecd637f23f9e4ef088cc9915551c8eba89ea8c2bf2c222d0542c6846de07b911eee2235f2dca706716b496400d086c90bcd1ece7bb3369cc18ca3ffdfb71b48e36c731438e4ba572145dc7ecb41d71b45710225a254b1dd92671b665313e7974033d1a5a8b3892b5f27e35fad886135b7501b87f8ce2211951468759619c5b0f2fa62d545b71cb7585e508b9b2056ea65d9c8cb7d6cb29d2fb8d1b7dd2868f13411b809a054f292117a62ef1bd6030358979cd415e0071b69f808c3f0a2abb14eef7706dedcbe1211df2773e0152d74260d43c772337a0e93583271871ae078a8c3eea2319c7550e022e8a80d666994de50c83a7d894063afd5b584ed165618d7d1ea2bc5afd159ab385b2ce0f63587da7bfdfdbae46bc1c51ab4753cfa0f8cddab8a3a069d9c5dcdc47538359091b9153aa4459c24f0675f0bddd7c199dec73d2e08cad8cce601b9d991c71a6f4b1c844ba2279c77f9846ac209ed76ad578a81f205968b4f78658866ed50ca74adb72edb5f4300ad3c22e791cc87ff991bee4f7ed750f601da8076ff969412be5155d805c5d10c89927e1951ca30d0e311805b9d065929e3f3f041fef7a78876a6fddc26a777c4d952d7bfbb0bc2d50d22c87181a5e86dd44677c28ed294645aa81033c836e55b0a68a1ef8ae96f4f242c48d75ec8051075c47a86be58dee91355b3c7910dad15aded1bd2ebdccf7deee8c2d37d1dddac557ce00effc9230e57bd625d5866a4be98aa2fba80c6a72d92fd7586b80164b0bbda33eecfc876575f4c196254616194589f2b50c44090b8ef3129bef1c026a48878626a430ac92c1c3b477cd3043b9a7db305f2b1637ec6e61fe9d9e7bad6118157021134636f4f4f8900293ac4c4c2bd6c8db85efb5b314615cc955111521fb7a3bd8e2105cd68766227bb5e3d53043cae9c1d2aef765b3e0744c25b29fec5b6d0b3b3f5c08582a80e56f16dc2a8addbb186676d655abb701de721addc402b4df4a1ff931aa95b3642da289d099eb68fe5db8c2b0468ae3a0b9b0a96ad8c9c67c1c0f03006748fa60e8212a02a4561c302e433686625f7420489c58faabe0208400e8635caf89570e2316a605133bda370e6e807c3b9d5ba090c51d46f45716cbabbfee204a6bc5b171372da8f73983aba6d8c11314f8147c7f4ed40f6930e09b98f5e397c4e0712741f8a773c4daff4fc28481fd7f7df8235031956fec9db7bc76e3e4dde4474fc7dea55d7e575ba8d432c1cc5a9a0594ecc66abb364cb625f0b3a423d8730fbd30f2af74996ad77101f02b95c08d757374d9f45c419161ffa4e5875aee209d5964a8b806472b676cf4b4b85bde34732ea22905907045de8264149fd54be3fdf69374cb280f0eced6770ec43bc2b0a32672482590fee0fa081006ccb22cf27270f9fe390d077aa062ee5db12ba70d767a1266a2f18f9542955c354e33b0ffeac9e4fe0b07cf76f8754dfffb98208aff5c84963b31058bf07f41b3365baac38147dca4cc498b9ca5fea1e9a46d85143dad893fe724adf9ff95ca5411bd4f02a52e6fb8f95fafe0c40eb258c6b2b08ea3cefe5478ca844e8932ce4fb281142d64f9ce4826b8ffbad62859b81ff04f50be762620492573ca63184b131fbd53c00ffa5582ebb1d150924018a6c0e82ce40103d0cbe2cc7604b35ff828945b42534f3828eba6249ffb383d2f04109d92db8ffe57024634b4a9437ddc15c7fe91d2286cbea5bcb1dcbc70b54b40998e8bfff75e525dc9dc3d3009491150f1d49898380948eefd08652e24c4f2d2d97ba991a552e44523ebadf3d60d6e299d0e34ff38f65f827d7e1b1a72feaec3ab24885bb7eba75718e8cbd22bd8bf6df92d42b53e638926200ccaf0f3efddfa76e7a235a721018d4e36215462211ab0eda5d4ce0f9d96aa69e9c904162fc30e8a9820af77c5770c10f30a8f01480e9abc23613ae5b2f215fb7dddc028c1403cd02ebcb289058994666cac57d1a1d318a73f3bba156fe75e4df11dac4d0ebe24d432d14cd58b79a457fa1a01312dd80d8957ad0c562844c8725691510303217ca991dbc04b72895a8016113db2f4b312e9ee81d92a56dcfd5fc48c0f5218af9de12298976615322860f2fe93e26069ef6372019abd275102d1634715a20a393ce6b1620d0cace33d4a3f99c62ec9aa792cc89b46eb0afa9d4c6b17145fcac226857b43a72edb1f6412edc4fa9dd7124d99f70785524a5f737f27f69aa8a2e683a9bbdde6dcb0acafb61eedc5f904f5a9aca2d914a6a01f3b9b55b1c1b7507eccdc94b34a482204399bf97e0b9a736412413b970a785bc48213e06a03044f480a32dcad61966a492e460009ce406a7477977af23ef966a956ddf1085156728a78862c5378689eaece83fbeb1c411863d0e22435777a4543730306dbde10e3859ec03ae551db547cbc92f7a41a83d252d4fdbebf3fba1abbaf1280d1e7650cadd203383e405051762623d28eef289d2bce5b35e3a792bc981eda314390d3fa0629d88f56029d8df334cf4867fb749a32ce982804b14634978a62ea3bd2045dcdbb17bea32b45430c41d201155b923cdf8925174d6b13ec80dc16efaa34b0e817acdb24f6ffe3a5a8294fbc5800e3b9f3d758425416f0259eaab71c4d128aecd6cf2455347f678be64327484987cf257a1cda1094eb41a8a481b7b713f10a48360f37ca974ff520b3dc6bdfb296dcc4bd41377592ebc52090693b11f1fcbd1d64ea5e39b0995ffbf3f78dff466b737123781d5afb6316fe4918b84dff014c0526ee6802d3ac3df15254670e96dc271f7d41c12175cb03cd69783a70b8cddcc30e2203ba70484444ae211bbfd8a389392454113ef254af37b0c418407edcfee7c200012c81b8330c60ef18f43374bdab079081869cac2be256668a60996bfe9616dc5f73e95023cf8f18a07427eec7b770b6a99998cd8121406c055f11677341d9c1abbdaeb3814615e1ce14828c9519d87a1eddbfb42735a77a8c97d2fa0b1df6d989ba4f60c2d462e9e951e27bdc34650297c09c208a612833af3f5da951914bff971db8c2c7610db76e7cb1b0c81c95d0073f4fe99955933204627a5b39c24866fd155c6f9c71cf478829d6ea01b3c6118d384e563a7f368f4d3ec1fdbcf23d000dd0a543851a37e51137589a74b0176829000d4c0801746634d1129b2b702ab01e6f830b354dfcb078443ef837503aa69df5f86aaeee9a8c1224112f1514b1aa8065b65bf35e0634bf035dc0f462b8a42436a4fcfe767f64f6f4d344584349c7cb66d87700a89ee85d2f7b1c3d506a149b1fb3a36ade7ea199725b8cfa748a73eee8d9e81ff848633e944e39059e1034f68e65416f1964ef1312a456869c43b10a74e05d411a6977c2f49246953deb8f018d6b95945a5ec5d32523e6d8a9f07dc13aebe16396a2fb34c49aefe5311b7116e489ccaf483d23a618b16199e0c871f5fe3e338e427ee3ef5d625e152c9aa0a8512c4d943b1b8763d63b60d6d783eb66c2b7b5e221c35ed797c69022360e1810a1bce7ec299bef9c242862e2abc04f32c050036cbbdedf45e768ee5fe8b26226b05b492cc6b737c16a41fc169c3b98e04d8f5866a2e5288b589084a1398cce057cc8cc5a3c77be81bf05a9c51b5021a7f7e2e1ed50cbe6738cd1fb64d5840be94032db456a20d95916fc57e04c736dcf0c67f7e719ff9a617115e5c51ec99bb1e13c891fcfbd60a3bd714d21c79e12617847984dd0097de4468662018e2dc537a7200b3f9780f4d75c6090ddab1a4b03eade8f652372ff39fa13ea9e49609a1759086d03a303a85a452b0e31bff3c72fc5980a13c4290c3829a5477b715ae64fb4b2656936bc0b7ac1586d7b0b05235af8b1ee21f72405d8465118953cda1aac03e241170a54729d344018226e35a535c9648348f9e10a6c4dd5f17f787bc78e82aae95800eee241bf43a2b1a74faf78821ff7bbfc0e3f60975442b0ddadc8d02ea4c9d89c3133674c554c76de39999fabbf4ee6922188f6da597a5add837922b444ebe262b600b88527fd6b8e86a37a6d4c6829411a981e980e33a81af21063c87616e682a612be72a12bf976c94a01673d2fe826037c63007d65afd96bc3480574450fcc35ff71b78bdea54b55f82b0f1e21b3de80de2353789ee147c0b56ab68e486ee3c50b7195860d5f28bc4f82f04127664c06413da97f30ac42f4e9559406082477b33c1edc802be3bf22655a2f12f47fd2ad7fff0c08edab679b07b1c68e46497fbcf72afc2d2ac185ba9c5598e545d8ba0689363724264a3edf4c8abe9613cb851d88221daf6ed148ea71c6ccb6382cd7e3dd40a41e58ce4c48f801a4cfb432d68371159cf72b1a33c9148b88e486ea9bfb09ca2ddd788284f74a3b5b92"}) ioctl$CDROM_DEBUG(r0, 0x5330, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:53:02 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) (fail_nth: 33) [ 782.413463] FAULT_INJECTION: forcing a failure. [ 782.413463] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.414934] CPU: 0 UID: 0 PID: 6525 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 782.414954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 782.414963] Call Trace: [ 782.414968] [ 782.414974] dump_stack_lvl+0xfa/0x120 [ 782.414996] should_fail_ex+0x4d7/0x5e0 [ 782.415023] _copy_from_user+0x30/0xd0 [ 782.415048] copy_msghdr_from_user+0x88/0x150 [ 782.415070] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 782.415088] ? __pfx__kstrtoull+0x10/0x10 [ 782.415106] ? kfree+0x2c5/0x5d0 [ 782.415128] ? __lock_acquire+0x451/0x2250 [ 782.415151] ___sys_recvmsg+0xbb/0x190 [ 782.415170] ? __pfx____sys_recvmsg+0x10/0x10 [ 782.415191] ? __pfx_perf_trace_lock+0x10/0x10 [ 782.415215] ? lock_acquire+0x15e/0x2d0 [ 782.415232] ? __might_fault+0xe0/0x190 [ 782.415247] ? find_held_lock+0x2b/0x80 [ 782.415270] ? __might_fault+0x138/0x190 [ 782.415292] do_recvmmsg+0x2c5/0x6f0 [ 782.415316] ? __pfx_do_recvmmsg+0x10/0x10 [ 782.415333] ? ksys_write+0x187/0x240 [ 782.415348] ? lock_release+0xc8/0x270 [ 782.415369] ? __mutex_unlock_slowpath+0x157/0x740 [ 782.415384] ? kernel_write+0x593/0x660 [ 782.415403] ? __fget_files+0x20d/0x3b0 [ 782.415425] __x64_sys_recvmmsg+0x211/0x260 [ 782.415446] ? ksys_write+0x1a3/0x240 [ 782.415459] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 782.415479] ? irqentry_exit+0xee/0x650 [ 782.415492] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 782.415512] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 782.415536] do_syscall_64+0xbf/0x420 [ 782.415554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.415570] RIP: 0033:0x7f4b915d8b19 [ 782.415582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 782.415596] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 782.415611] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 782.415621] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 782.415630] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 782.415639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 782.415648] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 782.415669] 00:53:02 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x7000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 782.514984] FAULT_INJECTION: forcing a failure. [ 782.514984] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.516263] CPU: 0 UID: 0 PID: 6532 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 782.516281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 782.516290] Call Trace: [ 782.516295] [ 782.516300] dump_stack_lvl+0xfa/0x120 [ 782.516321] should_fail_ex+0x4d7/0x5e0 [ 782.516348] _copy_from_user+0x30/0xd0 [ 782.516371] kstrtouint_from_user+0xbd/0x180 [ 782.516388] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 782.516407] ? __lock_acquire+0x451/0x2250 [ 782.516429] ? fdget_pos+0x2a8/0x380 [ 782.516450] proc_fail_nth_write+0x7b/0x220 [ 782.516468] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 782.516488] ? lock_is_held_type+0x9e/0x120 [ 782.516505] vfs_write+0x2b7/0x1150 [ 782.516518] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 782.516537] ? __pfx___mutex_lock+0x10/0x10 [ 782.516551] ? __fget_files+0x34/0x3b0 [ 782.516564] ? __pfx_vfs_write+0x10/0x10 [ 782.516579] ? lock_release+0xc8/0x270 [ 782.516599] ? __fget_files+0x20d/0x3b0 [ 782.516621] ksys_write+0x121/0x240 [ 782.516634] ? __pfx_ksys_write+0x10/0x10 [ 782.516654] do_syscall_64+0xbf/0x420 [ 782.516672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.516687] RIP: 0033:0x7fcf605ff5ff [ 782.516698] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 782.516712] RSP: 002b:00007fcf5dbc2170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 782.516726] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcf605ff5ff [ 782.516735] RDX: 0000000000000001 RSI: 00007fcf5dbc21e0 RDI: 0000000000000003 [ 782.516744] RBP: 00007fcf5dbc21d0 R08: 0000000000000000 R09: ffffffffffffffff [ 782.516753] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 782.516766] R13: 00007ffded3a83af R14: 00007fcf5dbc2300 R15: 0000000000022000 [ 782.516787] 00:53:03 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x200000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:53:03 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 26) 00:53:03 executing program 7: mremap(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) 00:53:03 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 40) 00:53:03 executing program 2: ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000040)) mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil) mlock(&(0x7f0000ff8000/0x1000)=nil, 0x1000) mbind(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x1, &(0x7f0000000000)=0x3f, 0x6, 0x0) mlock2(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x1) [ 782.671968] FAULT_INJECTION: forcing a failure. [ 782.671968] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.683825] CPU: 0 UID: 0 PID: 6539 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 782.683859] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 782.683874] Call Trace: [ 782.683882] [ 782.683891] dump_stack_lvl+0xfa/0x120 [ 782.683925] should_fail_ex+0x4d7/0x5e0 [ 782.683968] _copy_from_user+0x30/0xd0 [ 782.684007] copy_msghdr_from_user+0x88/0x150 [ 782.684041] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 782.684071] ? __pfx__kstrtoull+0x10/0x10 [ 782.684100] ? kfree+0x2c5/0x5d0 [ 782.684134] ? __lock_acquire+0x451/0x2250 [ 782.684171] ___sys_recvmsg+0xbb/0x190 [ 782.684202] ? __pfx____sys_recvmsg+0x10/0x10 [ 782.684236] ? __pfx_perf_trace_lock+0x10/0x10 [ 782.684273] ? lock_acquire+0x15e/0x2d0 [ 782.684301] ? __might_fault+0xe0/0x190 [ 782.684324] ? find_held_lock+0x2b/0x80 [ 782.684361] ? __might_fault+0x138/0x190 [ 782.684396] do_recvmmsg+0x2c5/0x6f0 [ 782.684434] ? __pfx_do_recvmmsg+0x10/0x10 [ 782.684463] ? ksys_write+0x187/0x240 [ 782.684486] ? lock_release+0xc8/0x270 [ 782.684520] ? __mutex_unlock_slowpath+0x157/0x740 [ 782.684543] ? kernel_write+0x593/0x660 [ 782.684575] ? __fget_files+0x20d/0x3b0 [ 782.684610] __x64_sys_recvmmsg+0x211/0x260 [ 782.684643] ? ksys_write+0x1a3/0x240 [ 782.684664] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 782.684696] ? irqentry_exit+0xee/0x650 [ 782.684717] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 782.684747] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 782.684794] do_syscall_64+0xbf/0x420 [ 782.684823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.684847] RIP: 0033:0x7f8ef3114b19 [ 782.684866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 782.684890] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 782.684913] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 782.684929] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 782.684944] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 782.684958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 782.684972] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 782.685006] 00:53:03 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:53:03 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xe, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 782.787106] FAULT_INJECTION: forcing a failure. [ 782.787106] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.794820] CPU: 1 UID: 0 PID: 6547 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 782.794861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 782.794876] Call Trace: [ 782.794885] [ 782.794895] dump_stack_lvl+0xfa/0x120 [ 782.794930] should_fail_ex+0x4d7/0x5e0 [ 782.794976] _copy_from_user+0x30/0xd0 [ 782.795018] copy_msghdr_from_user+0x88/0x150 [ 782.795053] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 782.795085] ? __pfx__kstrtoull+0x10/0x10 [ 782.795116] ? kfree+0x2c5/0x5d0 [ 782.795152] ? __lock_acquire+0x451/0x2250 [ 782.795192] ___sys_recvmsg+0xbb/0x190 [ 782.795225] ? __pfx____sys_recvmsg+0x10/0x10 [ 782.795262] ? __pfx_perf_trace_lock+0x10/0x10 [ 782.795301] ? lock_acquire+0x15e/0x2d0 [ 782.795331] ? __might_fault+0xe0/0x190 [ 782.795355] ? find_held_lock+0x2b/0x80 [ 782.795395] ? __might_fault+0x138/0x190 [ 782.795432] do_recvmmsg+0x2c5/0x6f0 [ 782.795473] ? __pfx_do_recvmmsg+0x10/0x10 [ 782.795504] ? ksys_write+0x187/0x240 [ 782.795528] ? lock_release+0xc8/0x270 [ 782.795564] ? __mutex_unlock_slowpath+0x157/0x740 [ 782.795596] ? kernel_write+0x593/0x660 [ 782.795630] ? __fget_files+0x20d/0x3b0 [ 782.795667] __x64_sys_recvmmsg+0x211/0x260 [ 782.795703] ? ksys_write+0x1a3/0x240 [ 782.795725] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 782.795759] ? irqentry_exit+0xee/0x650 [ 782.795782] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 782.795814] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 782.795856] do_syscall_64+0xbf/0x420 [ 782.795887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.795913] RIP: 0033:0x7f4b915d8b19 [ 782.795934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 782.795959] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 782.795984] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 782.796001] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 782.796016] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 782.796032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 782.796047] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 782.796084] 00:53:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "9e1961fbccfc2dbd90fd623df5c3d66f"}]}, 0x30}}, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x18c, 0x0, 0x4, 0x70bd28, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x212}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x4}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x100}, {0x6, 0x11, 0xdb3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1}, {0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x80}, {0x6, 0x11, 0x401}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7e5}, {0x6, 0x11, 0x80}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x4}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7fffffff}, {0x6, 0x11, 0x1}}]}, 0x18c}, 0x1, 0x0, 0x0, 0x20048004}, 0x240440c4) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, r1, 0x20, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x38}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x47}]}, 0x38}, 0x1, 0x0, 0x0, 0x8084}, 0x40) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/sctp\x00') r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r5, 0x300, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8004}, 0x8041) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:53:03 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:15 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0xa) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:53:15 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8100000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:15 executing program 7: mlock(&(0x7f0000ffa000/0x1000)=nil, 0x1000) 00:53:15 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 27) 00:53:15 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x300000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:53:15 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 41) 00:53:15 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sco\x00') ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000000c0)=0x0) r2 = perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x7f, 0x3, 0x11, 0x80, 0x0, 0xa0be, 0x27c24, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8000, 0x1, @perf_bp={&(0x7f0000000100), 0x5}, 0x803, 0xc6, 0x1, 0x0, 0x0, 0x6b7, 0x403, 0x0, 0x0, 0x0, 0xed3}, r1, 0x5, r0, 0x2) recvmmsg$unix(r0, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)=""/126, 0x7e}, {&(0x7f0000000240)=""/137, 0x89}, {&(0x7f0000000300)=""/195, 0xc3}, {&(0x7f0000000400)=""/58, 0x3a}, {&(0x7f0000000440)=""/110, 0x6e}], 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000801c0400000001000000e8d2e2e93eee03f63a325557457704c4786fb89da2613c997c8fe19a1d4f01ef8a88f8d16b041b1523b45571b3ad596e5d9e04a488f9b2b8a14242078c1f83b39dceb1bf736498f05d40453fb2069832f2860113e59d7e1bf8000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001000000000000000010000000100000028000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYBLOB="e3f700bfc32956000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xb8}}], 0x1, 0x40000021, &(0x7f0000000640)) ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000a80)={0x1, 0x9e, 0x0, 0x11, 0x116, &(0x7f0000000680)}) pread64(r2, &(0x7f00000001c0)=""/106, 0x6a, 0x1) 00:53:15 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 795.512058] loop6: detected capacity change from 0 to 264192 [ 795.537386] FAULT_INJECTION: forcing a failure. [ 795.537386] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.538384] FAULT_INJECTION: forcing a failure. [ 795.538384] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.544853] CPU: 0 UID: 0 PID: 6580 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 795.544880] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 795.544892] Call Trace: [ 795.544899] [ 795.544906] dump_stack_lvl+0xfa/0x120 [ 795.544934] should_fail_ex+0x4d7/0x5e0 [ 795.544969] _copy_from_user+0x30/0xd0 [ 795.545000] copy_msghdr_from_user+0x88/0x150 [ 795.545027] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 795.545050] ? __pfx__kstrtoull+0x10/0x10 [ 795.545074] ? kfree+0x2c5/0x5d0 [ 795.545100] ? __lock_acquire+0x451/0x2250 [ 795.545137] ___sys_recvmsg+0xbb/0x190 [ 795.545161] ? __pfx____sys_recvmsg+0x10/0x10 [ 795.545187] ? __pfx_perf_trace_lock+0x10/0x10 [ 795.545216] ? lock_acquire+0x15e/0x2d0 [ 795.545238] ? __might_fault+0xe0/0x190 [ 795.545257] ? find_held_lock+0x2b/0x80 [ 795.545286] ? __might_fault+0x138/0x190 [ 795.545313] do_recvmmsg+0x2c5/0x6f0 [ 795.545343] ? __pfx_do_recvmmsg+0x10/0x10 [ 795.545366] ? ksys_write+0x187/0x240 [ 795.545384] ? lock_release+0xc8/0x270 [ 795.545411] ? __mutex_unlock_slowpath+0x157/0x740 [ 795.545429] ? kernel_write+0x593/0x660 [ 795.545454] ? __fget_files+0x20d/0x3b0 [ 795.545482] __x64_sys_recvmmsg+0x211/0x260 00:53:16 executing program 2: ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000000)={'nr0\x00'}) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x8]}, 0x8, 0x800) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'vlan1\x00'}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:53:16 executing program 7: mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8000, 0x0, &(0x7f0000ff8000/0x8000)=nil) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) [ 795.545508] ? ksys_write+0x1a3/0x240 [ 795.545525] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 795.545550] ? irqentry_exit+0xee/0x650 [ 795.545567] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 795.545591] ? lockdep_hardirqs_on_prepare+0xdb/0x190 00:53:16 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0xfffffe9a, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x10040, 0x0, 0x80000000, 0x0, 0x2, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) r1 = dup(r0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000000c0)=0x0) ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f00000003c0)={{r0}, "89a94cc7666cd4e1394ae999dbec6c72784c07476cef1c4bb9cfde687817104f1f729ad07e6340c38b330e099ca427fd27e48c83ebdcc7abd13d04027bfe417ba945e15f268cb9c081b26ec9e117e45972c98467dd9c334619e884df0e4cef5e20155cd42e086d05ba9126dc00efb830549f0e364914b881b81aca1627c54efad9334f05f3e4da0d9fa00f05ca20aa564403e4748b07332ae1b008f9d452aca570a99b4d14786a5061b6194dce834f3c3110d5d843ca9f156d4e657f244078fd001875424f166cbe1263d5d8c329817de4eda28f6a8d7c4fc657086c593fc1b141073a2aca8263baba156d19c4a751d4b2ff0d066b58cc723dde0996728ddd178c05b02358ed5221e6571d261e0d890670c3e856623323757c66ca0e6ad896c202b1db4f455ad3048a67d478219faf8b0fd4aa0c964d39db4f0dabdfbee75300c0b3d3ee57b5816d031e492d5f209b9b5d4d9559003f3739d626c27889ac4268e60938c7bfa31196fb507eedd1cff9d8621b8eb9ac644c02d01b252e8c752ce4d1dc70520acd81f81bfafddaab62a04deadc78fd125058d33f9b1a94a1d76d77146365a5df23fe910c656b62892783ffbd61a1d26d4e0a34f9bba679f8d38de55350ef48a1f1c8b0ae04f2a528ffeb012599ce483428fc963c8466bf447db9eb7ff152ba6a3e4450909cb4b3ff9f8c40a998bb34ef6beafb89c10755bd473d9a468c6993ea8c492d3c372c476e94cfb8b2590cadeda1765ea66caaccfb83e7f708026ead9f5db7636538a9a9fabe00a63c26f8fdb602541bc4706ef8b5109be19eb58ed18cdc612ab81e60b0a0db024caa90f5aa20583cfb95df51528b442a2544aa14fcc5d5217184c0bf9d64f51ebbb5ee50a5b6dbeecb65d9b9f705e11f194afdeb0c1ced28d835de24c2d2b37353c85d605b2fd178523520fc78d8edde4993cb3c9f8acb11da86ad64fcab8630e04198cb424112691879904479af7885a4141936d0dada54c5c61f98a768b104e1856286395c5a7381cb791b196a76f9c534749ec22d0f369b374b8930e0efd3fdee6366dec19d69260199968806ab44fde944e5d0ac5abc4cb2a30fd5d90d836eab1b65ac5d8aa2b77ba2b75087e691d0d0289b5cc45a5f89c17b446ef67d01cce4aa92d93a1cac7dbb6ea402e8bc7041ae7650c27f1abc0e31318a33a006e44de1abbbf92a584e9f08c2b4d23d7ef28f525ab34e98737a2253b2066f5f144a9ae82d01772fe84a9dd84fcf2a76fab8206d903d96ff89e079333a51db97b56c2feef50a815956c877e5e1bee3a925b434079b4cb811b03e7c717f4e5c9874883c9629253ddfc205e7014825eea8eeef16e979608ae553a86569f87e1549a850e8bfa2d3e23427dc24e1eb4e241c9595d6bef5b49006de528e7cc953c77c0bc4e4a1ad72b01386e2753651df2b074d66e86153084601c02e758b6cfb20b089aa015f8b17521eb78fb607581c08a966f3d7be9b64069e263b50bb6e47df5072e8b7699e71cf84c0f09c0d283b89ebb06880be3765fc177f6c3d1a6f21a3a275fc19d969ab402e6a1646d03887487adda12bd94a3ea68674858bd6350923670d37a5e85e08a1f00fd1218efe7f02f3470b529d57daa1d5e64cb0d681f9c9e876a0f446658df39953a5a4e9a13307eb32970be47cc7965ebb80819546915ebeac725ec4fd466c114dacd35cc2d1d9a1c299cde6ab26ea1200338aa8c1e68ae3c6a9a4043a1e1666d41e0e3f22ef84f768c29be6aaafefd05cff120305ad21d890e95e331f51e3627f3088af79412cb45a5458afde4dfd7c246069239b4e8bb2382ea7812c964a586bd9a806cfe5aa98362dbf1b955bf12c727d55d69fff85b9ae48783945d4c16011a707cad787b25649371d2c07609edebb5c28e797591b78bfad57e42515279a80a66ed6b1f8274fe673e65dbf39579aeab6c8e9e00e6055fe4c4d473ef69c30292b012d8e859009f8dd07cd84baccfb5098929cd36c767ff414f0fd2f3015bd8264081e7a84e28658b74e6b97270c0d5662d6d674d5d30ed08078b69f76f1efac5a89434a18cfddb03bc4b9774cdedf8c6fff86623131edec5d81fbe82355d35c9e0bda77eb5c849ce6163441d11d9f464d514991fe873a6497b090f12c084698d4e5f4c1e857478cc4f0fa7fd76294a1fba207fdd6daa03d97eb81d41b2cbf820c62b14989f67aa14e1821e1b67c9d01d042a085e52e53e91fec61ee788f1909975e4124c41c1a4f84076eeed6db9fb29f24d01d9e04bd1a2dd9ca9fb87425c1309279c7c26069dea70eaaed6b17e7c9f631dad2d1a8b1f9e8d2717412580f29a0bd2106e8b7c748d50ae8ab4595c26c7ae76f756dd503f2b046a63e543f8dececa6bbd85c5726e875d227632b47952ac07f78401e2657837291b816d75577239c320f5dbc4fb1affb5ac3f445fd65743830be4d6e7fdc14552322c1193cedb1adfefd06652479f83ffbd9d689f93c1f0c748dd341d4d325912d7bc2356a7145eb37f37c98e9bad16f7b2d57878ac3c61a6a2b8520a704b9eb88ee40ece8b040745864d8d6779d390b7e97a7bf2d2df30cb42397d36dbc234653533ff71d50bc100f659009dd971684059710de48ec181c9b63ef459dad03adb726c0d2385ad03a4e9d124a525f1272ddb7179d3598862a532ec75374999886293b4137c482c072fc01c07d6adedeb80467cd663fca8c7f775d218ba2660fc10e50bc6da5a66a7444bef727c31f3b0fdd4e07dd33fbe914d33d14f4d417d33f59f73c8ac6c83b98963071686d0dcb69cf50f16e71402dec86121dbd114dfdfc4299b9917627917666be43de7878ba1c23a8dd8e148d86434ad1697ce5198de93c2a09eb467ba0282aef11b5c72d8b73fdc4a3cf43c0d41cc1abc84fa6ba3a4a261aa44976361d4f5eb44454fe573f7da4003a1fcc74203ffbbb960ac363fbbb0666bbfd9289cbffe72b0ef4570aa33a7a95245d97639d0e59a0631844422ec615f6c31924e1c0fd105c4c468d2971f4a837fe2366d95672424c73ecea90f6fef4b2d2445db7a4e8dc9db8becd16e8b0a70af2bdd5c553031281e7efd053fdcb1af2df5c7f4862eac09b213da6f1ea162ffd26980c58468e44625cfbe4de4d14d97c077b02f42b7c8e9b00755eb3bee2ea4663547190be6d726802191966f59ddb44634a7d9ae1eb0d8cfbd5845a2208e5eede4f53e2a178e5db2c19e16a2901c362fc1d1c01792cfe222dc1a2ce8e5f109f565181703c20a06a0d370d4a9f1c2c139bf946665d062b1e68180056b5940d1a5fa1afeb6f4e0dab22c43113ad63a06619770d7d221e3d0220ba83bca2f694dcefb439b295408cbb6de3c87c9bd1b63dca8fcfdd4fd502d5394dd215b2a9f46d7e4dddeafb2a29967df34a4615fae2e924e7d3a64eafd71a22ea89249b74959c72007150c4580b7470257bf15c3b03e7020f0d91d56368a38bc486e6d803632bd128489865fd4eb0e1bfeba99fa23defcf5ff3dd93952c56acaf5bf7512accf1193c14881f7fab56ee750ef63ae81d2b7e27d63202bb6e32e66cf8f81ff905a9aba215091958482e189d3b941b3158a25b84f5be56e637dd02f0391c79064fca402f1805154d6a131702d8760de7574d2a1c1abc09d25111d37a44d8b46f6d1d810d397352e41949dc7965fe53f82ec7acd6c84062d50d51899b3deb2fd00b7ef52e0493c16cf0a67e05d410a5df209ec83530dadbc02f9d70341053f09895590c0d4fa3f91080ca25e0070c60d8c498b6f484fb3a5adf6deb7b4b8ac3bafb1d08f15cf3e64a6a6d25e64e84dfa1da519a04893c50ab841a68c7301e2cd7d128459a73aba02e04cbbbcf06b4adeefa2745f6090996755a9bf66ee95c9d48d93b1236394a50d5e19f43964052f546dd9f3576f3b871fc1c6314bc8cf6a7e1f30fe853ec2a35153d5521b7c0f6c33aece5052bea77f4daf46a6cbe8f25ab4b2e7f3a68dd3b4d9b4893d9e7cf86315383574642244482a4e86b8876b59758f82ebaa19bacd82a7b3b532bece13a7690b3d068ffa81a5e6071151e60d4880638e60c1600b86ab847b03a6b6b0566ecf332079b112f7ec0c08f1e6821d36270b67f76f049a66cfb7b2b3cd57e7faf701cac31535274adaa252fe8e32536bda16df3243a66e0f44a480602311c8ff8ee64201494156e7e12234c8a28a8a2f07b747dca06d3b71f7ddd66f2fd3044ccefe2149bb71477c280a2043d188de5b95da25b787522e10433bf0bd88e41b5fe568031fe23e5dd88f927f0038accbadbc68ae34f9fa6c7b7117c708d898fade832abc9f51ef6e5c28d9db8c81aa79e99fa2765be0d4ec34f75428ad52957682fc8e83bfedf2d4571d079f2f44334de20b1fd449c935acb44c42dfad7e0966cef7f7624ace278ceae9398ae21bf24e400347b395f727d08c272a78e89b25af5f0ba5eda41910bbe0f50ef25b32aa4887e6c3cbd7237b41745cb2bd3a6214198e14ac803a9930a06af3f4c8dfeb71957331ede3a2e3f8cc5c791c46e0b6249238ab5d0349ffa03a642c9579a909d6e08bec9f9e2154399a930ea03cacb90fcb948d09b1245ff37ae92e0ac7bd7260d843564853c21a907b770d3016c291d209a4591223a126dfa1d1b5f132cf754d9cc78b8519d39ef7fd9c3d3639415e9d8519a7da1dc7d5429e318639696d954b9aed9c003d30e8f92a285f191697498215c4b87f44eaab4165859c5d0dd814412b40677a1244d3418779647b119358b8486d3678f9d791387123d40e1900f936c8c14d172850cffcfa203c3d0eed0d8801ba83b21603f8a5df5fd9c6712fb48427fa03ce9de15a96f470cab9883fe9af92ab9d1ef9304b55bf999eab4965b1dd6d8f1da7883a54540e2302b7b9fb9ea9854cdc4d2afa22de7a7242802d98c6c37d12ac29bdc4a9fb36d5f8a799105fba2d5f5b1fc017d2673186af07a2133ed645e29fe4f12028fa6a3a90e0be95056a6bcf45111b78f731eb4619602ea4f4f54dd3cb2844674784eee676465155d14e3d2badcd966324f5efdebe720eebcbe8cc9cc0efb6be2510c4860f5c988930a99859ebcd59f8b2207542327f5cf82027edabaede36dc3cd951b8c18d1a86cc3f9110b86a8a0473312a170bd37b5a402465f4d5e4ade3c20db3e24b9b16e1a9f4155bebf9a68a403e5912fa17c990978771915cfa1df6e8e4ead6a3f273c3b52b072478877e7bd42efe017869d8dc732791adcb7158c275e819fbdc7e48c76f289c65867fe25651d13ef76c9d99c5fddcf998849fe32222036a91accb68c8ce761288c889ddd6e565ec3be4faf2dbca9832141326f6e38323eb9e395c42042748546a9f102f8a50d9556e3f69b0aa16aadd9dbd38c3ff61c39e64625040d4d9872de920ce72440781e90b7bffef5b2cc1ca29bb4beefaaccf88ee8eeb1eb7eb877d5996821416b19009e290d70a1aea08eceea23f8f64992da782724941eeca29cc36bdc28f5dabdebb17a9f44c8fc468f72c95d24e28fc60cd675d4524d9f7c53e0ddef3ac7336504f3a2ba508ac3d34e1a15c293a9f836a56a83c10af0322ad4c3a10a1d4b9484e6a7733a1da9814e06b6e9e9acc41cd6ba8527c9a0d3194bb94c816b548fa0ae71bee09e57f41fe37f9e98cbed0b2434bf17b347b7aa75dff977d4a9aa3dbc7f15334681deb1d4ce6601647566b287dd9d6b6e57d3aec7b5d43df231c67324942bd7a3982c203d194d76202174a73ee6efc5815e9555f53abe7b9eae822e6dddc35e0e49ff91"}) r3 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6, 0x8, 0x9, 0x1, 0x0, 0x8, 0x100, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x20, 0x1, @perf_bp, 0x100, 0x10000, 0xc05, 0x4, 0x3e6e, 0x1, 0x0, 0x0, 0x9, 0x0, 0x8}, r2, 0xa, r0, 0x1) r4 = socket$unix(0x1, 0x2, 0x0) splice(r4, &(0x7f0000000100)=0x3447, r3, &(0x7f0000000140)=0x3, 0x81, 0x1) [ 795.545621] do_syscall_64+0xbf/0x420 [ 795.545644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.545663] RIP: 0033:0x7f4b915d8b19 [ 795.545678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 795.545696] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 795.545715] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 795.545727] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 795.545738] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 795.545750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 795.545760] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 795.545787] [ 795.553875] CPU: 1 UID: 0 PID: 6582 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 00:53:16 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 795.553909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 795.553922] Call Trace: [ 795.553930] [ 795.553939] dump_stack_lvl+0xfa/0x120 [ 795.553973] should_fail_ex+0x4d7/0x5e0 [ 795.554014] _copy_from_user+0x30/0xd0 00:53:16 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 42) [ 795.554051] copy_msghdr_from_user+0x88/0x150 [ 795.554084] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 795.554113] ? __pfx__kstrtoull+0x10/0x10 00:53:16 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 28) [ 795.554140] ? kfree+0x2c5/0x5d0 [ 795.554173] ? __lock_acquire+0x451/0x2250 [ 795.554208] ___sys_recvmsg+0xbb/0x190 [ 795.554238] ? __pfx____sys_recvmsg+0x10/0x10 [ 795.554270] ? __pfx_perf_trace_lock+0x10/0x10 [ 795.554304] ? lock_acquire+0x15e/0x2d0 [ 795.554331] ? __might_fault+0xe0/0x190 [ 795.554353] ? find_held_lock+0x2b/0x80 [ 795.554388] ? __might_fault+0x138/0x190 [ 795.554421] do_recvmmsg+0x2c5/0x6f0 [ 795.554457] ? __pfx_do_recvmmsg+0x10/0x10 [ 795.554484] ? ksys_write+0x187/0x240 [ 795.554506] ? lock_release+0xc8/0x270 [ 795.554537] ? __mutex_unlock_slowpath+0x157/0x740 [ 795.554559] ? kernel_write+0x593/0x660 [ 795.554589] ? __fget_files+0x20d/0x3b0 [ 795.554623] __x64_sys_recvmmsg+0x211/0x260 [ 795.554654] ? ksys_write+0x1a3/0x240 [ 795.554674] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 795.554704] ? irqentry_exit+0xee/0x650 [ 795.554724] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 795.554753] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 795.554798] do_syscall_64+0xbf/0x420 [ 795.554840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.554864] RIP: 0033:0x7f8ef3114b19 [ 795.554882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 795.554904] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 795.554926] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 795.554941] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 795.554955] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 795.554968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 795.554982] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 795.555014] [ 795.762715] FAULT_INJECTION: forcing a failure. [ 795.762715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.812846] CPU: 0 UID: 0 PID: 6599 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 795.812870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 795.812881] Call Trace: [ 795.812886] [ 795.812893] dump_stack_lvl+0xfa/0x120 [ 795.812917] should_fail_ex+0x4d7/0x5e0 [ 795.812945] _copy_from_user+0x30/0xd0 [ 795.812971] copy_msghdr_from_user+0x88/0x150 [ 795.812994] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 795.813014] ? __pfx__kstrtoull+0x10/0x10 [ 795.813032] ? kfree+0x2c5/0x5d0 [ 795.813054] ? __lock_acquire+0x451/0x2250 [ 795.813078] ___sys_recvmsg+0xbb/0x190 [ 795.813098] ? __pfx____sys_recvmsg+0x10/0x10 [ 795.813120] ? __pfx_perf_trace_lock+0x10/0x10 [ 795.813144] ? lock_acquire+0x15e/0x2d0 [ 795.813161] ? __might_fault+0xe0/0x190 [ 795.813177] ? find_held_lock+0x2b/0x80 [ 795.813200] ? __might_fault+0x138/0x190 [ 795.813223] do_recvmmsg+0x2c5/0x6f0 [ 795.813247] ? __pfx_do_recvmmsg+0x10/0x10 [ 795.813265] ? ksys_write+0x187/0x240 [ 795.813280] ? lock_release+0xc8/0x270 [ 795.813301] ? __mutex_unlock_slowpath+0x157/0x740 [ 795.813316] ? kernel_write+0x593/0x660 [ 795.813336] ? __fget_files+0x20d/0x3b0 [ 795.813359] __x64_sys_recvmmsg+0x211/0x260 [ 795.813380] ? ksys_write+0x1a3/0x240 [ 795.813393] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 795.813413] ? irqentry_exit+0xee/0x650 [ 795.813427] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 795.813447] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 795.813471] do_syscall_64+0xbf/0x420 [ 795.813489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.813506] RIP: 0033:0x7f4b915d8b19 [ 795.813518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 795.813532] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 795.813548] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 795.813558] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 795.813567] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 795.813576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 795.813584] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 795.813607] [ 795.827666] FAULT_INJECTION: forcing a failure. [ 795.827666] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.871095] CPU: 1 UID: 0 PID: 6602 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 795.871130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 795.871143] Call Trace: [ 795.871151] [ 795.871160] dump_stack_lvl+0xfa/0x120 [ 795.871193] should_fail_ex+0x4d7/0x5e0 [ 795.871233] _copy_from_user+0x30/0xd0 [ 795.871270] copy_msghdr_from_user+0x88/0x150 [ 795.871303] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 795.871332] ? __pfx__kstrtoull+0x10/0x10 [ 795.871360] ? kfree+0x2c5/0x5d0 [ 795.871392] ? __lock_acquire+0x451/0x2250 [ 795.871427] ___sys_recvmsg+0xbb/0x190 [ 795.871457] ? __pfx____sys_recvmsg+0x10/0x10 [ 795.871488] ? __pfx_perf_trace_lock+0x10/0x10 [ 795.871523] ? lock_acquire+0x15e/0x2d0 [ 795.871549] ? __might_fault+0xe0/0x190 [ 795.871572] ? find_held_lock+0x2b/0x80 [ 795.871606] ? __might_fault+0x138/0x190 [ 795.871639] do_recvmmsg+0x2c5/0x6f0 [ 795.871676] ? __pfx_do_recvmmsg+0x10/0x10 [ 795.871703] ? ksys_write+0x187/0x240 [ 795.871725] ? lock_release+0xc8/0x270 [ 795.871765] ? __mutex_unlock_slowpath+0x157/0x740 [ 795.871787] ? kernel_write+0x593/0x660 [ 795.871817] ? __fget_files+0x20d/0x3b0 [ 795.871850] __x64_sys_recvmmsg+0x211/0x260 [ 795.871881] ? ksys_write+0x1a3/0x240 [ 795.871901] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 795.871931] ? irqentry_exit+0xee/0x650 [ 795.871951] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 795.871980] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 795.872016] do_syscall_64+0xbf/0x420 [ 795.872043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.872066] RIP: 0033:0x7f8ef3114b19 [ 795.872085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 795.872106] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 795.872129] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 795.872143] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 795.872157] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 795.872171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 795.872184] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 795.872216] 00:53:26 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x4, &(0x7f0000ff7000/0x4000)=nil) 00:53:26 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 29) 00:53:26 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r2, 0x0) recvmmsg$unix(r1, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r4, 0x0) recvmmsg$unix(r3, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r6, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r7, r8, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ppoll(&(0x7f0000000040)=[{r1, 0x20}, {r3, 0x4082}, {r6, 0x4001}, {r0}, {r0}, {r0, 0x1520}, {r8, 0x292}, {r9, 0x101}], 0x8, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={[0x7fff]}, 0x8) 00:53:26 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 43) 00:53:26 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x400000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:53:26 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x10000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:26 executing program 2: ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1, 0xffffff1f}}, './file0\x00'}) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x48, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1ff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x161f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x71c7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x5}, 0x4000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x6, &(0x7f0000ffc000/0x1000)=nil) 00:53:26 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 806.174375] loop6: detected capacity change from 0 to 264192 [ 806.187405] FAULT_INJECTION: forcing a failure. [ 806.187405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 806.199333] CPU: 0 UID: 0 PID: 6618 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 806.199359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 806.199369] Call Trace: [ 806.199375] [ 806.199383] dump_stack_lvl+0xfa/0x120 [ 806.199409] should_fail_ex+0x4d7/0x5e0 [ 806.199442] _copy_from_user+0x30/0xd0 [ 806.199471] copy_msghdr_from_user+0x88/0x150 [ 806.199498] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 806.199521] ? __pfx__kstrtoull+0x10/0x10 [ 806.199543] ? kfree+0x2c5/0x5d0 [ 806.199569] ? __lock_acquire+0x451/0x2250 [ 806.199598] ___sys_recvmsg+0xbb/0x190 [ 806.199622] ? __pfx____sys_recvmsg+0x10/0x10 [ 806.199647] ? __pfx_perf_trace_lock+0x10/0x10 [ 806.199675] ? lock_acquire+0x15e/0x2d0 [ 806.199696] ? __might_fault+0xe0/0x190 [ 806.199714] ? find_held_lock+0x2b/0x80 [ 806.199742] ? __might_fault+0x138/0x190 [ 806.199775] do_recvmmsg+0x2c5/0x6f0 [ 806.199804] ? __pfx_do_recvmmsg+0x10/0x10 [ 806.199825] ? ksys_write+0x187/0x240 [ 806.199843] ? lock_release+0xc8/0x270 [ 806.199869] ? __mutex_unlock_slowpath+0x157/0x740 [ 806.199887] ? kernel_write+0x593/0x660 [ 806.199911] ? __fget_files+0x20d/0x3b0 [ 806.199937] __x64_sys_recvmmsg+0x211/0x260 [ 806.199962] ? ksys_write+0x1a3/0x240 [ 806.199978] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 806.200002] ? irqentry_exit+0xee/0x650 [ 806.200019] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 806.200042] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 806.200071] do_syscall_64+0xbf/0x420 [ 806.200093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.200112] RIP: 0033:0x7f4b915d8b19 [ 806.200126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 806.200147] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 806.200165] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 806.200178] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 806.200188] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 806.200199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 806.200209] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 806.200236] [ 806.238817] FAULT_INJECTION: forcing a failure. [ 806.238817] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:53:26 executing program 2: mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x6, &(0x7f0000ffe000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xf) [ 806.247524] CPU: 1 UID: 0 PID: 6622 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 806.247559] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 806.247574] Call Trace: [ 806.247582] [ 806.247592] dump_stack_lvl+0xfa/0x120 [ 806.247627] should_fail_ex+0x4d7/0x5e0 [ 806.247671] _copy_from_user+0x30/0xd0 [ 806.247711] copy_msghdr_from_user+0x88/0x150 [ 806.247746] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 806.247792] ? kfree+0x2c5/0x5d0 [ 806.247825] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 806.247866] ___sys_recvmsg+0xbb/0x190 [ 806.247898] ? __pfx____sys_recvmsg+0x10/0x10 [ 806.247933] ? __pfx_perf_trace_lock+0x10/0x10 [ 806.247971] ? lock_acquire+0x15e/0x2d0 [ 806.247999] ? __might_fault+0xe0/0x190 [ 806.248023] ? find_held_lock+0x2b/0x80 [ 806.248060] ? __might_fault+0x138/0x190 [ 806.248096] do_recvmmsg+0x2c5/0x6f0 [ 806.248135] ? __pfx_do_recvmmsg+0x10/0x10 [ 806.248165] ? ksys_write+0x187/0x240 [ 806.248188] ? lock_release+0xc8/0x270 [ 806.248226] ? srso_alias_untrain_ret+0x1/0x10 [ 806.248264] ? lock_acquire+0x15e/0x2d0 [ 806.248298] __x64_sys_recvmmsg+0x211/0x260 [ 806.248332] ? lock_release+0xc8/0x270 [ 806.248361] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 806.248392] ? __might_fault+0xe0/0x190 [ 806.248417] ? __might_fault+0x151/0x190 [ 806.248446] do_syscall_64+0xbf/0x420 [ 806.248476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.248499] RIP: 0033:0x7f8ef3114b19 [ 806.248519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 806.248541] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 806.248564] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 806.248580] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 806.248595] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 806.248609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 806.248623] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 806.248657] 00:53:26 executing program 7: mincore(&(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000080)=""/62) mbind(&(0x7f0000ff6000/0x4000)=nil, 0x4000, 0x8000, &(0x7f00000000c0)=0x5, 0x2, 0x3) mincore(&(0x7f0000ff9000/0x2000)=nil, 0x2000, &(0x7f0000000100)=""/42) mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000040)=0x1, 0xffffffff, 0x6) 00:53:26 executing program 2: ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x9, 0x4}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0) prctl$PR_GET_DUMPABLE(0x3) prctl$PR_GET_DUMPABLE(0x3) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) 00:53:26 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:53:26 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 44) [ 806.465247] FAULT_INJECTION: forcing a failure. [ 806.465247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 806.467822] CPU: 0 UID: 0 PID: 6639 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 806.467843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 806.467852] Call Trace: [ 806.467857] [ 806.467864] dump_stack_lvl+0xfa/0x120 [ 806.467888] should_fail_ex+0x4d7/0x5e0 [ 806.467916] _copy_from_user+0x30/0xd0 [ 806.467941] copy_msghdr_from_user+0x88/0x150 [ 806.467965] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 806.467984] ? __pfx__kstrtoull+0x10/0x10 [ 806.468002] ? kfree+0x2c5/0x5d0 [ 806.468024] ? __lock_acquire+0x451/0x2250 [ 806.468048] ___sys_recvmsg+0xbb/0x190 [ 806.468068] ? __pfx____sys_recvmsg+0x10/0x10 [ 806.468089] ? __pfx_perf_trace_lock+0x10/0x10 [ 806.468113] ? lock_acquire+0x15e/0x2d0 [ 806.468130] ? __might_fault+0xe0/0x190 [ 806.468145] ? find_held_lock+0x2b/0x80 [ 806.468169] ? __might_fault+0x138/0x190 [ 806.468191] do_recvmmsg+0x2c5/0x6f0 [ 806.468216] ? __pfx_do_recvmmsg+0x10/0x10 [ 806.468234] ? ksys_write+0x187/0x240 [ 806.468252] ? perf_trace_lock+0xbb/0x4f0 [ 806.468270] ? __lock_acquire+0x451/0x2250 [ 806.468291] ? srso_alias_untrain_ret+0x1/0x10 [ 806.468315] ? lock_acquire+0x15e/0x2d0 [ 806.468336] __x64_sys_recvmmsg+0x211/0x260 [ 806.468358] ? lock_release+0xc8/0x270 [ 806.468376] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 806.468396] ? __might_fault+0xe0/0x190 [ 806.468412] ? __might_fault+0x151/0x190 [ 806.468430] do_syscall_64+0xbf/0x420 [ 806.468449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.468464] RIP: 0033:0x7f4b915d8b19 [ 806.468476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 806.468491] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 806.468506] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 806.468517] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 806.468526] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 806.468535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 806.468544] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 806.468565] 00:53:37 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x30000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:37 executing program 7: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x900) openat(r0, &(0x7f0000000040)='./file0\x00', 0x181100, 0x2) 00:53:37 executing program 4: read(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYBLOB="06000000000000000200000000000000feffffffffffffffffffffffffffffff07000000000000008c000000000000004d000000000000800700000001000000af0f0000000000005f0c000000000000010000000000000000080000000000001000000000000000000000000000000000000000000000001909411d87552a0dd105c6e016e23d4ade9cff13291e0e4280779067e2408ff392f0f58cfca1bbcd0c4978f1db1754575efadae63d7053f1c287d2880064bb4e49169b9a5740a330f6de316d2d90d84c0c14d694195e87a83e23156e802b4cfc9bdddea60e15491f2ea82948c0ba737dcfdd0ee23a5385ea60f45c2c910707acf3210f029f0657d0eca0ad8a5c9ace86d453ddcb54c12bb02b4dcb3071dcd6f5c8aac6088e0f61ba1b98fbeb3afa57bf4bdd1f7b7133ce1f96a655a6687307010c091e0dfc43b7103f5d5eb9356a73cbf040006cea38e4a3fb993cb160d9386484e99220aa7b8c3c909aa8a1ca70ec4ef7ed388673f209f966e1f62e3c75167d32874433d58878e4466297041edef1a7faa13878fa6173e9851d0b67d1faf3cfd5a85e58c2e19f084ae9c7a58f837d6ffee0657fbcfb65c73b5796f417d6160acb2b50611fc52f204ee84d9c866d5c5e0cec141d772492d8ee1febdb3e19d555cc35721fd292f2609854a51a3576b03bb59ca6454c021ebd00000000"]) fdatasync(0xffffffffffffffff) 00:53:37 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:53:37 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x181900, 0xa0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x2, 0x40010, r0, 0x8000000) 00:53:37 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 30) 00:53:37 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 45) 00:53:37 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x500000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 817.157135] loop6: detected capacity change from 0 to 264192 [ 817.205357] FAULT_INJECTION: forcing a failure. [ 817.205357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 817.207501] CPU: 1 UID: 0 PID: 6662 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 817.207532] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 817.207547] Call Trace: [ 817.207554] [ 817.207564] dump_stack_lvl+0xfa/0x120 [ 817.207596] should_fail_ex+0x4d7/0x5e0 [ 817.207638] _copy_from_user+0x30/0xd0 [ 817.207677] copy_msghdr_from_user+0x88/0x150 [ 817.207710] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 817.207740] ? __pfx__kstrtoull+0x10/0x10 [ 817.207777] ? kfree+0x2c5/0x5d0 [ 817.207811] ? __lock_acquire+0x451/0x2250 [ 817.207847] ___sys_recvmsg+0xbb/0x190 [ 817.207878] ? __pfx____sys_recvmsg+0x10/0x10 [ 817.207912] ? __pfx_perf_trace_lock+0x10/0x10 [ 817.207948] ? lock_acquire+0x15e/0x2d0 [ 817.207976] ? __might_fault+0xe0/0x190 [ 817.208000] ? find_held_lock+0x2b/0x80 [ 817.208036] ? __might_fault+0x138/0x190 [ 817.208071] do_recvmmsg+0x2c5/0x6f0 [ 817.208109] ? __pfx_do_recvmmsg+0x10/0x10 [ 817.208138] ? ksys_write+0x187/0x240 [ 817.208161] ? lock_release+0xc8/0x270 [ 817.208194] ? __mutex_unlock_slowpath+0x157/0x740 [ 817.208217] ? kernel_write+0x593/0x660 [ 817.208249] ? __fget_files+0x20d/0x3b0 [ 817.208283] __x64_sys_recvmmsg+0x211/0x260 [ 817.208315] ? ksys_write+0x1a3/0x240 [ 817.208337] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 817.208368] ? irqentry_exit+0xee/0x650 [ 817.208389] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 817.208420] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 817.208459] do_syscall_64+0xbf/0x420 [ 817.208487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.208512] RIP: 0033:0x7f8ef3114b19 [ 817.208531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 817.208554] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 817.208577] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 817.208593] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 817.208607] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 817.208622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 817.208635] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 817.208670] [ 817.217841] FAULT_INJECTION: forcing a failure. [ 817.217841] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:53:37 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 817.276023] CPU: 0 UID: 0 PID: 6664 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 817.276055] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 817.276068] Call Trace: [ 817.276076] [ 817.276084] dump_stack_lvl+0xfa/0x120 [ 817.276116] should_fail_ex+0x4d7/0x5e0 [ 817.276155] _copy_from_user+0x30/0xd0 [ 817.276190] copy_msghdr_from_user+0x88/0x150 [ 817.276221] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 817.276248] ? __pfx__kstrtoull+0x10/0x10 [ 817.276274] ? kfree+0x2c5/0x5d0 [ 817.276306] ? __lock_acquire+0x451/0x2250 [ 817.276339] ___sys_recvmsg+0xbb/0x190 [ 817.276367] ? __pfx____sys_recvmsg+0x10/0x10 [ 817.276398] ? __pfx_perf_trace_lock+0x10/0x10 [ 817.276431] ? lock_acquire+0x15e/0x2d0 [ 817.276456] ? __might_fault+0xe0/0x190 [ 817.276478] ? find_held_lock+0x2b/0x80 [ 817.276510] ? __might_fault+0x138/0x190 [ 817.276542] do_recvmmsg+0x2c5/0x6f0 [ 817.276577] ? __pfx_do_recvmmsg+0x10/0x10 [ 817.276603] ? ksys_write+0x187/0x240 [ 817.276624] ? lock_release+0xc8/0x270 [ 817.276655] ? __mutex_unlock_slowpath+0x157/0x740 [ 817.276676] ? kernel_write+0x593/0x660 [ 817.276705] ? __fget_files+0x20d/0x3b0 [ 817.276737] __x64_sys_recvmmsg+0x211/0x260 [ 817.276775] ? ksys_write+0x1a3/0x240 [ 817.276794] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 817.276823] ? irqentry_exit+0xee/0x650 [ 817.276843] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 817.276870] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 817.276906] do_syscall_64+0xbf/0x420 [ 817.276932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.276954] RIP: 0033:0x7f4b915d8b19 [ 817.276972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 817.276993] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 817.277015] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 817.277029] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 817.277042] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 817.277055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 817.277068] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 817.277099] 00:53:37 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x600000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:53:37 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7, 0x1, 0x1, 0x7f, 0x0, 0x8, 0x14002, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x2, @perf_bp, 0xbd1b768ad9a21f62, 0x64, 0x3, 0x7, 0x0, 0x7, 0x9d7, 0x0, 0x9a, 0x0, 0x8}, 0x0, 0xb, r0, 0x3) read(0xffffffffffffffff, 0x0, 0x0) r1 = syz_mount_image$nfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x9, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="d2e75389b647e2888a029d", 0xb, 0x7fff}, {&(0x7f0000000180)="8352847c1bd643347cc579c38ec3b3dae209a795502060690d69a2ed43e19c5da4c964dfea2fdd5b28947a4a0774e32d03a70fd867d0d028741760c7aaad9260c0176f54c5e1efbc40566f54531a55ac3caa7e0d204e59d0f09e42d54b7de27010118afd9de930d72f343b2218cb6607f867532807e2a20fd08cbe6947441238b4184cc9ded14c8f44f9c59d734815abdc15d322c49236e2f4790eda908931152d0cfcc067f166bd09297861e2a06187ba10c86ef3224883c1", 0xb9, 0x1000}], 0x400, &(0x7f0000000280)={[{'.)@'}, {'-*-.'}, {'@\xfb'}, {'-$'}, {}, {}, {':[--'}, {'((\'@'}, {'{@,^('}, {'\xcc^:/'}], [{@smackfsdef={'smackfsdef', 0x3d, '{^\x89&{\'(^-)(,+[!^@'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@pcr={'pcr', 0x3d, 0x38}}]}) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000002ac0)=0x0) r4 = accept$inet6(0xffffffffffffffff, &(0x7f0000002b00)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000002b40)=0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r6, 0x0) recvmmsg$unix(r5, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) r7 = syz_open_dev$ptys(0xc, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r8, r9, 0x0) recvmmsg$unix(r8, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) sendmsg$netlink(r2, &(0x7f00000063c0)={0x0, 0x0, &(0x7f0000006300)=[{&(0x7f00000004c0)={0x13e0, 0x1f, 0x100, 0x70bd2b, 0x25dfdbff, "", [@nested={0x48, 0x44, 0x0, 0x1, [@typed={0xc, 0x28, 0x0, 0x0, @u64=0x75c}, @generic="a47ddb7e82c9ee0d3f7647844a87b57fab7422314ea5a0cfb9adfb24a9feeeec9980a09932600275c22ee524601684555eb95ffbf2f0210a"]}, @nested={0x18d, 0x37, 0x0, 0x1, [@typed={0xed, 0x1, 0x0, 0x0, @binary="3430bbbf144fca0f09f531089dad019e73b30328994885bf2a4c8d6861c49c1deb45e8949261d26367f2ecfb72804061d662078da4a0c20b5044e57b0da5dd56bbf7ea4620a1e9b8e881dab95bfeed9dda3fe74910258f13752ab55041a76b95f37e27f1d90141e23b8c8b0eb26f5f45f8dede10c638c913c8213c1e1073f23925d8ed105b8c9c4e9e41a6bf8c7284e5699aa67dc534ad894243e3e7d55aee9626d849ab763b1ce00925756e89d95c46b3850332cc9484068e97097f67d830a750edff134c7663fd36759d1d0fffc19eba79feabc52b0d3d9c2ddd857f738fa065438b9125a41fcce7"}, @typed={0xc, 0x29, 0x0, 0x0, @u64=0x9}, @generic="6ee57b48a5fdd8d913c8eba68ea0118a66cd1ed15d3fe8b5a4b09eb850882fe735975779c7397220383a59d577e5aabaeb48bdd945b464091383d42b6fe7089cda76552a9a48a3800b8f1aca843cc945a386e8f18d6f56649ecbdd53f5dccbafb1c35caf11a71592011e859cb59fdd539e250b107b7c029ea80262c3bae9edeefe", @typed={0xc, 0xa, 0x0, 0x0, @u64=0x401}]}, @generic="cab89d3298aad3d724d8011628fbcf8be6bdfb7719b15815bf82beda81b1b8de5a6725a03a50b85757e3ec1e0524c100bb8084ab08831c8535a547ac3c05071bfe6f6d649697837fd82b2a808113fc782d05e1be9f70ba9e307eb3c6b10513d2da3d08ff94904d934ad1958f7d372e65e5668138f237115c0437d488881b445c249a7d6b5102c242d80b6dee8a0b3a0d5fa39f8a51d029c8199599cd3cf61f97804ebfae343145a6addb69c702dacae14f9e303f9bf9899cf3137c39b265f7d0b76db190121425fd765e45fc41577e605ad0d37a01f67b3f63b5ebf6f896663fde8f87e76151bcc89886b99d714edf699194fdd544fb4ac35005d1", @generic="9861e7e48d8bc09b3bcbc44dd0cf17514ebe7da571f8308648ad160b22123bb80f44b59c0d3d1e84474c93e77398dbc394f36ae576d80f9a96b13535f3b356ce388921f79f951efabc425d22b5a239d954a65ca42ffad61b7ded197fa8efb42e9c3ebb10ecb6198d06e1767a292902cee51cf74fac92d9f0d601194d036224023dbcfcefe6e91122df624a044b20feeb197bd2c1b88d6b13a17cbcd7b7331a9748d73b3c291efee1708e0ca526be715cc20603a37973e15773565fc6e5ad6c79769ebb4fecea75797bf8816e5c22368a3f0a98a2133f31239e8bca952fa33c2a0d2311f889240330ddb0d6bb2fb22f6bb69f7a3764fecc0c0ca7", @generic="ff51d558f2ec65c06dbc4c972439a52f6c73507aa4f101ae12c789e1de52ad3f5e3e6eb5ed8a5af866d5fc35f97173bb34ba504a10623b39c2dcfbd8e5719ff7ef14dd613cf6cda931c1fd8894f4bb412b406871379c9f125d792fc81fcc0c981d380fd41e5efad6c7a5aaf2a2c61b95d1eb84ba82fcb787056872a2c6633554abdbbaac3f841df0e7e292472de4056c0887e502f83d809aef6c2da7140791b08825060717eb3f264e24ee927aa7e6583846161075dc1dfac88fb87fa10cbf6cd7c3852e9c430ca30d032eeabe28f45663e59adf5b053d88de2287d57f3055f7e43e7be764a5160d6542f36677973783baae76386cc7b082dbf42df8f74570886ca84e0237ed39e6982f11b3b9837a1d62da1cb7a7911ca55b6746e88b38b6dfe2d26a203111a292c126ec87573c98aa81b6bdce0fbd5dd5f95d513b98af5c69b3ca219028a0ea229a1498c4706b2b3c683ef347f3d1f4a2ed2d0bc0d99ac6e6ed26d9c9591b292bd3f8b4fb8d6d9ddbaf6e87ce51c3d0f3074ded5809aee92ed089fbc86f1f09f4a68aafbe36aed7cd306e6fad1725fbf5ff8179437d63d8b8c2d7bf6f24f0dc15b8ea296f0537bd34ea6179ac64bb1a3afd6aa2dcacf950d60c67e255cc86c8d41456969af61c36e96ea6a9a226ecf09e7cfed92f040c2c577a652357db4aec26990001ea1f837c76f6d057f6ba255da37878e370224f4e6b9d52f74e74a8f0cf80bd65bb049c6c2efac86b5505db66acc7f0a3681280682889dc50ba73f67d071ad4e23f6afa94d9166d1274b8d425e1c4e5c57851ec6c3be6abc3e0df074781d92a3b011253de0e991e81c00a6005e8efa72140d5c6cb2b8e3e96e6345991615f39c530fa7fca32593da07dba5aca3cf25cd9924d3bacfc1a1d247458acbc37c90383e7c97d691de821d30c2baa58ccd1a1629430d5a5c7e10dd0aca4e4ce2cb7fc0a0d3838a504f82a49f70bc3023a8ee7b3493c11d0db6df936970b5e92e1dfa75c44a3c78e21c290216551840ece3c86f95cfd2b71e1c52852e92643dcd7810e460714097835de60671b955be4db93c6a816f2b134049bfcd76fe1f94babc8670b5d1809a787b1b3626c2a91a3b95e393d06c7c40843f27ff60898117e74b0f6db629007d6cb0e24bbacc0b07f5b29a2aa626fbff2791792557619cfe28a23b84b3c0f897026ea5de430a7908a23760622334782dc4ab7e821b9ae44469e18005adbc350e42d06abf63e7751feedc8a6225068b15eac04c35dd28e5ded8b62dfe431cfe6e52db2d7ec3432b682b6941a3f1b9625e71de709b2fcac15cdf3e16966d3ff5c120e05d554c37e9887bb5ac3bde3a7fe1e932ad1f4a21235efd53343e240b6daed7f4af4c7885bdb52992fcc0066f28cf65fabbd5991845b78b458eb442f0bd5f9a14f35d66a0e2239db59fa51c36becc13b0c9ecf8b0c71709dc5bc36ad4eafe51f6614a93b2bfb3348156a44b75669dfb4ef93082ff3f365b80ff5d43323feae77e99c211df489b0fa738926df6ebc5e5131317b96f6acd7185c2a8ccae6ec36e84a6f890f9b76725a0306286e8c5df40d78e1ab58d8985f0be0dbc227d0b3b1d713223d269414f10d8ebc696d5b2c786e0a56666a35f55818c2abe58c4bfd8b751a173816a6b33eb1702757351e3b21cbd976b8cb3c7a385ce0d01b526f7534813c69c9bd5cb1febc9a02aa3b99cb87a14d9bbc881c10fae7f51ff3b862723178d0ca4eaffddd71e1320dd5307b62d6079d6e681f3417121b9db2b3c9e35ca9de817ec9853cdc284956ba7f7404b09cdbaf20e17a4fdd4ff0d8630789fc10f0ba665695db4f0eacff84780673bf1e8a52189cacb49abddd12f072aee77fe58ba14411f959b301c1a13e0851d15f94df739f3c864861d0603109b9913ae9e7f13cb1984c10f2db876bdf04417e7b1bf1d1e421df6a09e7223bc20e64417733e5a5c1db4ed6ea7c51be451de28aecd8f7a457092bd6381289a1046a1efa7432f88793c502261ab45181bb6c0e554c3d76a3086f8d52e6883e6269bc6467bf8e610c29bda6605bc69dae63020363d54bc0ec695d227801a24f17bdf5dd6e8b7ef98d4c44d933d91afdc38d18705c6ac11e363b2e9cdd0cea68d4c1163fa516619089df89a29bd6b7cda736ddce49efca7991e8337b759a0acf09b3bc8d7fd017bfa1b004e36013d699a9b39646af881aa31a8c5bf8a8113ee4df4267b9bc4dac9ed447e024078fed570cdff0d8a0737544365f9ea27eb52cb5198c83385ca758362fa876a6946a9aacb92b5a7cfc26aa23feda8124598263784d2815b28f2d613a57e68d5d0a663c3038a506c6baab57e7d439c90a41ca4f3460b3195105889a50e14079271f5fe80dfc2b2a498db7d38329b80e5cf9d2f2ccadac4737f5418225c012917e28c959e34169922bf0c5b49cdaedd5167ff8bbd27d89252ad3168623d30fa784b68cf3b0ded32662399b04ed03e4b2ae0e293233bf6f72a4bb59f537384d744543904b9cd9fb184c5de0382d69ff9755df150e14ad7752303dbf244bb6fab2f0d72699c66a0c5ef8274a58b80d3d6c8d00700dbd8ec8a74fa921b99374e5db0af685822017ed1897351f24b43b43af00591fa209f5bf92babbfd1c54c6b52823df5bdd750cd30cf83d0d4333e54f8af1f572b98b851c33e4780d17658954705d74682f62fdc62e8871aeb8b453f49242f8c7444f20ab54ee45a036f92ce53323bd428bf1736905ebb09a670def1dc6c288f0c01a16b5bd643375a90f35c2051f4ed45a5dabb2eec5b21033540ae2f2fb8710eb94a54fcdd4a324aa595db63bab00fb4979179b6baf16ac0d2a7add3a7dbdc91695b448f220d76b938b80c9e6d8c9c37ab3ee2c7dc8f1f8d0983fa8dac62ccbcead0696607f0bec42445627a5f7b1a6b2bc77b07bb505898010b5131d2af27a76b0845feacc84a643e6045117a0671b6ed04aa63803b96a40efcea381b817e1ee56e12e2cbdad96afad93c5e64bd611ed493fd38ddca98676ae3cf9309ebee92be629c9618bc954cde5e4e933ea04cc0b633f1b63e26d93b032f2e44d186eb34c0ea5647febd61e4c8dfb33199ad1e51f512f1183f561bbe56d58ca88b2d8e9f8a57df6a1629209d097b566c45b2c239c79457132b98bde98a7eab6e75ea1b14da885c1657df3144b8a3a9740fc62c4402439ac16887ffa0b7e9327c07d755030aa2c31ed7138b0fcee6bf3045adda5d712c0de9280d8aaefbd448f25dfabbb8f286036637309741e91abd027028f85ae101698c15144c0891d312b3e24f06c7830469dda4ecb8cac531f5c98d4b7e52b5484aac22367899346cab6ff26c9994e2d3fbd4bf45daea1793c42e8c549627dc752fa7a8a9ee5c419ac2b1ac560e4259ac19103ca9cced22da9eeea08c557b095f288c188d5210cda235176345a128a9a2be76b0c0426272517cdef439df0d364fcbefcb50afad387d0ab3373ba74ee1410c1cb3ff27e0fab2381ee670db55f047989eede70d63cb6e73f57bacde6af22967856abc6a34322fc5a135bc6d0144a6eb449d72bacc99e7fcdd938c3a61460cf8d9a5b28b6f43864c74a7ebf0141a414321c9e0b9fbdec0c31b68d4a9dc0edc87d43c5f681ba258049ae74b406193bdb4efc16833dc828739dccae127b195460e36c6475ee1ae6d36dd73e203ae590ccb14df0fbd9b727315ada559dcd7ae09c77cb998ffb151410b18fc8e9444c3d5abd853dec2e47e121160914901710835db2798676e1291b415122cb6b12a09d4b3c4609541cde8741c618dc823b0734f5dd54462e1808102c3af1dd4fc8e2d54064eb24774416f6c8998607248b47b592287ba94cbaa7664db6f60984a7bd2de79d9e75c6692d4ba5531fac51389c89cdda15b7323dbb20a01a2a5c87d849ee3ef95bc33f77d536074973820e13dfb9afee9f1ff57839c4d19868ab1de2f843725382fc160d244d02ec792368b8a6be9ab694aea7dc377352d18de2b0e717055efb37cfa38f28a4db67a7502601ae9ffc40ccf02bcfc803c0b3992e73539f5200766cec5e816dad0e94ea4d8e51e412c1b92385a1f8c8221b35b4b7fb75e03bbf2ef7a3447fb859a435903b84796dad73be308fb10abff3b14819989a3f28261c1e04be4600fe5b467f761238e342e73a258b1295006ffee4d99acfc2ae8f8cdfb800bccfc25fd2c72b61bb779ef622928c5848d319bd5339b15ecf6aa25399af0db21a8f10d45492677b57edaa427fbeeb683a439896d63a8f5be40402ce8f118f62ead93f18de71174e846e117375d5a9065fea669cec03f78d1072e277dc77aba3a91ac8ff0970050b22200bf708053d93757a26b947cef15486d8c8bd1f4889950484e3931eb3aa8b5ac95f09ad7eb4a7fe72e7b225ffefc26e213a4b1c534617f89cf46d47d09aeb5dd587b46fe09bd294a353b9d1755913aa4ed0f5f945dd572f255fe4d453d1c3ff54bb62a9b902f4ee24fea438a253aa45419eb448fc6fd4b4cc7a3333907df72c13b393880a898279ad61e7d1c91ebe974c1e730f98881687eb4c28a059be2e389d3c8e2c03ab5290b8e4d76f8457f44b00c4db50df18c945761afadf6a42c6eee77a25b14c299429fbb92b16a6b433e6698e478dbc05f4bc562120d79c526cde200c36c46c66d59103e150441963f59e4d51e7b3d9c0cd7da4005c64858afeb19cba980a04f355ef64c12f4dbf670e90c9de39dea6a3b259dea7715e9bee9da5bf75518afa5d40c84240043339dd061333134e47a7da78e675471db96f7371d18101f4fa0af3650d70d5b93fe038450940cdcb26c36397e8a2c7a0bcbeee7c7b62f58f8fafd98bff0c5cd337a6e0b473e66bc1c1a4f0d1977d4da380a04aa4d046ef3db189c85fff83947df3e72aac6a80b30694fe7676e1fa1b0ef566b36b4de8313134c8bc0db87fb36f43d60d762aad7d784d5afa4e9610713d7ba5159279c46d714f0e0fa77b4f360eab2884da602e0fa142d050e7db29f91572951cc76ccaac7582b247178abdc62004b036222e8daf98167d6c22a55462b417707b1f6c3c43737a403209a09661549515e45a6853f0544718b70ee4003915c1b43bbefc3a0b5df8c90fddf6f2747dacedf7d3a1a88e04631a5d481a075b1e764b88627525a68823f0ad3a624d123321b0fc84e4b3f9dd6ba6ae9d80d670df2944ec5b661537d6d06356d8120f5b0f6fad127555441f14d71844de10e29f7b86e1323b7dd3ef1940764cef447e2f73a37062b8c50b920b91f7a0c0fcf3f1db4d8dd38882f23422e62fd00b1935b3ed844e795dba1dde2b761220eb32176388c3159a0dcae5102631504fe97395b4a9e0cf4f5ad31779b56dbfe3c374f582699f291fb1ed13c198accb53ca953c10cbde9154b4148a3dbb0e0ac9cf02d7e56779c3df6fbf6b1bdb9bc1cffdda8a2bd2386f64c61f30189452920a7780bb9041bed7dbd242e379a1a171ade1099e2b4fbc76e821288b829919fdbecb3317124b1afe59d6f3addf5370c9f0ee4bfb579f38d94026afc60c5a62e4be2ade63aa76b9abafae219f4b03e25ffb9d014106bd9f91537c25444e167c7316b0b6ba81b9aa5d4bb835ca96aa0e35590c2150e7d3b464e8456f912137c01aee33648b9ce9e216e23439c7ff8d16845dae31d2ac30bc86d3dcc84fbd5ae54ac6b9ade1d56fab72caf4c0afac6ddb509e1ff88fea9a2ea4c90df336a7d1cb2222e666c139354a2a7320a0c2552b3e361ee24708727650c9d58a31a0195696224135c4b04b053191"]}, 0x13e0}, {&(0x7f0000000300)={0x10, 0x23, 0x100, 0x70bd2a, 0x25dfdbfc}, 0x10}, {&(0x7f00000018c0)={0x1ac, 0x1f, 0x828, 0x70bd26, 0x25dfdbff, "", [@typed={0x8, 0x24, 0x0, 0x0, @ipv4=@private=0xa010101}, @generic="ed5fc140b8408c9d05170211f3931c996de09d3a57c872db5050b730a146e08b510ca22a382da7a231ed60c4cef9c56b7e73147c6f5d1f3dc65d6a151a45286e54518076bfbd9adf9ac6e732a56b33c421dd85a1b2d674a8e139f100268ebe3c22d9c809f0451dbee82039dfc484861f2fae02970a717c60df47e1e34fe747171166659634dca5ace2392b32cee622dff71bd638", @typed={0x8, 0x7e, 0x0, 0x0, @u32=0x10001}, @typed={0x7, 0x90, 0x0, 0x0, @str='-$\x00'}, @generic="84fbc2f5a877c7a7d5f5054310268626ae7a4a20686589f4a04fc2e93087c5bceec61bce912f398d52df2991100f1530171f6f61b1dadac0e0f37f7ee1b79fdac71f6f80e8de747a19de7b878d18a50b6d1a51817618687047fa7bb39405ca7a777ec989143f5bfd79db39cabb439e578524b575522b0178249b3f173ec3b5", @generic="6b1ca7376064762476707c29e69833b42bed7869498dbb66333687ca2e62231f8b5e5168c824067d4016a302d5ecd99349c39ba268761eeacf8ad3bae02c50ffea6bbfd664a64ed8021b1002364a76f1017f17f387e01c002abfe56a808e28ed8368a046d6001aa73bbfa94a4c20dc"]}, 0x1ac}, {&(0x7f0000001a80)={0x1024, 0x19, 0x8, 0x70bd28, 0x25dfdbfe, "", [@typed={0x14, 0x1e, 0x0, 0x0, @ipv6=@empty}, @generic="edc071323b13254168188053c8fa819e112100232cdb29999b9c15db27967ecd66989f3913e4de1dd7e9b578c706e813e716f836e05205a680e22aef522ad324e48eebb9caa471997f3725865e53857a31676eed7db0e94edd3e151c58e7e17f5dcc71a34d89dcc7e135e81baf4b9d771fda2c5b300dc7695efd0b1116455a736c6b7a166f6190cd59c75321380f005d7753d12cb918db371f86f62f53e18e03cb776a3ed355d7e2b8c84f3f385340cd6e478afd9cc21064f247437e5787cbedb1bf19f78e4ec84fa695f2aa8c5d13c99f5add48270ff21acec97de56c25e9e52d8406062b3fd88f2cf06f6cb1d1c747e4f5c9ce8d4fc76c8a7e46464943d27c7a119cecb524127a673152613d6040a59badc3958592908a04689ee7812364f93ce175aa13e49aa40acd21bb927230300c6fd777ce17d30b81eca33af74b01aa098f8ebfdeb6480be99009b11501a51d454df374ae6af33483afbeeb424c19a149c396a87ad08f13dfed4e2b4d6f0650e00fa74c642e7c5b46c2ec88f6766a0cf808b9a1d54aeb42f0eb15b01d8460abf4e383e286b75b0c81eecc1d9caf8dcae78b922c2932f31501daca9487d80643791da26bb6f8f017f9f78c049a02c3ace9167fea6112e687d56f7129178a3cf6db292863844ab4fc862d60210caf7d9f28f1c2a56d2e8d323171cb52d145b932a8c9276e7d4929a81a00aa4f9901d0b1b2a4cb2e75dc27c9879a817d90c035d4fc920424cdd2243d3a4c9cd2f0654ec30e3cf399969f3acb4aadb3eb075d5fa4e28524944ac34b068d574e4480414cb37e7a1ddf5d56526a0ab02480a7de9136a1486278a6264e933b6bd74e1b83b892ddb6802e88d3ab5c4d040386e5c4eb2bc249e7c383a3692baff5c975c2cb3c6ce97f48bb31424c5345fb3ab48ede8a5223f03e9af3dbf06c251bdb68dbf0a9453adf9d4e87f851db43a6742a71212abf31567810dc1381d15417f7227b68576410ebc1f0f492bfd24ce1123b4f387ae2871672b0f8287b4584e080886f71fda962554098c415170ec4d94f98310d0df4f3f91e7bbd4965acb927a01f34604984a91307fbc4552be2716940e3a3dacf3ff93da168f086411911ca18d8045cade693168992739621cad22df62830042fee1deb841ba988ba0995c7932011f0438d29e88c50d3225378f7fdc40015478831a94749aa2e24c2dce951f66ec4795a0c483e35189cb9a0b5c48ecd14af5b29533fa04c05c1185eb0c5ebeb84aa4abd280c38f4faa71e4874f8d0b05ce8f2fc49dcc0f616d2044dcd40e83632ff908893e2b2af1c503ce6dafd2fccf06a800dee922d544bb87b2cd48a0191b7778ac27383c8fff2e06c2661bea242449182b93773b837251e71ee0594396909b2ba4572ea40b748fae46b6c309a919d0cd01df28ce537c64f1f2198fc90f7eb47bed7f480852548adb15f678783bb28f73ba4c2a14c7ebef3b56c25d9fd6edae56686b9567828037bd70d168882f42f6340528910bc790edc2792a8f8324e03d7ada358dfe091f24a36baeb7a601a6465ca23eb5651570a99fdcb6d78a24c5e01e6f93bd57576bf8755ee49766ace872ef94d569e4c6203ebc1f6da016060bd7afe1f378f333ae2a5fce4a85e79d7f3e20aefa0ad31cd3ebdf225d6cc4714319d34a67ac4fa9f546d256f587e6469dd1091c62adc452a56439ecf2145d47de7742212eba5135cdc1e64d779d98d88777b63b585bd6a8b82964997d55687180410ceefa2b6bb7368676ac53301cfedf8e73c0c686329daab23ea5091870b036c8eb61557d22a33bfbea0fb643f70bb680c717e094bf896025b2e82b37e7fa637904f9fb4ad623d7350b387b907ec38be1260490ecfc828202bf61c92f7090a64a160eab5de50543d23f436568247ca7f10e4a29652fe5b4f3cb0e373131b7f4fc5af4ecdff5e4c1c5fc5df3cd7b885f038d125f27977dd6745c86f00148f42d2e3dce0e16c27dfd6990d8cc907f88991c1a9ec3d23144fe36a60057970f199e8e4259718893a81a161106b1cd390472a7826664fc20ea5ce782f0158a974d22e576b9d0e68115ec710e35493b013e82d439d76528cf2191ef47c149d65c41233c2398cc2bdb16433a1dfbe8fa607e300f70d18cb63add2466db538051c3702ec8870cfef1a12462be70ac54ec054fc6eec9ba5a8842675ec3aeb758666d12833f3cfe501d24aeb766e818f4155c1c338ba4986136ce5885be43fb81cf271f5eb7957d2344f8610220497634d2d88a61734be53769b1617a45d448c32e77932123ee8d9221c784609019b176af7cf43778b6972f01a7d1c40d1cbebb93945936b57bf8a7b6ba17a583e53dff88308bfa6133665f09de636bcfe2cb585fb56fb603f6502cc1db407991a254c80da8a56feb20711ee6ae1441a9e2c7de4be1fef481072623bc438cd2c23677978c277fc0128a4c23b5bcb14498907be55f410d1632b62d40585c6d4be1ad92572163cb8f53db1da39f38aef2125c6b58ad6bb3881349d88ddc602013f6bdc0db66a8615137e4f9bab34456989c9b62c0b223e3c7090ff874bbbe102945012644e13ef48a497a854a26b5ecd81c00657e6c96dc6d406a9eb3dcee04eefc5aa72baecdf69dd2886c0355d2931330d5529ea5831f535ce491525a0cfd5d54458a9cba3a3e23f84bdf1251bb27aa238834e95e99d06d4c62a1e1f5357f06cf35984f2a57204a6cba1ce594394c2a64f5be5d6018e6d6007fdec4341f22359b0348337ccc6d60c45e1fb54ca79044349fd995f9b5ada1bae01d5104cb7fda3e07e68559c4410271a3665dbb3a2a013f593688d08054ae0dd08852f633aa1ae5716d0c64e7da2930d179ff81ad5aa3f1f20539564b0259c1ad5ca6373752b513291e2881b1de6b1a89aec4aec6bd17a6f6c35b62b3db46c7e1b5e04bd920d7a6d1d4adc1e0b6b7f0e0651133dd5fff71165b0ca1326230add236b1254d0916e617e95feeead6ebde11f754feba126bba5feb08ef1efccf24ef875db48a354193ed3a3ea3f559fe2d073f19a4b16bb0fc0bade109dccd6d50f6abec4700629e824c8c5a457add5c01d4d3d8b05dbb3d5abac7577649b5e7dfe9ed51de054b7c63eb2a8135fa8a5a11f5a74875a5896809e3d666ab1ffd915f41f0317cc118205df6167912edfd2658420f1ef8e68f7ce6ecb37a29a30af68e7a4b2d07c2efbde66d48ceb96c8ab5e1742f9231599f79fda0c9bcb1d4adee1f80fe4bdad226fc5656ba02e1fbaafd8a32cc43444b790ca7db075a1a80a66f6240bd6b183ba97f5e2e8e5f82e283edc114156b9d0d2dc96812b733eedf06e97e2e30cd6da12931ad036d8c706cb1b60bcb75d5f9d43f2b73416096cb9272fa35a69fd3b52ece19198b2b41b1406024a41e9a4aa21b22d1ecf6adec6287bc630e158bfad7b4daa0c212509f200e5706e7d640c2a223d88e9ee7baf8e121d81dc69098b0c6b53cb79801e666156ce788603bed433471288c41c679d004554dd74ea347f15562f2ddbd848090a0e933f5ed2e6451fc946b3bb892ef7512e34b3988fa34044477fd5eb28f3bedd149fd67b09b5fef6653ed44a394caa8e7a0328b25c03863a1538f3a7d45d446892f45623c3f363af36b165b9c2feca3c89fad65dd9793d10eb415b7048e60512e5b832812d89e68a5423cd8c884a76edfe78081be59670b9f4718033ac51f2c1bb8f837baf82db27ac8552b23a23cb3c772c673636861bd1d4c8942448179e248aa0d8d73e47b4e9a6236750fecd69e058c97281659fed613c2e2c9a3c1a46fdd194fbd437326bfc827b44bc71d2ef1c1823f04d91e97661fab3ace968847a9d3c80da62fcdf5876ae910e707730ad585123c0c67e799a1cd79b2bc698c052dd56e436aee8dccfcb2b113fee95b658a6d6e5684fc890aab525f32fd8834ed24efe04f5d1e6cd2e4520fa5481989d6a2378721cd419ded2de4a1c0513fde15f093620a4480dd08ae092abb892e43bc8f6676b094b43c70b30c0b9b6441a2a8ff81c5b5f5b7dcb68cb79e310c93c7f88a04295211a25df5a63b84f02336114360cb5a9d7205edfba8653eb115b40481d100c99717c8a933f88491b4ab71dda52ebf726040b62faba5f88649212d5bdb9462ef196fce314f838a33e184a39e4c6980896a684c2bc59bd3419c5adc6af5833ed3f2bddb74309460f169515f34999f6e83484ac05ee4813a4ed6ae1ff72f033c46b2334ccf91aaa638f23a7232b4cc25f536e01b02223bbcf04bafb3076867a581c151807a78a4b19d61e61149ea8588b4653e6b3d5bbcdf3addd1e5332dde46b7fe15fdb71da9a99eb73d5a0ffffc1f1f0f92093ed121af1d2e1227b9be2a55e14948f7d8de6e110c08791daed45d689a7c9db3288e6d57774744072117bbe2dd0f4effebe10b04a4fcf38bdfb5c9d3f18102acf23d6bfa28d993b800ba2b010de5c3323e51acfbe4793e6b985b0af0462bd346fee427639afd40cb6e817dbe6cd83de84a00ba6a1e3d5dbf8dacf9fff6072c486c99f4c5b71cba094afd1c41110b28b1a33764e2fb54d72ffb87114c370bada60936bb6cb61c9cf39bf861022506bba3220bf1cdc3912b3f89d967bd49d43617b80e3c1cecae022758d0ca48bd2d4d3a19e8460eafc9ef6167673570f53f04c4b72a40dc65e938f3304bbc17c7c94e5cf2a36b6809f9745a3cdd01a6545e2de3e34e7882ba85cea064d5750e4b1b7779a2d0ae9b51d9879e3cd78388a95c37c6c4c5812f34faf1c4733931cbbf2f6926cdd3e0bc8a74cf88f455f7ac323a1dabd2d0431aa9fd168d6271ed5105ced2909a20220dba8a0971de015d9d0b4266a04aec5ac7b77d97721817b181b0dae01fb7b1f032ff0f3ef3746e03336452901aaed6b858ab2ad125b817a1234207a97a4e02d589c5ea52cb5cbbc876ee831116ad4b9c93a41108dba1cc87dae34ec456ea01bb4d11519e6aa8baa7d36275bcdb5ed8048816f4ce770b2e4c56c6b9a267674b887ffe6141a063b25143b31569790fb5bb879b0aa64a56eaa60973a31a89055b8b3235c7386d9ccfaa4f6002999d3173edba3eb8096b7940195858979aed859df4a184f4f7f16520fb7a452b3679abde9daed7019c9ef6947d1559fadca23f69871e911b0c4bbf08c1f630fd8aa6728aa31b9a5c5a02b6d2acbfaa5827d4c97c79d1c1e747167d6e80fc5097d80171bbcf3f2bccb1c33008574ee6544a4f7ea90d66d0208b365675805bfe5e9e08ae1509677a4316600b2050e032a3427bfbb9db5d559eb6a0db81fba2b454b4abb7a9fcfe536992538587ccc66cb1c54f684a47810cd27c9136bcbcde06c695c33b1165563a622cfcfc166914bb906e06dc194222c574a45c14051e426df2f20f016c114f8cb86a9cad8ff3625eebd70ca064a8b6dc723a91d17836dd15115923bfb0b8415ec2cac4560dc1df461bb5cba93341b14b69e79344e0fd533c9eaf52ebb1aad15f971c40c22f69a89782655051e1dd4d68c662f3f63c1562545ebf93dc7035fd07ca1e3c877b2089cf7f4a8d49dde2ad050ea686efb878f10dc84c1b23320f34578087abebf27cdc17d8117ae210472118b36aee9ab390f09b2e1b0f04ffd83251d1f50e7f88314f7b67756bdc8ed183dc49cc0ab602dc832a505f154c3ec4855a6c1c2922c8d2f16186e55edbd9a7b7886cdb7054e324d818d352003bc3120efea45494b8f83e7da8e6d64d752b4464657955915b0f59cd674bab0ced9471ed4da6aa5c73c528504a077d3011d6e5d"]}, 0x1024}, {&(0x7f0000002b80)={0x2704, 0x22, 0x100, 0x70bd2a, 0x25dfdbff, "", [@nested={0x117e, 0x3f, 0x0, 0x1, [@generic="dd1244502f714a3adcb68a619d0f2b19137c40cdef6169e7431a932a1478ff313731ccdf10b75061d6978580f00c9eeac3589156ee7b4ef67b27bb43027bb0c31ca809c590c8c01378821551e7a2fd70910d188a8b5c1b917e394294f81fcccd76cb2075e51bd598fbf2e32a542518317d8eaeb77d04a789c1e694d6e2db417318e623d060de7f68f9a7bd0364c82ed62b276eb52251891c600866c91829987b3c533994998671aab18d3843a201b78ac220b2c6312c0b93929f23f89eaab0a39443ccc46ff84627e92cea77be950c1abef8c70b9c7a6b6b8f1d77c045775de6f67ecb50eb324ea1ed53930cc23094f1", @generic="3aabf6aceafbe152f547684991b3759e0b1aca3549ac1382bcfda2989e8129cb4b319d33de5c090ed5a65e507dfd395b70eee0772afb3be61ad3de50fe675c20894fdabd9aed445ea8290e24215895aaa7e92976597a9013e7f048db8ce0110ac4214b5bf42e8d38b4ca1cf10c45c4d6037fba18363f9433b4590442c368ff4447caeb3af36dd27e4a5a9488d988a2d399b0baccaae8916236baaa52f47cb4dd1778357c5d92caf8a86cd2c4b5663c04f276d585a90fa6816f44d6e8bf48fdd0bbab48a8761dc2186ef18bacf099cbd29376227c0917b8bd424985a333b88cfa441b2dc0343f27f0873869f63ae3f09dcdfcf13d58b4e4c33982d7a4eb160c9639a5d9f0e81d65da61c3c87ec63fd5536d5bafb2de0aebcb983e93f7cc788e030b70f21de98ff36b181612538e3b579d86fbff767afc31e3787b6d9ba30302dad244f0fde5886dd9de574966b06b86b21fb1955e8e1fbac2b386eef4b853fb53412b1b80263614bee7be2838b99e256239356b8538abb8efd5c4f63604898691c664e9a15c51d2be472d583679f534de54fe1a4d118af2526f57f87e4c3219f9c215feb047d2a3d565b16a6e6f9d85796edf3848f5e0a81be04a694255c27ec78f4f926603e2523b798e10a45f8b6972b6d780e0a46800ed6c940abd2a7e488250981eab3eefab8e9f1e8af9bc1adb5c5a229a95badcfd2a544f6640226151a5c01e850d9e601aaddb621b52e03e4fa030c01783a17655a97d627b5241e7f19c849a6743457e2de36a42ee368c1045537303b71906157a6b29ad232d118603623900676b059774f229f0d8549121ce53c6059291eb391b799c0eec3bba77a4c15e155e805a7071af0a1ccf7fa72df1066d0c60642d3ab8d0bb8a57c7b9e26a7093d66849e242b98e95341473333ee4f780a6dc149c9837ed92267d579ed515be2e2ebcb53a55e99a7b7d7b1ad7e1ddc0e2eb8c572bd7e68ac5ad8cf64e80a74a9bb93b2d7683195de6fd3c7688199982464a68c8a5971606947dd1d30d5ecfb03da111734d76e64a47011de345cc52e2330a64c993d052e1494a717e7670f8f3d5909ff82884d4a59727131ca65e66441c95a32f1c44e28af2b24bdb9bde0e0b4c78688da1648fc39a090f6cec0cba8513a716705afd3c702cefe622ef180a896ea1c4eb592e0501a492a45d100224d05f2a3ebf1fe95bad740094c36a9eb808f89ff57bae50147c3d658db27a90ca111d0dc83d8b453c0aee9d139cf83631fd775f2a49f421a5d1e7cedde502117ff16c934de3461325320903cfb7763618b73b70a4c19c09711544db8c2ec32488346fc48d4ad4f5189d206a72346dd2341febfd6cb28e3f96cd49eee6459574e2e17f073f74d82f72ef21dc3340ff0fab5fe730ebc41a78565d33edb44ac8423d23ae57ef22fe40c856a2408069165ec515f731bbac9b36a5b793b3b8e01cfbea66d20ed895d9d1a0b4f0006a68de2525f694affca7126e7f5b180257aa660451c4e2cd580cf5a251fc58a4c639eb358f0a1d31525560058cdc8eb7e9a23cca7565ac09367ec756585a510ad2c6bf62a8e5eee537dc203a97371090537502ba3fe8c8102396f104f991dfb8b7ce9a6c2c4fac84500dbbb929a64cdcd49fac3d89a5012e79315f6e8cce7e0afcef6b0574b9f1d4fe527aba054e22e25761d94489debccd028ffbb8820e24301647a567e6e64ace44e7bb46a522b9f0ea1a625fd9a22b4b629aec47105258a0b5a027ffe475b7e85121b692bd0823354f667ee4062b06c344875c5165e884b1445220de006c526b0d2978e8da44d31d5b574bf41fa7008389e68481c16b651fa90760c34586200e3b4f18f22e86b12c77f38278a76c40fc78a23f287514d9e9d6640935b58e66f341a682dced99fd75880b053e17c21582fae525b2e7d52600365f1334bd4bf54b015f039cfcf0826526792425a7c57a9215542102c489e95b6bef5310c58b60309dc4fa80c7949aee24a4db54f13ff6c2f5aa0bf829559533ffc3b8b7c6f746c51ad35f6570306123670cf290d6d4e330941e3cd6687a4fb7a6c2ff914c827eb149b1e00f34c073b2e391d7707903f4120bcf2cf75093bfcc8ce250945c5102559557bb9118f7213585b8b1a7f0510905cb9735dcc4c70cf3edc59c979b429caa85e191ce67aac411e00876a9137030dfb6e21f9185fbaf4651c82a80130ba56d3617261a4e0a594b653f7b42a4c58d6083147f8be14f62e56c76022dd78f9c2bc1921a9586a9018d349fa6475963e655163fe64b338fda7ddf9f6aca530ff4d02f951cca6a7a89dfe0525afd9b9059cee0da30a451ecf1edce059e4a1b3b74773a27c2a05edd8c4005d2f3a4d5a759b83d93664c7c203960270fda6b5f0f71481855b097d4b80d7fd53b8d2d1c72007d44e22ab8bfc23b34e9266f9a75c5b91b0cb458d40d780ba32ca87c3e791492a1483ab5daa014782b817dfd04c025884420c788559d9d70936c381fd9395d807b86f4c5475f97011d25f0be2660e226075846523b2be7a96454c7092675580f9e3a809914dc8cdbda58856f5d8f5d3e75c67129c5b33eeb9960b32804223f560807235e366da6aa0feb8d3e60b85cadde8139a73d930585b14beb5a0959dd52e1b31de3807e0a5a46df547da7b3abcff37f8f28c19007ac35d52a93897253937eb7b316dd35d09a33e64016a084bc9f951ef9cd5e2a031868e0507d45b65c38ec197a5038b537c763a50e07a8323c9a9a5fc06f53e67a95c26c2d4df22d74926b2e3d07986dfab843dee9704b7812bd02dc477e26a8422762ad0e4c1660f057cf6f2db71d5ef7d3769280b841cad9452f6643bb7d6f3b029cd05cd2ef44b6e87def2bbfb2ab33d1705625efe5d07f229a4fe5593678c1ba6929178194fa4412ba26941cbbb57a9e4f26545856a8f30a594f1a8fced44f3ebe6c2ff6e96084704945f2687a58730b777bb04784552495ec5fc3b4772d8edc2fc79d342fb2c1617876b7156b04a0f97377e882f64bf688d7c344eb4b2b421b3a4f56fd9017e48a85d69e20adbc3f4dfefeffaba79417c1c995dece65e78f1b00726283bb65111c22a99e84aeae8de885dfe37e55d45387f97e3310d7e1b6c5fb024c55610c1891b1da450ba2e3c0f77462d6f7a0012245c1014a077212f6da999639e60bdcd2e19edd0cebcf12992ff6674b586852d56792f632ce16faeb38d94986248ee9239283c2cd90389da99c29acaac732feb5ff00d39fc3936bb8b2a7abe4520c57d1fd667c799e19f8b3f5a39098b2f659b45f1f6f7e692a33c01ecbf7a393d16b3a95529405f52fe24c7bbf3c6a33b60ee9c89011ce480617c90677b09b8981e2d5a01ce0250a140e2fab012085c39511d8c9babfc9f24053ad044e3a810ff84f5b95c3585c58c8d7061d74c0beb38dee565951f6ff63d3eba7d8adb22604cde6eb20c8ecf4143c0c929e078db1c23c1813f09e5c51db18b4333f34703aecd83327353b1762b48ee13cfda55080f3090cdb0c114002069caa8ff6cc9ff5606af495a0fd7518273d42ad2ac0daacda6ac77b670098aa6b16d22a011047e5900ec48ac1800d476b834ec24edee8512e57ca83bef243322176b2326b0857fa9cf5a691212d3ddb37308e24fc90901c30cb1f15d4d9aefa9f465b2015a2b1dcaf12e6b183cf4d279cc8220737b04bb0e55dabb06afb954f82646be4e94b1c0f59776df667b8bbd080f339e8395d9c9f805a010570f002395b83d5c898d518a119bed92493ef4fdc84a8bbf1fd2ba292d7b7eb59b4e5dde72b2c1716c489a3b7a714115ea09f445f79bc46f61f545df9ab5af27bd77f8ba16b42cae9c165a5c2e074fd7a8c675571bce0b9ada7b61cf33038cebcfff87f02aedfd0fd774cfb4e100aed9761e2b060afc3dbf78df4cc4a9df582b55f36db447e0fcc5ead9c225d68407ce49e119e1c5819a3bab0e1f3c53b65614c8440b41d1e4c3a13bd512a3db23b705c3598374fd50437aaa6cddf4f9b9e17ec522278454d4a2769bd92ca77270c9e00b4b1e69acab2df8b177ded094401e74e437a021b3d97b35be08036703ece813e332dc825881f0d070e96f6e441582d6cf63a577e64ecacec8fe542efacd82cfe6cec69a0525436ca6c286eca9772723944026eb806b869dabdf4ce356442f280ab48ead3170d7993d601f3d76eb6fddaefb16d8d6591864d6ecfefe77b8d309397b8a496b67a7276eae2ea6958f24dc7344b3047b2108ebdfbe1372beb7f93637f5755d8ca85e5ee71380bafdbff6147e958e113349b6ab3a43f1ad11883e0a27e4c2bf0808aa26a653b4de59a80536d82fa627a350c4de3ee211be09e6e8c97879ba368ab008838b80ed11d47bf177c6d759b3eeb7f932d7646c33fb98f34b8e9c83ba0828ff8512a973fa4e1ef8705004c5b52b09ddde19b5e637d18098ca9cf50c16d9f8b590239c8d165c709523f30775fe99c3a52790f659092dae8e94e9a34158faff310a97d200172bbcbee00d81ae709e6ae754c6c1d051ddd7e24f609912a0a8129c0a08a08a4b39310f35c7c41986c3782f263def2114d4fdbad6493ab82ee809f7ac0ab0b6f70427c93a0839af100198c420a4b038304273217e0b68327b5ef6e028be99e740fe3d7d948485d3e8105e29baa7715efb3c3ed5d01e62db75bd07b928a080239c62b0affb8220aee96334b7463d00bfd2d5998fadfd4d76c1f5aeeb9f4990b144c186c2b8b90069e51487cfd0085b45ce2283457785f1dd64a01c6762122439060343b4593eec50db9af4feda5ed4cf5a8e45ed426179f69b36c54578dc28f249fe37a5511ea836edfb9d99f1753630684a0376587d868c635eed3e4f947eeb52b31f2d53c71137962dad65cce3b4797297e59cca3b1bfb5b2bcc63a8cca5a274a1fc4cd68700bac67a13484a021c178e381144f26894566208c458901f9d4d752a67c48a39feb2ae6da2d8b0aa5edfb1b486e7bff8ded3a44555057ae33b9ce1b779a6b5be2253b2e6e5848bf7fb8d3d951d55884913230568f7e7571ac6bed5d69c0c84db254ba1dec57c80059f7eab5545b9e9770c7a1a411a5c15e46bb745520a65f2e2b051e1e2fe8acb5d6d13700ccacd0aae3e5de69d72d6a6f38906338e1897c40d041310be66c7a1b613c14a8e415dec3df19b58d4451b953e03b328f2837cb562079199ec0b93746aede6fc20e6f11dcad8dec19e04212582524804d43b7b4d3fd73a7b1b582015b3f0a2e6ebb65aabe05acb3fbf2d22886657beb7919065fcdef0c11664f99a8d6eb2ed74053ac6e9cb931784cf3fb37bd69f32640ecd3537f9de92f035bdebe99678a67b23b90cbe3d8b47ad9d9ead6092aa760b6e7376e541a75f620f3ca9dc4cc38d7ab9a9b9075ec0d30bd582ef9d3c7246c66e94431d4c5299f67d982e15464bdb93c3916255cf835423bbd6617730cc8672c31e7fc213162c7bb3153b00c61c9bf9c87378716b153bb0e8d317495534ae11ad7a5f419072267e34c73d8e285274327263f8a636e889c028678f6821e9b0340b3e4ce00cecdb0e9d8b8b58a5fde698c272317a02e8c99738d7aaed152c32a872f39fba1e34bdf3496dd42970d8106a8829a2f13f1d3bea8782ca3239fcf6b63aa00f999841266624be07816d35b23d0d7ed2c776c59c07ebaa6276a650fcdbbbaa9bd58202711322693128a207077c777525b2ce7631f1dd640d705871cb599a410cd3cf6511754b036b91250c1d1de10b4da2013cf27b3e62e57681ef483f770670301", @generic="d2f2dccf1a954007ed7a386bbb192c4a2bad6283db293c0f5fb981bac447221b1d694970bc6107e4b09aade68a0f6ba71d0b8802e4c62fe53737f3926a3bed822966d6f1f34e272332f03029854b3778f662c1e5844e7285ade7ee8c3db729a588594e79507a0850579b517c3ec76f72c18e9a17fc", @typed={0x8, 0x1, 0x0, 0x0, @uid}, @generic, @typed={0x8, 0x3a, 0x0, 0x0, @uid=r3}, @generic="60b4775079"]}, @typed={0x8, 0x30, 0x0, 0x0, @fd=r4}, @typed={0x4, 0x2f}, @nested={0x37a, 0x89, 0x0, 0x1, [@typed={0x8, 0x4a, 0x0, 0x0, @pid}, @generic="bc1e8e3c3aeae57082ca2c2535764c8e044296f634d6a4de03bd32f9e568cd299a390ebc80f4c1ceb809a5482fa5096bfceb6590ee4bef84649279c1fcf5083f529a64c1becce8090100ff058c9ae7a94cce1c9edb7fd3c8687f776babda585faab917ba8d0d772205efafeb9f517844164a4107afbec40d4b8572fa6463ef70c28518e234823e9873aea18e2aa3153fa778c60570bbc1ba9d0396615b38fad0cf83cf84a49b9b2819eb00eea6012a3ae3d2a26b98e027bc624988f124641c0c7565a063f42b34478892a6632379636a8f9237ba91136f1f43", @generic="fa85fbe6c43f99735c0114266e69b6c541d7cfb8cff8b9b54a4155ae40172c5d388d0043fa3be57b193571f7e853e54f0c98eaa0ef8f7ab20c12d812e7ef23eda3f01d74f9695263b1ef7f613623e4442c0bfbdfb3baa98683f8461dfaa06dc46606e5e07184081b29935bbcc05ae49016ad2bc152a25b35a0cf80c22915d026b873c83f116ac39f964b", @typed={0x4, 0x4}, @typed={0x8, 0x3f, 0x0, 0x0, @fd=r5}, @typed={0x8, 0x68, 0x0, 0x0, @u32=0x2}, @generic="7270b67426623e108d81b3fb3473309db105bff998d24b87307ee8d98b0bcee70b65933717f47609a613400d58fc2558fa11129e19295fa7031bab4162fc2ca05ddc97f367967a6a41abbfd2dc8b3608d9ba8289da20081965244eb449440cd14ca62608c51036d5eb77c76b244e1905c217a08e233ac9df48cc70c48c0b4bb9c57ac29ebce11e7c79cb028f3cc118221172a062e664bf46d7ad4ca53f1c8dae976e20abb9f0c3d75f49da693364c75ab08aa99f58cc58016125d998226a5d2035b928e996052767bde06601812650999bd2f8f3eb4c7779299a765647e76513c2c77e04d05541fe7117e73ac33b13ea9f", @generic="33779da0b625c50197eb104e374a3eec666763841581023d420277b0e3607dc7153c9023d9baca831bfe3a27c6e658ea0b1142219e9d5614e3cfe91b5f1c83f74681a9b1c79457271d78ca69fe191c3962031434f9e47744c21fa9298ae282d0b35a4d7ad33e39c8d87415b6daf3b044dfe25c4090c350ba97464b2ae597e6538f87a35ee3c796cc50130ca57f2ea491a8f4c90106f348596ab612af9d20f2cba1e16d60e465", @typed={0x5f, 0x6a, 0x0, 0x0, @binary="096571fd0d7b441f06e58deb65a6fb17b1f4191995708738955c95a54a45557b56da07a495c2c7f3d1f3defb4c40baaae22d4e9c3dc47a9d803eabac121a7ee635969270a92e0f4bbbb92dc52134c4bce00551cbb794ceff9f06a3"}]}, @nested={0x1156, 0x45, 0x0, 0x1, [@generic="4c1c60610de5cbefbc0752dd1fcd08d1ca7341c3574c45da42d4eddf0bcd43f1ff3d7c4220093f494f8177902803ce7f59a27cb3ba29d57af494cf835fc4c498b8fb153daca65198101c994156a932f16adafb87396d3c0811c7bb99ed49172b6a8cbe799cdbc6662d568f78cefd470690497124d4efc8766c07b691cdbdba089ccc1cb234ab5596576f8b34145a611c4baf0ca3386185ea3426f3eba6ca2eea831880581abb411a4c91c52dee52fc9c7be68f785f3e67af75495035eab9df14249e47c79e93afe07b8d6e93929bdc6abc3376e5bc8a5e55e68b1021a19111d2605594823bd18d37dca6badb65e6b6e50b2406bb6f85307fee7e8a49a5fbefdde27b468b9f291446abc25dc255f9aa7ef309fcc6638e0c1b8957d94bd10b19804bf30eb7199f33abee059b6ce4dc2285f07055637ce4455234ee1c1c365c7b6c1f0fc742b45214e5c92cde0d6fc62b281dcd7c177aeea8c849f47c17096ce5c3154395c50a556c7730d7ad1483f85a594d082a158d80abaf818d731270157ff1b858dec94bf26793df6a21d3cb2fc1cf3c95b194f7f6cafec0e1510e05c7b4af961fed456b11d59aa10f1aa43086ad8a2b14dbd013b1018d443228ac807eda9ffa5ead2545af527454f577f4c693aea9152b919020084ac29019ad605f337c49cba099fbde70b6ab8e4fa7002f83fbc42e6abb057f494cd157e28c47c7ca8cb1fcbc1820d405f5b7b783db20eff040445838554e2f34ebdc3a7db63cbda1396429d5364a63a05286b90a9685f7e42598678189a028c3cd43f7a9bec8310611e741d076a62f34781352d3f5bf3ebb3d958cd116ceeb9ddda189639841b1c65278447d2f8afd45de64cf9bd19ce4113db0375606ec124f2fae4b1eb7b9e1c7ea5a97c94b4a1ecdc9fa31f81d9c163e94d993340b98f2206c5b27aeee819790c879ca51d25d3a488fdb1a5a23a8b738b91f8a91a627b3a81ae7625ca807ed47b11717ea8d78acd9182fe3d3abf7aac8846be96c8282140e25bf7c0b8744b2809c4a7532dec63b759fa1311c4ec1bbc04fc8f8d743d25d645bebd2823b4ecb5d6e7fdcaec2d5c1c16399631d107a9ac46607988b35785e3cb46b0107b8c6d9cf0464e3a0fff4e1df156769a81048d79a0cf5989fbbf3d5c2f53911ca2b371709b685eefb03c572b5fba9e9b18523afe8eb1c0b488be52b60b36791dc1d9aba2d981f10d25cb5f7ffe38864e626ee3a5b45468140439218096167bba9e6a3a7fe9189a3460e208b46fb1eb3e78a9b96034cdacbec2dc72e631ffee94d1554f891abb3e85a76c0ea0706368706bc5d48c3b8e54746684d4ce211d8cf97722c149dfcce631f56b17c1f1f4bbf10712cff48a1fe2042ff1bf857889abd57e61b0c29b93dc3c735ce747ca2052a9edf5274734fd9e026c6d5bd05746083822a54897070e6e7e61dafe333fffcfaec266cd478e79994b87ed587c24ea8cb8cc990f87564606646b17b28b1b1096078fc7f5a87781990753020fd2ca1a5811609707c54e3d796329a99648b6d8489b9cb5abb13cde4efa901830fbf87528c76f94dee3b99e7d9246860ea21176beb6dfd0c8afb72f15865208ceae3db1d061b22e49073bf6e1cb88aa7326b8f1b71512ede87cc97f80a2de636e45989f2c772b0bca1a7ea8eab41935dfba77671d1de0d531035263785ff28625dc7a98f9920486d239a3bfc6276d065932a47e074a133563e524d3325690b6901acce6b6976c952f4eaa238c86b8c1ee8c252b992dbf3fc5aa0024c71ce5f27eee1d7cab4181f77e33ced192ab283011e4ce08ebaa72be28d438ffa778e0dd158fd1a6159a3f314b4868fff8422302aae9ff2327b768373587de14dcce9c8c68a4d702d14e7bdaefff6d1ed4c6f3b6c959cced2c2d0d8c531cc1cdcafda04f7febf774007c40896b72992aa93b17fc3457358ea709df09411544332730f9cc79d9e8c1872a433d6dc8e6055925859026bff4b44c61663fa7e9c69580dd7ab5f6928a4a1e59c8945e73e5285f40ef359ece00372a34c965fa48cc4f6d73727bfbdaf0e084eef79c781a955360ae2b4206141500d75c00e83c868e0bd3ca609e96ff591028a5a44da55cfdbf17a338a97affcca8253f412605641c46d25f632bb8108c03c07a72feb8d0554eba6e88e4a2ff5175fd07075673b9b2234609300cfe42f25b0262cd33f808911f219ce4089f07749d971cad0f35c5685af41833d29823739af8a61928f9d12baa41502b83c422c539acbf43a32214fcfb1141344f8720afd5255ed246135a1b204c2cc8ae72bfdbc722c2e31dc0e9fc3276211870785941b2377392de90976b5aa78258bc4784ea7ec916f238d5e54a8f0cbc278562f0da5cd5bcf86e04e6174ff8aa8710febd7ad2e5bb0f74458b522422ff6920218743390e99d99849b3e749e1b3f9811e0d41afa764bfc04c3f49aae9c2b6e9f033d5e562898a49ef788d7fc76c74e3b54fe100254b838cba7ecc8e51e606a6ef138ee91f404b1b40741cf70afb9532e63f879921a14fb4021b43dd9eace4aec11d884b17f19de9902779784aa31f994f92b10995159831192cdbd375c25374136bfe3b2503b1dc4ddfe8f4d1bcea126ecd5f0cc8a7d5dec30a05e2c737429a71e1af608b3eb6b1d6e0f69fa64971463445398b7f981d0b1a4c59b2a93cf9de2e5455f16152042e5629e9e4749933c35a777c7969afaad8666ebc3829341eb1512e87cbcd34f1d23833042f45f062f0ef3fee0689d3394b7ad6a3d23da8ea06fcf6317b4f36346af6eeb5fb5f4aebad775715fa32dd931abd9de70e8adb70635b06ced8d9ea922d893234a2c07f52eda9f4f82256d8c92223b61e0e4d42227b763f9a0f59fdefe2009fa71bdf411ba574ef4ab92de8b645541cc38a6a7d67810de7101c88294dc7de977eb48bb9feeac2d62e5fa718e9da602e334d42bb41a68898b2e9af39534d8e16ebe376ae7bde63d004136a7639b7405a26cb4434d89232eac11f874ba68ebf2848b041402bf599c357ac7792852a6b89043ca8d6567f9936a03bfe3cdc1503ab6b7b5f9d3598e592e1fd1e1e6149e3ce74ee0cb87bcbf6ce12751f82c8a4b98208fd8844b7e2e41668348b00d813f7353e25607a4fea118f0503655c195c959606fffef6476cb6d8cd544e2243f554e3112c2c77bb6406c9095d6dd5ac33b218f88e80d397c7e8458597ffcc136802d3b1315ef804c5ee7451cdef4f46de084b0616b8d4532138f1127fba5962257d52c3ca1b48614d3cb8284942f780fff94b66a53e63fe859e4f86c77147e989f72842587732a3ef2ea8cb90e92152d952fd9e0ab9c79ef6f67998d83532c61dcc5aa54dd98d556ae1e2c92363a5817a3b5d5121c6e977cec1ca83f2c0c70fa8a9f2f5e76d35feed03120e6fae057c2541d5015eefb86f96124a403541966df531df8ed14db30148f4d3ce1700cfeaaf29dcb3569ae6dada9945daeb1ce5619baebf64c034daef29c49376e36331c2bf04edc4d46ee1c0843f4b1a74ab72573398ff48a02cf8d465b11cca2eb65240aa2f3ed795b5504b05eb834272fd18ae12927e5111c2af94e8f6701152cce1ae4bab16f30731b1e8e3f5cc8adb91188ac1a4bc1d33bf92db40176a7c51a5fec45904235e230506e5e8a442a25b26e6124e9de049e180bec7599c6d2850a2136572bc2bcb12d7ca204dd426cb1279b253869f60fbeb4cdc4315369088f2d61514d6bd6376748ef522ca5a3cabe71c19eae5970ed7cbaf3e7a75b5e1d71c2c0e9eee3018a771915c20c1c33171b58887efdc437522541a216ef83ec533ff6ea4e3fc1c1dc2f58fb991752908f7388d3a872b0940a7f79b73890dc56a655236b37420b3f77fb61050c078fd1c3ffe75f86c2e38192a7dbac55159badf7718b187875adef46aa83d5281ba08a309d83d179c2468a41ce44e312c41c3fdf851f5c5bd57a4ab6be9668a82890f5eb49c53a5059580e93c538181ac0a730adfe037ba652057abac1c39f6ff9218d4ceca73f9f4194c255f7aaab06aecb1ad900020c319d457867edac51876bf9f11f5182cb57b78467d6d2a0adc900ec225f4aa51b0805bc19577a4bf9ffd7c164910335c384a9229813d81cce0425f727285eeee9d19e420fda4162f9db408c53ca958540598860682712eb4354b5f7a8ed25ad6eb6132c9d17fdc1ba9186561c7ad692234b2a046b15bac72d5148367e23c6aee1eb4c2885a726ee103425ac8595d2629466c2e23a9dedcfc1f4dd38afb8bde03e21dbe0349680a261a5b73a3fb14c8af2f8cc93a6dd5b86b4eab869dd6ca0aa827b6b6011c0ab7cb190bb587aee9054767516c17097ba0c445b4471c864227de16640a8345bd9b455205eb459d8f7b628eee0e1fa05bc9050e6cb0aee303751cc494134813bb14cae5c6466ff4209d18dee5ac42b8a8417a6a016d3fa064c209cb01268f4984aeebf3c095cb4d0195c2ec822517ded927479ad014e6829ac63210915ec587a43288b2d8e6a214cdacc500dbb7c46aef34c4f6f74065ed9d5b6bc98844b1d19548f8d4832f7635a14c0d2a61f093c5ccccb85ece5f05eaca738e470b7013bd35da91a59f6eb003d94884c8f44bc16016119d5b78f83caf657924b824ac36db2b70391ce10114fcb10465e3ce5123259d822b95129a38d7ea836d832b98d70d535571fcb3c48f950f47453f52bff6a913962b5426d11fed011fc8cb88055386cf8bf194cea1634c74b8103a449c13adb3686096abc0cacca64102e9e9cd028a58892b96c86563b8bb309ca8f90cc765080945f7279a4458562652d6368a47bea20ecc0ce300cbf44cc8770f60820fbbad062097fe43909b3d3940381cd9d0c3fb032e473cf8f9b54d1eb02629dd7414f24ef2e39f8a944224ee7feed5334e4345a44d3bb686625b05ba10e741cec21f0b902588d345557ae0030c8d8623961b7a8c5ca5dad4a8162e16bbc8d934f1513f02cae40501d145f2b7e5aebd1549757645bf51544e24e5f7c98ebd4e3b2eb7f9dfb5847c5b9fe75787efd7169832a301a92b440a7461e6311cb82033625a32a9d62a86701bb6bbffed65fa01db1a7907f4a96daeef3a7d132a6624e9abbf3253bbab4f7859acef2a78aa3df857d58bb7e982cc1a4fcbdf9555608fa3242ad842b3c7c71d663c2dc36358535efa28c22cc31251acbf393d6d9d8db4424d93b35f66548043ff870e1c2aeedb09f3d7cd56e268367343d110169fc83e363c8a2c8d00118b07dbdbfd3a59e3543971f13f39cd34b93a0f7eb4df4dbd558b27fbe684c01e5ea8f636d72d0f85121dc10846bde793e61eae825700a2ff8eb2ae026f42b2173ccac15742dc50274d17aecc9583b7b593caa726aee2b7b8b156818028ba3b4ca6a1ca2bc23153830701f01cb400e2b438a3f291313354b251d7ba5dff6fba07e9a3006f2c59cf53c390572f801d4b8bc9f5302f900474b65a45d34b309aa5502265eb8e9ff637e28ac12076eaa29cd89c408d465df3906c689f2b7d630de38e95564327b652f2d88c188a218e2db4a08b9bacfb4b750892ab1355a33c6848173932ccac3a4d266915b9a5c4634f50fb1321a74c0bc63c6523772da19b35c78904074e1087511979a1fb38c6d2a5b896e9f06b94973dc702dc6100e6f9388fb46c438e67c4db2213f3efd2e69de550ccf15f74ea839f941ee5a42d8ca55cee7f9229af39bf9040db0c588361fd6261095425c476a4519c86512a8bb3bee486ab452e5ee94b8d52969df494c4d5dd077", @typed={0xc, 0x16, 0x0, 0x0, @u64=0x9}, @generic="96d71343fe248756dc5c87bcc6fd2be4b169d3315883d0891a86e92d82f90dbd6761247ea13737f9f48b1864a06a4609ac1866974f530c5efe860ca681154f7e074ade5d36782f0c1ce8f1c29278919b82968c31b230bfe62cccb64584b10975268fb38db0294862dceab3101b5c6286d39bf64a35b42b178d8282efa90636cde967684606a5d8b4ca95974b8839353c32da5dcc1992cc6260109867d7fb4403c99580a961a51d689c303cc5ad1612b7cbbc56268e656318396360439d110f0e672f6ae7e6f18e98beae397b524f2e60acf404f587f1148d2bfff0d83fc01300", @typed={0x8, 0x20, 0x0, 0x0, @pid}, @generic="07b5995eb562fe973eb423101645895ee2acd0ff81c7a2600606e2433ce94e687cd088a92f92a94158df2fd6a629fdbc5372c26487bea47f27558da00ab79f50fb7f2fcc2f0b87e9c5d02e9ec8c0720e2a3e9537e90c5478911b802a8253"]}, @generic="412da8988d4832826eec3632df2da16e0123040c6e26d7fff355877c16e595081342ba1b6fd2ff7473e2c6338638ab50796e0f0b33c8a06e0d8f978f8bfa73d035dd9d68b8980a8a55db1b6f7a43ebe26f91b514b780e609d312db779c62b5be394042dc7b708fbcb7e9ffbf5e6e5970f5cf2b84cf2493303a1d6468b1720ab10c92c40f6822059c90a7a4a0fb565a7946"]}, 0x2704}, {&(0x7f00000052c0)={0x1010, 0x18, 0x200, 0x70bd25, 0x25dfdbff, "", [@generic="cb594d3f77ad65fe71876229377bb8f8a46296fcff0bf0f30172848853f7983e72eef1ac9ef8f73bb8d2b9f841ba2c19daa49214df2bb60ae900ec9d594fa63c62dcc93cdd95524b151db300af81fbf060edea50a55e7e4e0aa9d03274d0a98f6d115a0161798a063f7550b8c95b23670fe06b6d92a578372b4e7b072e4a3673594b6733d5694fc78041c4ba92de2d65c8ec17551126d6e73d9cb4777dbd0648c77920fe45cabcbb14c2473b31896f947906dca46b0e97331c74b7624f73d11a9bc6157871bac571e2018d42e05e02762c9d15eb376a99d512d22efd49bd92ea42cff6e9c6ef1f2f5d0a05b093bd32748be29062ca3857262f7db83cde14e5ea1a0f01f81d447d103702baae282aa7b63edac17ca95f94568c0a461062b3cd0726040f8a01f593e1088f9d83782c375851730a0bbc82470338eb8e69d0044e2a6e2474cf9d74d639264808a137b805093af91a7e60edac98d573ff60d1ae02c393c1f3f133e89b689c7326a1ba1eff3c39ae693931371fb404fbc8c37a2de2e20b8e07c1fa33af2fd67c49fb37fa7941fb4210386274310f3a8f6b034fc9c73ab9417e32d53ba92adb1288c85b0eff33f15f066930c838a8f147a274dca08a93998575037b6b02ecba988a9df8588613d4b736e878e62ea7381687c6ed30d7708637d0dd8ca677296da25d29701af37088aa878ff35144fa4acc85489c762dc32aa09a1148d40c6a01a6191bf29d4d252cf78b7187dafb6710f6602807981f77e2c2a9e510da9ab1bbf4bcb81b13c060cc366d32909e853a85a88af3def172161f1ebd99023d945c1f448ddea0a50ca661aaeb92be4848c0ba7010eeacdde6d0638839922cc5ec1e1f379c37db89a7a72629bdf3fc23dc9ddb21fb7a99535c722a2a5a08312872d887bef40a7ea747bc869ea3e7ecb13d9930c319a34bdd36dc1dc47fedcdb5c0472ded901b844bba2827a49124915489b3d3ab44fd98059e6c444b6168e3bbce771d42ff6bcf00079a7305f207a8f3a22d3a36a0b9e72ecbe05e3ceb0c51c7aeafe8fcd01aa41b95a05c9d8de103638db4c5211adbe77662bae9a8a9cc59af0d59bc9208b6d10b0aa6ca0744051fe00828dfb909698fc3b7e9ec426ffc2c4c4bde699e394087090f4b14f8aee150a9b0ad84e9f20576aefd022fc31f3321afcde3448a591eb11066fef8b08087d25a64c3dad8816cf2858f27b662a208d63b597fc2741f3918539424ab2404e2f2c01c78286648ffeba991ceab35b4bfe98f05e42c78a573a6d0acaee53536178a792cabc31627c50eccd2b5e1fb6e415cc2ea64e13865515b50e771d63843e0da7a4d95bb2d4d61ca870f4dea1b95c40c2cbc2626f94dff1b9841d81bae84929f026fd373e5057a98b2e213297bc6ed3b572379a98432d7b3616fc6226f744d8183d7e83e530020e36c554fe1dbd0631dad8d68c74ee975e9e6a95419f012d9949258ffa05e06e4565c9fa32b3f0abf7022ccc3c16a5601c115d68ca1232ae8e25bf483f4f06427715f7a9583e4d53a87c8d31d50e2126220691e85adb752138565aa18afc9d3f594ded4919e92c1c95cdec4656af3f4730940abbc1f41d42ae3d2a36976229d26d138ca77e7540a15bd8d72d76de41e6312ab095d041967445d6fca8b8db76c846519e6cccca3ce38541fd64bf051f4c86a1b723360cc8d2c8aa483a4d4f226112f42214af90fcb6fa5c7986dcd576529ea712e3576a80f91e7e9c997482273e652780a6c0376b7b6ba12dbf79168f08322e06f68b2cc63b29e79f0533cc3277eb5ea3e8d8ba25c420241cb05d5cf6f856b9d957df372ff61b8a76060140c4c817b8853ee9f7a58f59563097641a0c9d6e55ef612a81e47b2b3134f06fa62233e2f8cf535c88c307caf900adc80c50b084207ffd73311c5d99e157d993e6abdfad98224082e5683abc392bf66aab780a5019e859e98e398e1a96407a31e735c8337c12a98ff8f3d00772eb00c07af632430e184de6f96365bbe6d3af6c160ea94110fae3820234c89f42a520e16e6d61e94cc17df7c4d2ba192b8e3b02471bde74ef942289602d56468e3244619f42c3f65c367cc6ffef2bd30c23fc1d3155650d27c3fda6b2a67f820edcef610ee961ab7fe26f0a1398d4130e6be9f0db92dfe50f4955063200ebf7589ddd28ca21583cf9d5c14c6cf8237bc50d786322330390d7beb7f9888370c8d74cd875a620b6719bc606f9d240cf7f805367d5c461b6289c7721f8e6e0b820ad68cf98b2c39d7a09f5318a43ddab1008779493080e5ee759856e0b20375e3862b7e45e728e0a7e083d63df84030183e1b9160c5b19cd601a042b1dea3a209037628c80d75751e990e4ecbbb2977205c6bb2a4fd6bd6d583aa7708c345d1bd24928b8ad8d4c30afe30955bef7337d1ef9e4301d8e9db6afc695eb6713d16877f561e4da418e5c728fab6626a6a2cb8360b4d9a68b61afd782f3a4f217a13af4aa29aada5f17969fbdbd944f3d36fc467ea785bae7d72fc339dcaf3937072e2610632aef001819719c228f61df14d9864f92eb1c5b3b344c6f0e75623913e28fe55bda4de974d1bab3cb06127a81a1ff5560c16aace495edf242863e554dbc70ad3fcc8e54cca3d43f93024ecf121aafbfb2ac9bdb3aaefc1de2ddfbb017fddf3cb8c4f189f06518c0b164a53b1642d8ae78c925134a95b2f347276b85035c57c4891d2008f888134f8b3eacf2555551c537c222a30b4a5aa8f431658eca627b16747336a087419dd8282aa19881e6fd3a12bcaf595ce9c8d2238c4b2731ffa64ae05edb8588edc098107f7990a1fbfec86fa3dc1019c1c895292b5f1a76ba3e7e718544accda4bdffc0eaae557d6d21d85995b0d90868b79aa14fa68405c64efbaf98e41849b06c84a7c4740be11049b44b65720aee9d0915cebbff8f256b67c883f47a6f1f319072dbd5655154e6feb3e1790b935e71f97eb161c8c8ea03b0cc44c1d0440e8005c0614c99d73960baec8720981134a1a32d84a9445fbb09733d8ceb66bd2377a8c1ef2f4ae3d393c2dca52bf7249d913cc788aafd38abdf2a2576fe6f55c9bc31890a30f9bc5482dcbb2c5ed191cf21149a6184159dba8602ca94c084e64075444fea7e854329da7ae2ab078b44ff7eab2336334ae8e6ca59a51e613f2d63daf2064603004e28c5d16f50eca9f552f907d4b32e69a3b132235144f07b3361f352ad71e4edf68c8c80e9a8c15c020a25ef55604d1efb615fa65a9107230d09a85bb0e05046d9f124b0232bbd2781dee97702601ee845646905bba925a70057611ca48be552a25ab8dc2c922a8fdc0ef6b49427ddfd169c5991285ecbc81329ee3fb702f0aeffc530826841ffa9a773c1b9d27f9a83a0f56f712e176630b03ab63dc5bcf678693941490618a946a1f16fd6b74741685ed663892ea6f3056c064844f7dd9b257eda9b348af6e1ab53eba7be740f48963768d5201c77aab39e35a350b7acb05327b85a45b56720abbf954c93272dd62e9d30f91733b79c918baa184f5c87eb6e613bbf68d26e438479c326ce392da19813aa808a5a8c80f5927d664893036020cf0913075b2367a3867dbcac46eee763a858f792f56cdf61d353a7fe077001d5a0e25e99c90730508fe6d27a8f3d3b7788c9a76fa0720742b06faf819781d9af8a316321756f7535b0c22ff635dfdaffd95c89274da1e6c75d80bce6757ec6236a73be31eabe1fa4c08bd188d0f6b974a4c6042c21f12617e367e05661a6e39664b14f23bc8389711f4d33dc0c81ac759dc49109ccfa831855d381e2b28cbc92cd45c5176a97a28663edffb70669a6641f729b57795cc735a9e3e1781fc0a91fcf9823b1a74d1fcbf84fd8d0e550e1000e212b87d2a0ddddcf273e1e724668ba023103c5cc5faec12f1cd6efc80775141a4055e4efd0dd994e35f4afd87a175dfca6873bb6a95e12c4b39200aa17190ddb450bdd9c2bb85de40bb20c86c5642a8d82c3ea4e0cf8145141fecb344acafacc6b3bf3a83a466dc45ae8d8b0924d79a04e9b06b09d2bfc95a9777434c5eb8d60cc64c46665eab897b424dd681acdc18c65dd72c00efde8d173601246c29db184ca2a18c2e1e11cbe78d79279313d8375c9863747df28a7f6dceee2c6709f38faddc6faccd23a99c88059e857f1e44ec056a0bdabf77a6f175c88160a8079c32f16d6ed76366fc5b0522da6b9f708a6294ff4f3a979067ea97badc3f7aa544a053f1941d91d7ddff6ae8dae8ddbd95a394f7a21a08be77fdf3f0de555c3aec78075ba226cbf650ac77761debd532ce3fea584e0dbc17c3174f5e478bf11004ec6c1d693a3616cfc48680449ad6a6a30b6359ac134bcc767e3309ee93a6cf4016b7699f791da9e73ce79815b432fb93c368bc41e61ebbec020eb2921f6622a612420d8e5833192be6a0be20a87a4e6aa8673c3cff7de09612644506bbc5f7e762a83f8d2efaf60c13c7971779258a84e93d353e3100342610390e356dfa4b8c65d1d3936a94f21d917965e7664a020297a6dff3c6a4217fb5bf8769fc822f1cdab597dee5f82cec7efd4430d94d0a3e446ed58c19b85db304191db0ead737bad6c2d7c26e4df90f9e689d20f6adb30c8fb4452d5d5628e9d1d3a7a8a203a41672eda59472c23944d435111b07202566c0d458d24ca0f45c8f8c72e683863c73c668a0d0e4da2f72615566e04495820dfe6ea838dd0c33d554c1138e9aa9e7a7861e1cd6d62129a969f214f112f9326f6326f3c665730abcd90a5595952b843c37c9c60a3ef4f850cf6259af19c1db01707ab5c9f9ee15457720c0c9c2190a2c1ff92516ffba02bfd7ce850e731207a0bf8fe7e46dfd7b3c2133b34a5b26d5364b9dfd6fc1d666116cbec69a3e91d1e6904e813f9c3d54bc7829f1a934c402d80e5df2265a244faafaf80c5eeba85f47e2388dc4dfd4d6ba04b4ff699c0328228ae61061bb38ca299a92934444feaf6e176f254b3f61d8787d6c56c98800a143b96c24f2fb80ffc571d7722c27c147911bdcf87f53e9682bb99cb772c30fbd58582e432f35b29d5061b167de86f3109e08c6b7da68744119091b31a55ae9d92360ef03c5c9b5e932403c9cfc6b573e8a3c7ec136df9498269c59d1694d4de5aa76bfc91a915bc4b6334f27416bc7fac3269017d4c756b70f9f2ea9e4a02ac6c86e8de4f0ff10bed9ccf8655a9f69bd169078a53961cc3181f2e0bc18b442521d57292f600216e5b824ba48687c56b9989f08dfe48e7dc269201e50e6006138e3289eddda73b5683b5c374a9924822eab404b9af1a33bba620f3fffc723e38fc1f022c5bbbed6e1ea819bcb798e26881260c0244262f05eda62a9c8003e8f8a1440eb0290e0327e69f1e254bc138a0238e99860ea961cffb584f9406eaf57de2247b3bbdd7780d5e729fdcc91bfce4e01c72dba5de89365a1697f6151b5bdaee761df8826276183e082a73c28530ef569d8a61d601cf29eba06e7e53fff106eb077e11233f818d96c5cad75d98a73b4a67fcf9115bb85b85343a536abc7a73bc12cc760fcaef7c81865060eee792337c53716c6c2fc32e5129bdf86ff0386114435ac4f7c5a8b759b7406d2cf11e6b2b6444bef94d40cd3bec2794fdd940092f16166131dd887cd91cb79cd6aa8dc63a85ede67d7c988fbe05b1c010db22eaf4ea4666199aca5fa9230944d72da2b834f50d70632b93a13031d35e5279f645dd3b05e30e618c801ca992943079210761b63c22a9ecd35eef793e38c8880166311"]}, 0x1010}], 0x6, &(0x7f0000006380)=[@rights={{0x1c, 0x1, 0x1, [r0, r7, r8]}}], 0x20, 0x80}, 0x200000d4) write(r1, &(0x7f00000003c0)="53955a80162a9848b006255c538fa10833879187f620c4aa5930232e5c9d0148c1142fddc588b1bd271922994f07bd5cbac20dcb6df7cc51230f9e184f0f649cb4446c29cafa7d99ed169d2b98ea95a7a88647eb81e59623a4769fa02a9a78100c480e83e61ecd5c77f1b1210337b01be13e7474875b789ff2220da403be003fd5e5082e23684ccbf107474eb57ae6e25c783b81cdc114e81dc8c796ef02eda95be7655d36e808328de88aa2005cc5c7d638ac367e8fb94ba82d27c6d9d9eb495cde9fd39ddb2964d688573a495f7b195c8cd91e61523f6e676faa369bde5c7ab89332dbfd26295ce690d53b7cc1795e", 0xf0) fdatasync(0xffffffffffffffff) 00:53:37 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3f000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:37 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 31) [ 817.452720] loop4: detected capacity change from 0 to 127 [ 817.463124] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 00:53:37 executing program 2: mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffb000/0x3000)=nil) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000000)=0x7fff, 0x29a4000000000, 0x0) pkey_mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0xffffffffffffffff) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 00:53:37 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:53:37 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 46) [ 817.500919] FAULT_INJECTION: forcing a failure. [ 817.500919] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 817.511797] CPU: 1 UID: 0 PID: 6675 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 817.511832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 817.511851] Call Trace: [ 817.511859] [ 817.511868] dump_stack_lvl+0xfa/0x120 [ 817.511902] should_fail_ex+0x4d7/0x5e0 [ 817.511944] _copy_from_user+0x30/0xd0 [ 817.511983] copy_msghdr_from_user+0x88/0x150 [ 817.512016] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 817.512045] ? __pfx__kstrtoull+0x10/0x10 [ 817.512074] ? kfree+0x2c5/0x5d0 [ 817.512108] ? __lock_acquire+0x451/0x2250 [ 817.512144] ___sys_recvmsg+0xbb/0x190 [ 817.512175] ? __pfx____sys_recvmsg+0x10/0x10 [ 817.512208] ? __pfx_perf_trace_lock+0x10/0x10 [ 817.512244] ? lock_acquire+0x15e/0x2d0 [ 817.512271] ? __might_fault+0xe0/0x190 [ 817.512294] ? find_held_lock+0x2b/0x80 [ 817.512330] ? __might_fault+0x138/0x190 [ 817.512365] do_recvmmsg+0x2c5/0x6f0 [ 817.512403] ? __pfx_do_recvmmsg+0x10/0x10 [ 817.512431] ? ksys_write+0x187/0x240 [ 817.512458] ? perf_trace_lock+0xbb/0x4f0 [ 817.512486] ? __lock_acquire+0x451/0x2250 [ 817.512519] ? srso_alias_untrain_ret+0x1/0x10 [ 817.512556] ? lock_acquire+0x15e/0x2d0 [ 817.512589] __x64_sys_recvmmsg+0x211/0x260 [ 817.512622] ? lock_release+0xc8/0x270 [ 817.512650] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 817.512681] ? __might_fault+0xe0/0x190 [ 817.512705] ? __might_fault+0x151/0x190 [ 817.512734] do_syscall_64+0xbf/0x420 [ 817.512769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.512792] RIP: 0033:0x7f8ef3114b19 [ 817.512811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 817.512834] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 817.512857] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 817.512873] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 817.512887] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 817.512902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 817.512915] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 817.512949] 00:53:38 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x700000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 817.572623] loop6: detected capacity change from 0 to 264192 00:53:38 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x40000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:38 executing program 2: mremap(&(0x7f0000feb000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) madvise(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x9) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) mlock2(&(0x7f0000ff5000/0x3000)=nil, 0x3000, 0x1) move_pages(r0, 0x4, &(0x7f0000000080)=[&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fea000/0xf000)=nil], &(0x7f00000000c0)=[0xff], &(0x7f0000000100)=[0x0], 0x4) mbind(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x8000, &(0x7f0000000000)=0x1, 0x1, 0x2) [ 817.641877] FAULT_INJECTION: forcing a failure. [ 817.641877] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 817.646527] CPU: 1 UID: 0 PID: 6688 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 817.646564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 817.646579] Call Trace: [ 817.646587] [ 817.646597] dump_stack_lvl+0xfa/0x120 [ 817.646631] should_fail_ex+0x4d7/0x5e0 [ 817.646676] _copy_from_user+0x30/0xd0 [ 817.646717] copy_msghdr_from_user+0x88/0x150 [ 817.646752] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 817.646798] ? kfree+0x2c5/0x5d0 [ 817.646832] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 817.646874] ___sys_recvmsg+0xbb/0x190 [ 817.646907] ? __pfx____sys_recvmsg+0x10/0x10 [ 817.646942] ? __pfx_perf_trace_lock+0x10/0x10 [ 817.646981] ? lock_acquire+0x15e/0x2d0 [ 817.647010] ? __might_fault+0xe0/0x190 [ 817.647034] ? find_held_lock+0x2b/0x80 [ 817.647084] ? __might_fault+0x138/0x190 [ 817.647121] do_recvmmsg+0x2c5/0x6f0 [ 817.647162] ? __pfx_do_recvmmsg+0x10/0x10 [ 817.647192] ? ksys_write+0x187/0x240 [ 817.647215] ? lock_release+0xc8/0x270 [ 817.647250] ? __mutex_unlock_slowpath+0x157/0x740 [ 817.647275] ? kernel_write+0x593/0x660 [ 817.647308] ? __fget_files+0x20d/0x3b0 [ 817.647344] __x64_sys_recvmmsg+0x211/0x260 [ 817.647379] ? ksys_write+0x1a3/0x240 [ 817.647401] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 817.647435] ? irqentry_exit+0xee/0x650 [ 817.647457] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 817.647488] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 817.647528] do_syscall_64+0xbf/0x420 [ 817.647558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.647584] RIP: 0033:0x7f4b915d8b19 [ 817.647604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 817.647627] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 817.647653] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 817.647670] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 817.647685] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 817.647700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 817.647714] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 817.647750] [ 817.731006] loop4: detected capacity change from 0 to 127 [ 817.748617] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 00:53:38 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:53:38 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x41000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:38 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2, 0x3, &(0x7f0000000240)=[{&(0x7f0000000080)="e4759ede1f8c18642b", 0x9, 0x4}, {&(0x7f00000000c0)="59409cfcb7b76ca8057dfe601a8c6b1d0c69053fee49b0ddf7f4a2ad5080b4fe8a40d83951167fbbb245fa8ac3d9b99acfe30ddedb0f2761e4d5ac36dadea6d9af59f0c79bd5c05fb515bb605cdf5b944f75a14f4b68e9091105cfd04521e191276eecaae987f33f5681bf12490c34a13634c2eac5f4171b686804b4905f2544723ea5eca599288eda57936624ad5cffeea0035529ca403f8189df30327fb4bb3aa77ebf2d6ef3fd901045955e9f6422853febab2eb4a5a32ec535223a747c84258f59e453ca4c9873c863392d931d555ca8cfa38f4a668c5c10dc0fb95597de15b4620d24cba15d15cb00db45c82200effc6b91b1834e", 0xf7, 0x5}, {&(0x7f00000001c0)="3cb8446ab439e4908fa2f5c25cb4c34810965c49ce33a16b4cf9de0ce6313d230dd0218640e284aad143557234911ba4f0613c3bd29fec2d8ad7e1cd4c01370daccb93a25a6cd8e571a315738308fc8c0e8fda49d2e93efd1587bd298aefdffce1cf3abcb8b40bd15ccdaf969b43806fe8dc2d3c43", 0x75, 0x3}], 0x1048800, &(0x7f00000002c0)={[{@huge_within_size}, {@huge_always}, {@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x34, 0x6d, 0x32, 0x70, 0x6b]}}, {@uid={'uid', 0x3d, 0xee01}}, {@huge_advise}], [{@smackfsroot={'smackfsroot', 0x3d, '('}}, {@subj_type={'subj_type', 0x3d, '\xb2$#'}}, {@smackfstransmute={'smackfstransmute', 0x3d, ',^.!!\'{'}}, {@dont_hash}, {@obj_user={'obj_user', 0x3d, '\\@*!{-+'}}]}) mount$9p_unix(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x21400, &(0x7f0000000440)={'trans=unix,', {[], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@dont_measure}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@subj_type={'subj_type', 0x3d, '\xb2$#'}}, {@euid_lt={'euid<', 0xee01}}]}}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:53:38 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 47) 00:53:38 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x800000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 817.947246] FAULT_INJECTION: forcing a failure. [ 817.947246] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 817.948424] CPU: 0 UID: 0 PID: 6707 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 817.948443] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 817.948452] Call Trace: [ 817.948457] [ 817.948463] dump_stack_lvl+0xfa/0x120 [ 817.948486] should_fail_ex+0x4d7/0x5e0 [ 817.948512] _copy_from_user+0x30/0xd0 [ 817.948537] copy_msghdr_from_user+0x88/0x150 [ 817.948558] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 817.948576] ? __pfx__kstrtoull+0x10/0x10 [ 817.948593] ? kfree+0x2c5/0x5d0 [ 817.948614] ? __lock_acquire+0x451/0x2250 [ 817.948637] ___sys_recvmsg+0xbb/0x190 [ 817.948656] ? __pfx____sys_recvmsg+0x10/0x10 [ 817.948676] ? __pfx_perf_trace_lock+0x10/0x10 [ 817.948698] ? lock_acquire+0x15e/0x2d0 [ 817.948715] ? __might_fault+0xe0/0x190 [ 817.948729] ? find_held_lock+0x2b/0x80 [ 817.948755] ? __might_fault+0x138/0x190 [ 817.948776] do_recvmmsg+0x2c5/0x6f0 [ 817.948799] ? __pfx_do_recvmmsg+0x10/0x10 [ 817.948816] ? ksys_write+0x187/0x240 [ 817.948831] ? lock_release+0xc8/0x270 [ 817.948851] ? __mutex_unlock_slowpath+0x157/0x740 [ 817.948865] ? kernel_write+0x593/0x660 [ 817.948884] ? __fget_files+0x20d/0x3b0 [ 817.948905] __x64_sys_recvmmsg+0x211/0x260 [ 817.948925] ? ksys_write+0x1a3/0x240 [ 817.948938] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 817.948957] ? irqentry_exit+0xee/0x650 [ 817.948970] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 817.948989] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 817.949011] do_syscall_64+0xbf/0x420 [ 817.949029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.949044] RIP: 0033:0x7f4b915d8b19 [ 817.949056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 817.949069] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 817.949083] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 817.949093] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 817.949102] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 817.949110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 817.949118] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 817.949139] 00:53:49 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 48) 00:53:49 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 32) 00:53:49 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x810000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:53:49 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8002, 0x0) syz_io_uring_setup(0x4851, &(0x7f0000000040)={0x0, 0x76f8, 0x1, 0x1, 0xf6, 0x0, r0}, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) 00:53:49 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:53:49 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xeffdffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:53:49 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) recvmmsg$unix(r1, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) r4 = memfd_create(&(0x7f00000016c0)='\x00', 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r6, 0x0) recvmmsg$unix(r5, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) r7 = gettid() process_vm_writev(r7, 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000001740)='./file0\x00', &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, 0x0}, &(0x7f0000008600)=0xc) setxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000000480)={{}, {}, [], {}, [{0x8, 0x0, r10}]}, 0x2c, 0x0) sendmsg$unix(r2, &(0x7f00000018c0)={&(0x7f0000000000)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000001580)=[{&(0x7f0000000180)="4605b41f6837bbf0444ebc6560d5ffd8b0c1c444254f5bc1b1fd46de6692f0199137fe62818e619ebf5d38304b7968909be8c7241f46c91de945a93e5ac76327713fa2486e9ad5ad306a84f29217b183fc9575c3eea625e804f7f63c5da87226be138bc323f3c06102bcce7f77d3b2211184abc809dc3c51be73d1c9b38671d0483ef08ee72e9302d223c85838470e66f6cdf6551043fe870baf0ea9228ccdc9e4fe41908bbb6441a6c8c450ca2a3c6e25717c4638ddd51209cd7db3f6248197a0416ec6f4a72200b1654fa4a9d9980b51b34fa2b5e6cfefbea5928b0324b9dd59f98a82371b6a443d89fc4dd72c50880922b20b", 0xf4}, {&(0x7f0000000080)="2e77b6a0759b6edecd35b8f5b2665a3ae24fc10d59bacdcbe0436ae91831428db63495ae946e58b736f6ea21059fd85db678ea8ca100d761615d3ecf3846581b00d394966868361c5d1e281ddae6f25e44ef6ab014", 0x55}, {&(0x7f0000000280)="8d27e6031a793264862af8689d23bb83ced9063de66564b8a6d78783938ad7ddfe5ede962512407b3c7f805c492d82d8a92012823601f9d3873362644c4672e2439f2b", 0x43}, {&(0x7f00000003c0)="76aa61418245983fdc866e1568f5b64e8d31cc96ea0f5e4cd52ef3fc0464c0d6c03074908ab56e590dc7a662a5045aa4895ea2fa641f6402a61d4156e89f958de8643d9fd35ab1abc0d6ea057dd7569ee459e71481a955b87a57712cb6ddda849ec86b76e64b5dddf87f3d371abfe70722712831525cd978d5729e215d33da21546605ceeb016a2c427c", 0x8a}, {&(0x7f0000000480)="419ccc1045ac7dc1557087e8206e2a2a96c385ac0df52b036c4c62f8df9d6842a0ef95ff8811909fb459df962da89fcb3d42f4df37f25d8c4ec3e608ef8992db056c513422a9d4e65ec9732293348f9d4b6235c12569a41e66ea257af06f365d4117b474df3b99b8b1a8c395127391e837a17dca17bdccdda1bf14aa99548342746be76023dbcbc674d8aff05f83038b2ce45d747535c48c276d06bffbed0688c888b4972133305f0a2d410c2fd92a0e6d0e37e1da1c16cb2dd2eb7476657f477786c421ea3660672b92f8ba27ccb7fcd3e79a9d6c6496232acbe185433b6f6e466995e9e06f343a3716881966a4aeb461f8c5dd347bf6ae0652fef96d13", 0xfe}, {&(0x7f0000000100)="28824454186a1d90aa44c54dce6a8ba1f7829c0003520f4c599440c57968b4adcedef0f0", 0x24}, {&(0x7f0000000580)="504379b381e9bf1b4e6976eb2d00c830144fc8bd636260947ea39c2fc187b46ae60991b2e933f47cf337afdfeb573f837bcc212a59891eb1a2eb3b93779e5430c066c286dc4eae0595876fd075b2d030201adfdff2319bafc21d93dc0e07287df129b95837c03a875ced9d4ce74dd33464989433be398a41719148151b4dbc4820b245e4bd5acb9daedbc82fd3a1b48da837af19b550ebac446e080b680e7f7a187345cdb816917b9401fc6f832bb8a6006a6f7f283d35adb32175cb69024ea68176a110783f40d32f1d29c65d70fae9a8912450c0c949b20e0681237f2edf161308f81b3ac4fb7f25b110e781f3ebc4ce3c6b1aaf534b42e240dbdb831484fb6405d3ecb2f230458f326ca75b6631cb852e3bf8f0b8047f03568be8145e52240a8d253b5c85c0946fa0f703348f73b5d5134c0e6924323618bf48f48c681994f302b4419984b4b47428974988a3a1c07d235fa12445914ff42b86f8e20551848a00b00c8891fcd8f1b7fdcbcf6b937741d732a9e2c99b40f3ae22bff6bc3432fdd7bb27674ed6d6a4a6526e7fbf6b2232452d3553f3b80cb56250a76a6c5965366bcdc18d4738234ec2381fc935eb20392c1ede223b5905e67c62204a4ff12d7fb05bcf022cc861911095eb002e8f761488359dfe7fc8095ce3b54bfa8ed00517ea9d5329ebd7b6c046e85c3f96fa0de8fe7d6f81b90b7305ead3fa1ee25b1757c7f693e7674f1e2a7cdd483f1938afc7468b1728216176af251b4c178fa069e10e48a29c9e6d6578c833c0640a0d59760886934e3c15e4bcf2e44c1b9fad046019d899dcd4b0d32d9b5c48f8de7866ee88437abb023862835318879408cbf203f6d6e08ae460dfb86a16b4f9aa3666d452bd146ee9267a7c8de7be5383d67a80d3891bddd7458f77a28d0d17353fb0fe1f0215b186ff79c1df3ac90cd3f02c89f4cc098402f84d942533c55a3a9c7a7f154bc0f229f6fb41e29e4726f1b3dc4af385559f5dc3b5f383c8496e1e8355c513e319088c6d39f3d926b038bd76af29596cf3f7ca1d76e5241288ecae1c793dc60453a315981c24c951516bbf1012812ecc36851335a07502595625d7895b81c6461ed01c1402409f48464b8ebfba256957035769f59094d9eb79bd127949fa055e086ce6517b6cfaebb3ef432120626e24c15749bc3b96ccd9663f07647c40cb3387ec281692130976df5d7ddadd6bc174f56deb47c794effa73edc6d450203fefc6998e63643644532a124cce40f3fa8d1a9a2f7d951a74911b4ec739ab8dcde1f3400f0d5e4fc097197630c933b2b3619b99663b74a15828c26dad936e4fe896f04e1551ed791a1e15caabbf277a3022d452ef01e8b23ead6db3ba68f4b47c9d681f3b9db6641543be05a250812d813b4b68df6211e04547a570a4e0a8f5568ec0e7afd7d2d935cc7df5461452e50a88919adc38e6de5de81b8656df4a3f9f0cee71de181b1cd722a3a51704080bdc96494a987ea513d58a4974da05d4425b0655831f7351744924e5078d179033975988f3439d12c254562b49e9510a1edfdda67a63bdc12569c7f7489b1ebc43365e1bee3c46400ff151b6f8952ca123f6d89d16ce62f7ecaf3c12028e2fb65f69e28b6506f4db2c6904b73520a544497a8ddc57af133a88ffc0acbbfccb99c46666bdc8f0e23bf9ab098ff7ee96b8bcf52e1d9dd1c8bec7b9dfbccb38a0976425c920d4aff50a578fce17bf00129379384591be78697e7699fc01f18934e9c73d987a3f65ca1559f1235af345524fa02f96ecd1685823f11a0f547960d0699dc15f12c3e0fd6bf80cfa26b892c0946831ca7aba91d779c87da40f0c39332a3dc5f4ac4b35940c9fe52190c2296dca1beff69ed5b7d2717f3986c307eb8a2e2daf4efe1fa195587686d211942306545637ebfd9e8b60c2db13a5c1ea59fcd238ea1563b9b00332c47ec0ecced2f6a0828a542f37033e86e058389c44b84f510b7bfa2f060b5ff6d0d828f9247bd729bcbe714e72b78261d6181cf4fa564007b36e3be42613eaa907616500b320780b65f8ed53e5de83f644708a660cd2cb017930eb9c08e5995caec22dcd839f89c0d754ec63af38132b4eaabae1638d41068d0752dfc03b0e84f207b54bc82a35c2b6a831d8894cc31ad5f10b9a8abd79050301cb2f530cddf97c19dd7c010dce1f5233b2ae2814cd76851621c5d277b93bc48a051c6abc798ab876eb57c9752ee7a6db2d13e8e8ecf822e3a3273313aa9b4b563a5f7d38c9b3b7c7dff667e7937f84bc7036aef6736e8e4204c758a876eb5fdec986d9d7723f1fc32e2c18caa43c7145d88742d2cb1f09e6226604d3da017d19d39fc8b6a8525c6ba2ac774a8c92ac11d07d4e7a5dd340f5be30873b0c0bc11546659210c944b62c4365dd4b605ee79115b648e3d51013ce58ae9bd1dcbc41c314dc8f2c1f93e7962683fc3873eff752ce026a6bdd860cead42f5cb255e82ab9df5269a3143f945262f00108d28b801be4aa8fd3769683b3b3714793c4fa281d66f9c96c87bdc5df810388217635fb321f69011bcaa4b35cd6a9b4a2a433451b54875d1d1e2506542de1c5e50b33730a1cc395d33bf023b477dde1fe5ef6253f556c78b2fe46ea453e976c86624acae1430bc8d65cbacec71b595638513141e4cf3316ac616c7b8969bc5a183cdf1c29598318b1513abdc4d33b664bf4e20166f124bdd6de6b042b77e48f729df5f173b7a9579b27278be22ea9980278ba41fb0ff01ee4d2d35a120752548e906342ad13e5f1f3d2a4585cee2ebfda1e9849fdf5ce664b15998ed4ba278091725f4696f34bdfcdb300eb1f326a3c4b8a7e6af282d50eca62ad5e34e4f8ab34db12a69b085209ec05ea58b1465c47420f86f9bbff0abd7a7d7df7e9b36791c09f29f316704cd84d63cc2d50458dd55422ef66e6ce284f9a787967e02959493d637b87327f03bf71486cd0c136916f06eb983bc6e9dcffa3582df7d900400816c0159f5618dfb93cccd437f5e0c855e58b664c96119718a5cfd8d4ac431d662557a464f492f748e423e7829c4e3b331353016a2246c340913b09b1a81c9db095339bbd2e7ad90da9cf004fa852aaf83a0de94c2bd335e2204fdfef6bd995912b82fd76b232bde6925261155eda5ffbca7aef410c33edbc6332f268878807f864168fdd228437a1326b1f7fb13bbffa5a93ef781a35bb028820106b8dccaab4c9de37903b70d14f6b9da2a31d646b33b73f9d27ed019b62d231bb179b1724a8a8a0f6170e7148ed928a914b50984e396d7ce1ed07f2ff79f8e04b6253d341c649431a4234e839932c2084633b0f860b9f268d356784e8a7d4b1ddbf32b2379942916bb41f7079b0753adce1ab4a48d4cc10e932054fe14b41f992b3b8f868e9cb1a86986cff12b2e24a8235aa56f8bf0a589dc0b97bf014660a2a3cb07e13203e47c70b86e6db977b815fbe2985fd9b0f8b58da129af38c0befb9468d40bf305a85d7ca90379b0b3edb1da60ac42fcde35dc3e145e5496948fecdea7e1a347837a997189b8f4b9e0d9eefb63bc2ef53ed4617f6cf46420d809d704af695ca31975084632fc38c562ab0acf2993764ad2d832033a02b8eb5223ef7b5aa70b8f9c41a824a3bd2f38e3477891706c9d6ffc741eaf30cddd793022b1965067718e0abccc278e052d2cd2df8cc6a95be108d51c8ae0cc409f603f6da7eb94833bbbae7b1cc293eb98ed5acbe098e068ffa7aa9c88b27b4292df32ef232c59412db0873f503ffa252282eaf0d27e2f846cdbd0cbb806d67944fac2b5cb1635e049f362285e0d03fbd3a615dd3dbeb7241ed1a0bd7828df563e57eefa97938be698e145c242aaff2f1542f59e026af265696a5bbc1d16edb274f41db17afcaea282a552587c2b7743d2d2d8d30816a38ba4e48cc3913b95e5ecfddd9165098d2d973848688034670a954ebdd81ed199da18d043e809db03665a6ada5099f17cb2fc8902f2af9d2655e1221088354558f096b8373b35c8e7d288e56c127e0109f0dc23a15571f0c78437e09ff22abcaa0c57173749a44dcad9b555aed3d645a374073d96c8958e97c955962a1997d9c1eb36773f984d9ba2ad91c610668d5a4a52b38a21ba0e09a98fc17c07dbf3e825de34b498455e20bf2a2cb200efa6f7ab63a0d170027feb556a0277bccafbfed73e4103e5cafbb475428640e123a930d9eaadb30ac778ba1fd6e135bb8cc8a2483063e5a25455730ffd43d9529eb93dfa78f4062c042593d6eeeda328b5d4c5a20e2e735adc3477b3364529438b76c31e94cda8d8f93449a9f3af64b5f38d4791ed074820fdf6316e163355fda96c87a5a5cd1e889164b2de7d270e488c3afaadcfbfdabedf30c3fb8aec85a20d56ed270c481a32d0accf81ec9c69cf5b1dd1cd38f61af812d4dee53bb51ffa7706ca2606bf609c4f8fe74a03af27f0b992ffe919ceda05c8cbcf8150b4b7ba0984e270cd6ad2b8e7bcf148c1d6851d88f7fdb6e7c2affe30594ed77709019ec962444fa76c3f71547cdc25ec470f819db650439c6c85edfaf33c2bf4ca41e554b6808212e9ff7ef29d9f901e3fd11cd1bc9999d982485f8379f3fcb2b62414eea911e365f0fb14f2945f9822702eca250ce8c25754c4c1e41afc1d2bd9a058e3dc1ab5ebf190abb8d9387386ec5af6813a2de72d667e66411213afd85b8e6f4d87193e3ace5d1a7398e550735938f400145efd0f0018daa5b84275436134bfc378e99d207502233afab807ce5dc558ba140a78dbf0c4ddc41c42b57eda6a0b24549b0f54613e8378473bd97a7a62e8094890943ee70358961a834da46e89888aab1fb2d5a2c1ccb565e2156282d53fff4eede31775a21dfeb0a4c3c1b742a78b8a01fe931b7405603110d31f67a8f3c9761c50a6cea38925a247b5eb31f5e357d359c44ac9f35e73799b05818af45b7d3e786bc88a2987cc8e303d21e440379a3c06fc4d53b3f26d8d1373ce2ece0008c6def0282a893073234379c4e4811e711cb84c7328c4d741cf60561fa3867b54e2a34906efe76ba76d5e8af9d7dd8eafb2041894e06135ef0b31fa910e071b27efcf49921060a17fe698d2a45cabc7ad3e0ed7e1153c2cf0499f2152e689fa94891ae7cb93cfee67b2bdee4ce7a140cf7d329f3684c9be121db64654d3806d887be688169c922c79b9a5520cd0781c5480fe36614d6fa4bd58f90074b2b705c38548ef72a061a10d79616d01e824d296dc75fa3b31b872cabe3281603b76adb56d474ae4ae0386da4f164c882f521ffa839c1300175ae3090cfc4b651322af7657cc639324dfcc1a430aebba3934fde05fbf45d6ab430144bdd70213b6f1d93f97f2eebefd51f45bbc549a8ccfcd87725d16765c679bedad4f592fc0c4761ec4c16054b90916bfca7dfb55206188eb31d564b622f66ee9f936fd6cbadaf4af3b495bedaadd3ff4bfd307f4a0b522f5c439d3353a8d356345cf8ecb52c326c0d495f0663cb5e71037fc56cafb034f7dc6af4f06e95c4f78c7902634daa7ee227afd646005a4fb1ad025bd8e91e332dde491aa114663b705b56f0a28ab35c47830b37e0d468a18156d0fce4c61a9727a8ead22695484d39c9bc5712fcad730def6a14541eaf01f7c8f1d73a16bda369af2506c9bbc13218bde161890c6fb175b689b27dafa036ff10d9c5a90b9ee9bbd5a961a921654f185320c587d6e9f79244cde42c6bb88b941c1e98198b9565e8d534186860a32f2c2256c8f740225c386fd8eadbd34ffe0b19fe50", 0x1000}], 0x7, &(0x7f0000001b00)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r3, @ANYRES32, @ANYRESDEC, @ANYBLOB="1c40000000000000e028008002000000bda50ad64b0837cd5f8d9659e76eaa9a3d32135c97fda204beb1fa6d53cb12cff24e10f68378c289d6a769d903b50f9d0e2abf3eaf7cb5aed7152c13079fc5e00f9f08c1b8675b399aba12dbdd82061475515846535b3ce97fe27cccc1618b2a0408e941996db562d82a31a8691a825a95c895aa2cf41f2300739a20bdf867e2f27cf8b958f954412444770f26d4b80b", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r3, @ANYRES32=r5, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32=r8, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=r10, @ANYBLOB='\x00\x00\x00\x00'], 0xc0, 0x800}, 0x400448d0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r11, r12, 0x0) close_range(r1, r12, 0x0) 00:53:49 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = pkey_alloc(0x0, 0x4) munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000) pkey_mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000002, r0) pkey_mprotect(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x1000000, r0) pkey_mprotect(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x1, r0) [ 828.903902] loop6: detected capacity change from 0 to 264192 [ 828.935679] FAULT_INJECTION: forcing a failure. [ 828.935679] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 828.943947] CPU: 1 UID: 0 PID: 6732 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 828.943980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 828.943993] Call Trace: [ 828.944001] [ 828.944010] dump_stack_lvl+0xfa/0x120 [ 828.944042] should_fail_ex+0x4d7/0x5e0 [ 828.944083] _copy_from_user+0x30/0xd0 [ 828.944120] copy_msghdr_from_user+0x88/0x150 [ 828.944153] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 828.944181] ? __pfx__kstrtoull+0x10/0x10 [ 828.944208] ? kfree+0x2c5/0x5d0 [ 828.944240] ? __lock_acquire+0x451/0x2250 [ 828.944274] ___sys_recvmsg+0xbb/0x190 [ 828.944304] ? __pfx____sys_recvmsg+0x10/0x10 [ 828.944336] ? __pfx_perf_trace_lock+0x10/0x10 [ 828.944370] ? lock_acquire+0x15e/0x2d0 [ 828.944396] ? __might_fault+0xe0/0x190 [ 828.944419] ? find_held_lock+0x2b/0x80 [ 828.944453] ? __might_fault+0x138/0x190 [ 828.944486] do_recvmmsg+0x2c5/0x6f0 [ 828.944522] ? __pfx_do_recvmmsg+0x10/0x10 [ 828.944549] ? ksys_write+0x187/0x240 [ 828.944575] ? perf_trace_lock+0xbb/0x4f0 [ 828.944602] ? __lock_acquire+0x451/0x2250 [ 828.944633] ? srso_alias_untrain_ret+0x1/0x10 [ 828.944668] ? lock_acquire+0x15e/0x2d0 [ 828.944704] __x64_sys_recvmmsg+0x211/0x260 [ 828.944736] ? lock_release+0xc8/0x270 [ 828.944771] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 828.944801] ? __might_fault+0xe0/0x190 [ 828.944824] ? __might_fault+0x151/0x190 [ 828.944851] do_syscall_64+0xbf/0x420 [ 828.944878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.944900] RIP: 0033:0x7f4b915d8b19 [ 828.944918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 828.944939] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 828.944961] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 828.944976] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 828.944990] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 828.945003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 828.945017] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 828.945049] 00:53:49 executing program 7: mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ff9000/0x4000)=nil) madvise(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0xe) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) mlock2(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0xa) madvise(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0xd) [ 829.016933] FAULT_INJECTION: forcing a failure. [ 829.016933] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:53:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f00000003c0), 0x2, 0x0) tee(r0, r1, 0xfffffffffffffffd, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x101000, 0x102) r2 = perf_event_open(&(0x7f0000000480)={0x3, 0x80, 0x4, 0x81, 0x1f, 0xff, 0x0, 0x7, 0x601, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000440), 0xa}, 0x1029, 0x30, 0x9, 0x6, 0x5, 0x7ff, 0x89, 0x0, 0x5, 0x0, 0xb1}, 0x0, 0xd, 0xffffffffffffffff, 0x3) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000580), 0x280, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r4, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000005c0)={r2, 0x5515, 0x1, 0x9}) syz_genetlink_get_family_id$batadv(&(0x7f0000000540), r5) recvmmsg$unix(r3, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) r6 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180), 0x2, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r8, r9, 0x0) io_submit(0x0, 0x3, &(0x7f0000000500)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x1cf, r3, &(0x7f0000000000)="6afedb5afef19ddbd695ffc028e820704c43d7b26614911e3bbb2a1cbb18aee130a41f7a857c0f83a30473446f920de17cf822a69de1d0ab6f3bb56911d9d4df857656753a75cbafa0914f01836801c1a9d615caa247ec80a66e89f12b0155123c90bb230233d4adc47c0e63379a52285da2a85e1ef2ad538eb7dd473eb4f5af7baae48294197fc47df8ce5b8f7ff68524f70692126748e8a4", 0x99, 0x44d, 0x0, 0x0, r0}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x3, 0x4, r6, &(0x7f00000001c0)="530c5628346cd3371f43d741afedc55249a8e93607a9a95f2bd9e585d647278d085492378133f9ea3345c2d51e0f47c801d7f891a4eb843d7395e4b3c3982ec7a0a444046fa3373b43f8e876af7a9023756e1fc68ebaa1856ec67cf315e5b3cd8c93b713101e37813e3953bd39051cb2ba66cdd4a07efcad17098d691d9338e2d6cb4bba0885b82e3ea85c3e907a080a09c3c0ba680c188be187294ac1a1c68fa0f4fe1733637695c956a0", 0xab, 0x4, 0x0, 0x0, r7}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x6, 0xa986, r9, &(0x7f00000002c0)="4d06441088a094fd3054833d8ab8391cfecdc109eab683e55e9917075537f31a2c856c7733b46c2ce8896e796731e0f8830716bdb8f237422dc3d74cd4117ae2f861d009ca4baf4f63bbffcfaa2942393e787984ad9221892df829fc6c9ead1d29b9759f6fd27f5bd91608a6c253057b11118c71eb9f1098bf812320c9dba9027a7c31d46d70dedb7e42c4a4b8702571bfe704cfe7d4f216d021ac4165dfb089fa007c", 0xa3, 0x43, 0x0, 0x2}]) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 829.035984] CPU: 0 UID: 0 PID: 6730 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 829.036016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 829.036029] Call Trace: [ 829.036037] [ 829.036046] dump_stack_lvl+0xfa/0x120 [ 829.036079] should_fail_ex+0x4d7/0x5e0 [ 829.036119] _copy_from_user+0x30/0xd0 [ 829.036156] copy_msghdr_from_user+0x88/0x150 [ 829.036189] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 829.036222] ? kfree+0x2c5/0x5d0 [ 829.036255] ? ___sys_recvmsg+0xcd/0x190 [ 829.036289] ___sys_recvmsg+0xbb/0x190 [ 829.036326] ? __pfx____sys_recvmsg+0x10/0x10 [ 829.036358] ? __pfx_perf_trace_lock+0x10/0x10 [ 829.036393] ? lock_acquire+0x15e/0x2d0 [ 829.036419] ? __might_fault+0xe0/0x190 [ 829.036446] ? find_held_lock+0x2b/0x80 [ 829.036481] ? __might_fault+0x138/0x190 [ 829.036514] do_recvmmsg+0x2c5/0x6f0 [ 829.036550] ? __pfx_do_recvmmsg+0x10/0x10 [ 829.036577] ? ksys_write+0x187/0x240 [ 829.036598] ? lock_release+0xc8/0x270 [ 829.036631] ? __mutex_unlock_slowpath+0x157/0x740 [ 829.036653] ? kernel_write+0x593/0x660 [ 829.036683] ? __fget_files+0x20d/0x3b0 [ 829.036716] __x64_sys_recvmmsg+0x211/0x260 [ 829.036747] ? ksys_write+0x1a3/0x240 [ 829.036766] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 829.036796] ? irqentry_exit+0xee/0x650 [ 829.036816] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 829.036845] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 829.036881] do_syscall_64+0xbf/0x420 [ 829.036909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.036932] RIP: 0033:0x7f8ef3114b19 [ 829.036950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 829.036972] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 829.036995] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 829.037010] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 829.037023] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 829.037037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 829.037050] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 829.037082] 00:53:49 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf00000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:53:49 executing program 7: shmat(0xffffffffffffffff, &(0x7f0000ffd000/0x3000)=nil, 0x3000) 00:54:02 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 49) 00:54:02 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfcfdffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:02 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 33) 00:54:02 executing program 7: mremap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil) 00:54:02 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x1000000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:54:02 executing program 4: perf_event_open(&(0x7f0000000340)={0x5, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:54:02 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ff7000/0x2000)=nil) r0 = pkey_alloc(0x0, 0x4) pkey_mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000002, r0) pkey_mprotect(&(0x7f0000ff6000/0x2000)=nil, 0x2000, 0x1, r0) 00:54:02 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xb, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 842.215157] loop6: detected capacity change from 0 to 264192 [ 842.240649] FAULT_INJECTION: forcing a failure. [ 842.240649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 842.242588] CPU: 1 UID: 0 PID: 6769 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 842.242619] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 842.242633] Call Trace: [ 842.242642] [ 842.242652] dump_stack_lvl+0xfa/0x120 [ 842.242685] should_fail_ex+0x4d7/0x5e0 [ 842.242727] _copy_from_user+0x30/0xd0 [ 842.242774] copy_msghdr_from_user+0x88/0x150 [ 842.242809] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 842.242840] ? __pfx__kstrtoull+0x10/0x10 [ 842.242869] ? kfree+0x2c5/0x5d0 [ 842.242903] ? __lock_acquire+0x451/0x2250 [ 842.242940] ___sys_recvmsg+0xbb/0x190 [ 842.242972] ? __pfx____sys_recvmsg+0x10/0x10 00:54:02 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) syz_io_uring_setup(0x5d24, &(0x7f0000000080)={0x0, 0x9c1, 0x1, 0x3, 0x2cc}, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000100), &(0x7f0000000140)) mlock2(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x1) mbind(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x2, &(0x7f0000000000)=0x7f, 0x101, 0x0) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, &(0x7f0000000040)=0x1, 0x400, 0x0) madvise(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0xb) 00:54:02 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x8000000c}) memfd_secret(0x0) mremap(&(0x7f0000ff6000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mlock(&(0x7f0000ff7000/0x1000)=nil, 0x1000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r2, 0x0) fstatfs(r2, &(0x7f0000000100)=""/179) 00:54:02 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 50) [ 842.243006] ? __pfx_perf_trace_lock+0x10/0x10 [ 842.243043] ? lock_acquire+0x15e/0x2d0 [ 842.243070] ? __might_fault+0xe0/0x190 [ 842.243094] ? find_held_lock+0x2b/0x80 [ 842.243131] ? __might_fault+0x138/0x190 [ 842.243166] do_recvmmsg+0x2c5/0x6f0 [ 842.243205] ? __pfx_do_recvmmsg+0x10/0x10 [ 842.243234] ? ksys_write+0x187/0x240 00:54:02 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r1) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x4, 0xfc, 0x6, 0x1, 0x0, 0x33e9, 0x468, 0xb, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x2, 0x7fff, 0x3, 0x1, 0x5, 0x1, 0x8, 0x0, 0x8001, 0x0, 0xcf}, r0, 0x6, r1, 0x3) fdatasync(0xffffffffffffffff) [ 842.243256] ? lock_release+0xc8/0x270 [ 842.243291] ? __mutex_unlock_slowpath+0x157/0x740 [ 842.243314] ? kernel_write+0x593/0x660 [ 842.243358] ? __fget_files+0x20d/0x3b0 [ 842.243393] __x64_sys_recvmmsg+0x211/0x260 [ 842.243427] ? ksys_write+0x1a3/0x240 [ 842.243448] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 842.243481] ? irqentry_exit+0xee/0x650 [ 842.243502] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 842.243533] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 842.243572] do_syscall_64+0xbf/0x420 [ 842.243601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.243625] RIP: 0033:0x7f8ef3114b19 [ 842.243644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 842.243668] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b 00:54:02 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 34) [ 842.243691] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 842.243708] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 842.243722] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 842.243737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 842.243751] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 842.243786] [ 842.249460] FAULT_INJECTION: forcing a failure. [ 842.249460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 842.249497] CPU: 1 UID: 0 PID: 6773 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 842.249525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 842.249538] Call Trace: 00:54:02 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 842.249546] [ 842.249555] dump_stack_lvl+0xfa/0x120 [ 842.249582] should_fail_ex+0x4d7/0x5e0 [ 842.249622] _copy_from_user+0x30/0xd0 [ 842.249660] copy_msghdr_from_user+0x88/0x150 [ 842.249692] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 842.249722] ? __pfx__kstrtoull+0x10/0x10 [ 842.249759] ? kfree+0x2c5/0x5d0 [ 842.249793] ? __lock_acquire+0x451/0x2250 [ 842.249828] ___sys_recvmsg+0xbb/0x190 [ 842.249860] ? __pfx____sys_recvmsg+0x10/0x10 [ 842.249893] ? __pfx_perf_trace_lock+0x10/0x10 [ 842.249930] ? lock_acquire+0x15e/0x2d0 [ 842.249958] ? __might_fault+0xe0/0x190 [ 842.249981] ? find_held_lock+0x2b/0x80 [ 842.250017] ? __might_fault+0x138/0x190 [ 842.250052] do_recvmmsg+0x2c5/0x6f0 [ 842.250091] ? __pfx_do_recvmmsg+0x10/0x10 [ 842.250120] ? ksys_write+0x187/0x240 [ 842.250141] ? lock_release+0xc8/0x270 [ 842.250175] ? __mutex_unlock_slowpath+0x157/0x740 [ 842.250198] ? kernel_write+0x593/0x660 [ 842.250229] ? __fget_files+0x20d/0x3b0 [ 842.250264] __x64_sys_recvmmsg+0x211/0x260 [ 842.250297] ? ksys_write+0x1a3/0x240 [ 842.250318] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 842.250350] ? irqentry_exit+0xee/0x650 [ 842.250371] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 842.250400] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 842.250439] do_syscall_64+0xbf/0x420 [ 842.250467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.250490] RIP: 0033:0x7f4b915d8b19 [ 842.250508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 842.250531] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 842.250554] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 842.250570] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 842.250584] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 842.250599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 842.250613] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 842.250648] [ 842.494573] FAULT_INJECTION: forcing a failure. [ 842.494573] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 842.494619] CPU: 1 UID: 0 PID: 6788 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 842.494650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 842.494665] Call Trace: [ 842.494673] [ 842.494683] dump_stack_lvl+0xfa/0x120 [ 842.494717] should_fail_ex+0x4d7/0x5e0 [ 842.494769] _copy_from_user+0x30/0xd0 [ 842.494810] copy_msghdr_from_user+0x88/0x150 [ 842.494845] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 842.494876] ? __pfx__kstrtoull+0x10/0x10 [ 842.494906] ? kfree+0x2c5/0x5d0 [ 842.494940] ? __lock_acquire+0x451/0x2250 [ 842.494978] ___sys_recvmsg+0xbb/0x190 [ 842.495010] ? __pfx____sys_recvmsg+0x10/0x10 [ 842.495044] ? __pfx_perf_trace_lock+0x10/0x10 [ 842.495081] ? lock_acquire+0x15e/0x2d0 [ 842.495110] ? __might_fault+0xe0/0x190 [ 842.495133] ? find_held_lock+0x2b/0x80 [ 842.495171] ? __might_fault+0x138/0x190 [ 842.495206] do_recvmmsg+0x2c5/0x6f0 [ 842.495245] ? __pfx_do_recvmmsg+0x10/0x10 [ 842.495274] ? ksys_write+0x187/0x240 [ 842.495298] ? lock_release+0xc8/0x270 [ 842.495344] ? __mutex_unlock_slowpath+0x157/0x740 [ 842.495368] ? kernel_write+0x593/0x660 [ 842.495399] ? __fget_files+0x20d/0x3b0 [ 842.495436] __x64_sys_recvmmsg+0x211/0x260 [ 842.495470] ? ksys_write+0x1a3/0x240 [ 842.495492] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 842.495524] ? irqentry_exit+0xee/0x650 [ 842.495546] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 842.495577] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 842.495617] do_syscall_64+0xbf/0x420 [ 842.495645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.495671] RIP: 0033:0x7f8ef3114b19 [ 842.495690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 842.495713] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 842.495737] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 842.495754] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 842.495769] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 842.495783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 842.495798] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 842.495833] [ 842.503293] FAULT_INJECTION: forcing a failure. [ 842.503293] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:54:03 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mremap(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) [ 842.583304] CPU: 1 UID: 0 PID: 6783 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 842.583352] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 842.583367] Call Trace: [ 842.583375] [ 842.583384] dump_stack_lvl+0xfa/0x120 [ 842.583427] should_fail_ex+0x4d7/0x5e0 [ 842.583471] _copy_from_user+0x30/0xd0 [ 842.583513] copy_msghdr_from_user+0x88/0x150 [ 842.583548] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 842.583578] ? __pfx__kstrtoull+0x10/0x10 [ 842.583608] ? kfree+0x2c5/0x5d0 [ 842.583643] ? __lock_acquire+0x451/0x2250 [ 842.583681] ___sys_recvmsg+0xbb/0x190 [ 842.583713] ? __pfx____sys_recvmsg+0x10/0x10 [ 842.583747] ? __pfx_perf_trace_lock+0x10/0x10 [ 842.583793] ? lock_acquire+0x15e/0x2d0 [ 842.583821] ? __might_fault+0xe0/0x190 [ 842.583846] ? find_held_lock+0x2b/0x80 [ 842.583882] ? __might_fault+0x138/0x190 [ 842.583919] do_recvmmsg+0x2c5/0x6f0 [ 842.583958] ? __pfx_do_recvmmsg+0x10/0x10 [ 842.583987] ? ksys_write+0x187/0x240 [ 842.584010] ? lock_release+0xc8/0x270 [ 842.584044] ? __mutex_unlock_slowpath+0x157/0x740 [ 842.584067] ? kernel_write+0x593/0x660 [ 842.584100] ? __fget_files+0x20d/0x3b0 [ 842.584136] __x64_sys_recvmmsg+0x211/0x260 [ 842.584170] ? ksys_write+0x1a3/0x240 [ 842.584192] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 842.584224] ? irqentry_exit+0xee/0x650 [ 842.584246] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 842.584277] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 842.584317] do_syscall_64+0xbf/0x420 [ 842.584347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.584372] RIP: 0033:0x7f4b915d8b19 [ 842.584391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 842.584415] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 842.584440] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 842.584456] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 842.584471] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 842.584486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 842.584500] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 842.584535] 00:54:15 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 51) 00:54:15 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 35) 00:54:15 executing program 7: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000440)={0x3, 0x1, 0x4, 0x0, 0x22, &(0x7f0000000040)}) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000, 0x4, &(0x7f0000ff7000/0x2000)=nil) r1 = signalfd4(r0, &(0x7f0000000480)={[0x64]}, 0x8, 0x80000) r2 = openat$cgroup_ro(r1, &(0x7f00000004c0)='blkio.bfq.time_recursive\x00', 0x0, 0x0) ioctl$TIOCSERGETLSR(r2, 0x5459, &(0x7f0000000500)) 00:54:15 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:54:15 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x18, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:54:15 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000000)={0xffff, {0x20, 0x3ff, 0xfffffffffffffffa, 0x1, 0x20}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200001, 0xa7) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f0000000080)={{0x1, 0x0, 0xfffffffe, 0x1}, 0x59d8, 0xfff}) 00:54:15 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfefdffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:15 executing program 2: mremap(&(0x7f000085d000/0x2000)=nil, 0x2000, 0x1000, 0x6, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f00003ff000/0xc00000)=nil, 0xc00000, 0x10) mlock(&(0x7f0000aeb000/0x3000)=nil, 0x3000) [ 855.228632] loop6: detected capacity change from 0 to 264192 [ 855.249313] FAULT_INJECTION: forcing a failure. [ 855.249313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 855.251038] CPU: 1 UID: 0 PID: 6810 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 855.251067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 855.251080] Call Trace: [ 855.251088] [ 855.251097] dump_stack_lvl+0xfa/0x120 [ 855.251128] should_fail_ex+0x4d7/0x5e0 [ 855.251168] _copy_from_user+0x30/0xd0 [ 855.251204] copy_msghdr_from_user+0x88/0x150 [ 855.251236] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 855.251264] ? __pfx__kstrtoull+0x10/0x10 [ 855.251291] ? kfree+0x2c5/0x5d0 [ 855.251324] ? __lock_acquire+0x451/0x2250 [ 855.251358] ___sys_recvmsg+0xbb/0x190 [ 855.251388] ? __pfx____sys_recvmsg+0x10/0x10 [ 855.251420] ? __pfx_perf_trace_lock+0x10/0x10 [ 855.251454] ? lock_acquire+0x15e/0x2d0 [ 855.251493] ? __might_fault+0xe0/0x190 [ 855.251516] ? find_held_lock+0x2b/0x80 [ 855.251550] ? __might_fault+0x138/0x190 [ 855.251583] do_recvmmsg+0x2c5/0x6f0 [ 855.251619] ? __pfx_do_recvmmsg+0x10/0x10 [ 855.251645] ? ksys_write+0x187/0x240 [ 855.251667] ? lock_release+0xc8/0x270 [ 855.251699] ? __mutex_unlock_slowpath+0x157/0x740 [ 855.251720] ? kernel_write+0x593/0x660 [ 855.251750] ? __fget_files+0x20d/0x3b0 [ 855.251790] __x64_sys_recvmmsg+0x211/0x260 [ 855.251822] ? ksys_write+0x1a3/0x240 [ 855.251842] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 855.251872] ? irqentry_exit+0xee/0x650 [ 855.251892] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 855.251920] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 855.251957] do_syscall_64+0xbf/0x420 [ 855.251985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.252008] RIP: 0033:0x7f8ef3114b19 [ 855.252025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 855.252047] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 855.252069] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 855.252084] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 855.252098] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 855.252111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 855.252124] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 855.252156] [ 855.292309] FAULT_INJECTION: forcing a failure. [ 855.292309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 855.295985] CPU: 1 UID: 0 PID: 6817 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 855.296017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 855.296030] Call Trace: [ 855.296037] [ 855.296046] dump_stack_lvl+0xfa/0x120 [ 855.296075] should_fail_ex+0x4d7/0x5e0 [ 855.296115] _copy_from_user+0x30/0xd0 [ 855.296151] copy_msghdr_from_user+0x88/0x150 [ 855.296182] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 855.296210] ? __pfx__kstrtoull+0x10/0x10 [ 855.296237] ? kfree+0x2c5/0x5d0 [ 855.296268] ? __lock_acquire+0x451/0x2250 [ 855.296302] ___sys_recvmsg+0xbb/0x190 [ 855.296332] ? __pfx____sys_recvmsg+0x10/0x10 [ 855.296363] ? __pfx_perf_trace_lock+0x10/0x10 [ 855.296398] ? lock_acquire+0x15e/0x2d0 [ 855.296424] ? __might_fault+0xe0/0x190 [ 855.296446] ? find_held_lock+0x2b/0x80 [ 855.296480] ? __might_fault+0x138/0x190 [ 855.296513] do_recvmmsg+0x2c5/0x6f0 [ 855.296549] ? __pfx_do_recvmmsg+0x10/0x10 [ 855.296576] ? ksys_write+0x187/0x240 [ 855.296596] ? lock_release+0xc8/0x270 [ 855.296628] ? __mutex_unlock_slowpath+0x157/0x740 [ 855.296650] ? kernel_write+0x593/0x660 [ 855.296680] ? __fget_files+0x20d/0x3b0 [ 855.296712] __x64_sys_recvmmsg+0x211/0x260 [ 855.296744] ? ksys_write+0x1a3/0x240 [ 855.296771] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 855.296801] ? irqentry_exit+0xee/0x650 [ 855.296821] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 855.296849] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 855.296886] do_syscall_64+0xbf/0x420 [ 855.296913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.296936] RIP: 0033:0x7f4b915d8b19 [ 855.296954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 855.296975] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 855.296997] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 855.297012] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 855.297026] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 855.297039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 855.297053] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 855.297085] 00:54:15 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x2, &(0x7f0000ff7000/0x4000)=nil) mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) 00:54:15 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) pkey_mprotect(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x8, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x2000004, 0xffffffffffffffff) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x64) 00:54:15 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4000000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:54:15 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffdef, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:15 executing program 7: sendto$inet(0xffffffffffffffff, &(0x7f0000000000)="66c7c260d93d5ac0aebc79e90ceddbb3ce46ad694ffa4664809b1ffb41411d59e8e6e2bac94337295c4c4e48d1aeacace26148d187d666b005e20ef02e5ebe5a64c6fd7e2c273b686707e4256fb88741289df96ab5f52d11bb8172e7e4d515d071bbe453eea6ee74f6e34008948bf390fb8415261b243719f977b77dacf872fc15a2f9ab20cc88d6d30d405546c4e1452694a437ae933e2ab150a7455be299e92fe3f8f7483822f14b6146dc6a3f252aa7c2ad6e85172cac24ec23243b45fcae23181a6904b00aa90b112341747fb4d755abf1170399272d58cbb98a9eb65e11c9b97146042652a8b6b1bb3494d19b", 0xef, 0x807, &(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10) mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000140)=0x3b, 0x7b64f7bc, 0x6) madvise(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x11) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'ip_vti0\x00', &(0x7f00000001c0)={'tunl0\x00', 0x0, 0x8, 0x700, 0x100, 0x200, {{0x9, 0x4, 0x3, 0x28, 0x24, 0x67, 0x0, 0xfa, 0x4, 0x0, @loopback, @private=0xa010100, {[@generic={0x0, 0x10, "e256a91eb1a37d463ceb7a7d980f"}]}}}}}) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 00:54:15 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) ioctl$CDROMREADAUDIO(0xffffffffffffffff, 0x530e, &(0x7f0000000040)={@lba=0x1, 0x1, 0x28, &(0x7f0000000000)=""/40}) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000080)={0x9, {0x9, 0x46, 0xffffffffffffff5e, 0x3}}) fdatasync(0xffffffffffffffff) 00:54:25 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 52) 00:54:25 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 36) 00:54:25 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4100000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:54:25 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1c, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:54:25 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffdfc, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:25 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:54:25 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x400c3, 0xac8, 0x10000000}, 0x0, 0x1, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f0000000080), &(0x7f00000000c0)=0x8) fdatasync(0xffffffffffffffff) 00:54:25 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xc) fdatasync(r0) syz_io_uring_setup(0xa65, &(0x7f0000000000)={0x0, 0x2018, 0x20, 0x3, 0x37b, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x65) [ 864.863953] FAULT_INJECTION: forcing a failure. [ 864.863953] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 864.866618] FAULT_INJECTION: forcing a failure. [ 864.866618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 864.867546] CPU: 1 UID: 0 PID: 6847 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 864.867561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 864.867581] Call Trace: [ 864.867586] [ 864.867591] dump_stack_lvl+0xfa/0x120 [ 864.867612] should_fail_ex+0x4d7/0x5e0 [ 864.867635] _copy_from_user+0x30/0xd0 [ 864.867656] copy_msghdr_from_user+0x88/0x150 [ 864.867674] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 864.867689] ? __pfx__kstrtoull+0x10/0x10 [ 864.867705] ? kfree+0x2c5/0x5d0 [ 864.867724] ? __lock_acquire+0x451/0x2250 [ 864.867744] ___sys_recvmsg+0xbb/0x190 [ 864.867760] ? __pfx____sys_recvmsg+0x10/0x10 [ 864.867777] ? __pfx_perf_trace_lock+0x10/0x10 [ 864.867796] ? lock_acquire+0x15e/0x2d0 [ 864.867810] ? __might_fault+0xe0/0x190 [ 864.867823] ? find_held_lock+0x2b/0x80 [ 864.867842] ? __might_fault+0x138/0x190 [ 864.867860] do_recvmmsg+0x2c5/0x6f0 [ 864.867880] ? __pfx_do_recvmmsg+0x10/0x10 [ 864.867894] ? ksys_write+0x187/0x240 [ 864.867908] ? lock_release+0xc8/0x270 [ 864.867925] ? __mutex_unlock_slowpath+0x157/0x740 [ 864.867937] ? kernel_write+0x593/0x660 [ 864.867953] ? __fget_files+0x20d/0x3b0 [ 864.867972] __x64_sys_recvmmsg+0x211/0x260 [ 864.867990] ? ksys_write+0x1a3/0x240 [ 864.868001] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 864.868017] ? irqentry_exit+0xee/0x650 [ 864.868028] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 864.868044] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 864.868064] do_syscall_64+0xbf/0x420 [ 864.868079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.868092] RIP: 0033:0x7f8ef3114b19 [ 864.868102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 864.868115] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 864.868127] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 864.868136] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 864.868143] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 864.868150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 864.868157] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 864.868175] [ 864.886816] CPU: 1 UID: 0 PID: 6848 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 864.886832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 864.886839] Call Trace: [ 864.886843] [ 864.886848] dump_stack_lvl+0xfa/0x120 [ 864.886865] should_fail_ex+0x4d7/0x5e0 [ 864.886888] _copy_from_user+0x30/0xd0 [ 864.886907] copy_msghdr_from_user+0x88/0x150 [ 864.886926] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 864.886942] ? __pfx__kstrtoull+0x10/0x10 [ 864.886957] ? kfree+0x2c5/0x5d0 [ 864.886973] ? __lock_acquire+0x451/0x2250 [ 864.886992] ___sys_recvmsg+0xbb/0x190 [ 864.887008] ? __pfx____sys_recvmsg+0x10/0x10 [ 864.887025] ? __pfx_perf_trace_lock+0x10/0x10 [ 864.887043] ? lock_acquire+0x15e/0x2d0 [ 864.887058] ? __might_fault+0xe0/0x190 [ 864.887070] ? find_held_lock+0x2b/0x80 [ 864.887089] ? __might_fault+0x138/0x190 [ 864.887107] do_recvmmsg+0x2c5/0x6f0 [ 864.887126] ? __pfx_do_recvmmsg+0x10/0x10 [ 864.887140] ? ksys_write+0x187/0x240 [ 864.887152] ? lock_release+0xc8/0x270 [ 864.887169] ? __mutex_unlock_slowpath+0x157/0x740 [ 864.887181] ? kernel_write+0x593/0x660 [ 864.887197] ? __fget_files+0x20d/0x3b0 [ 864.887215] __x64_sys_recvmmsg+0x211/0x260 [ 864.887233] ? ksys_write+0x1a3/0x240 [ 864.887244] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 864.887261] ? irqentry_exit+0xee/0x650 [ 864.887272] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 864.887287] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 864.887308] do_syscall_64+0xbf/0x420 [ 864.887323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.887336] RIP: 0033:0x7f4b915d8b19 [ 864.887346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 864.887357] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 864.887370] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 864.887378] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 864.887386] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 864.887393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 864.887401] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 864.887418] [ 864.936665] loop6: detected capacity change from 0 to 264192 00:54:25 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 53) 00:54:25 executing program 7: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x9224]}, 0x8) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4000, &(0x7f0000000040)=0x9, 0x1f, 0x2) 00:54:25 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 37) 00:54:25 executing program 2: r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7fff) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000180)=0x1) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='hugetlb.1GB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f0000000140)) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f00000002c0)=0x4) write$cgroup_int(r1, &(0x7f0000000300), 0x12) r2 = syz_io_uring_setup(0x610, &(0x7f0000000000)={0x0, 0xb909, 0x0, 0x2, 0x38f}, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) syz_io_uring_setup(0x7359, &(0x7f00000001c0)={0x0, 0xa18, 0x4, 0x2, 0x262, 0x0, r2}, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) 00:54:25 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffdfe, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 865.099694] FAULT_INJECTION: forcing a failure. [ 865.099694] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 865.099983] FAULT_INJECTION: forcing a failure. [ 865.099983] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 865.100716] CPU: 1 UID: 0 PID: 6870 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 865.100733] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 865.100742] Call Trace: [ 865.100752] [ 865.100757] dump_stack_lvl+0xfa/0x120 [ 865.100782] should_fail_ex+0x4d7/0x5e0 [ 865.100810] _copy_from_user+0x30/0xd0 [ 865.100832] copy_msghdr_from_user+0x88/0x150 [ 865.100851] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 865.100867] ? __pfx__kstrtoull+0x10/0x10 [ 865.100883] ? kfree+0x2c5/0x5d0 [ 865.100901] ? __lock_acquire+0x451/0x2250 [ 865.100921] ___sys_recvmsg+0xbb/0x190 [ 865.100938] ? __pfx____sys_recvmsg+0x10/0x10 [ 865.100955] ? __pfx_perf_trace_lock+0x10/0x10 [ 865.100974] ? lock_acquire+0x15e/0x2d0 00:54:25 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) fchmodat(r0, &(0x7f0000000000)='./file0\x00', 0x28) [ 865.100988] ? __might_fault+0xe0/0x190 [ 865.101001] ? find_held_lock+0x2b/0x80 [ 865.101020] ? __might_fault+0x138/0x190 [ 865.101038] do_recvmmsg+0x2c5/0x6f0 [ 865.101058] ? __pfx_do_recvmmsg+0x10/0x10 [ 865.101073] ? ksys_write+0x187/0x240 [ 865.101087] ? perf_trace_lock+0xbb/0x4f0 [ 865.101102] ? __lock_acquire+0x451/0x2250 [ 865.101119] ? srso_alias_untrain_ret+0x1/0x10 [ 865.101139] ? lock_acquire+0x15e/0x2d0 [ 865.101156] __x64_sys_recvmmsg+0x211/0x260 [ 865.101175] ? lock_release+0xc8/0x270 [ 865.101189] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 865.101205] ? __might_fault+0xe0/0x190 [ 865.101217] ? __might_fault+0x151/0x190 [ 865.101232] do_syscall_64+0xbf/0x420 [ 865.101247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.101260] RIP: 0033:0x7f8ef3114b19 [ 865.101270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 865.101282] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 865.101296] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 865.101304] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 865.101311] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 865.101318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 865.101325] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 865.101343] [ 865.165408] CPU: 0 UID: 0 PID: 6864 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 00:54:25 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xeffdffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:54:25 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 38) [ 865.165442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 865.165455] Call Trace: [ 865.165463] [ 865.165471] dump_stack_lvl+0xfa/0x120 [ 865.165503] should_fail_ex+0x4d7/0x5e0 [ 865.165543] _copy_from_user+0x30/0xd0 [ 865.165580] copy_msghdr_from_user+0x88/0x150 [ 865.165612] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 865.165640] ? __pfx__kstrtoull+0x10/0x10 [ 865.165667] ? kfree+0x2c5/0x5d0 [ 865.165700] ? __lock_acquire+0x451/0x2250 [ 865.165735] ___sys_recvmsg+0xbb/0x190 [ 865.165773] ? __pfx____sys_recvmsg+0x10/0x10 [ 865.165805] ? __pfx_perf_trace_lock+0x10/0x10 [ 865.165840] ? lock_acquire+0x15e/0x2d0 [ 865.165866] ? __might_fault+0xe0/0x190 [ 865.165888] ? find_held_lock+0x2b/0x80 [ 865.165923] ? __might_fault+0x138/0x190 [ 865.165956] do_recvmmsg+0x2c5/0x6f0 [ 865.165992] ? __pfx_do_recvmmsg+0x10/0x10 [ 865.166019] ? ksys_write+0x187/0x240 [ 865.166044] ? perf_trace_lock+0xbb/0x4f0 [ 865.166071] ? __lock_acquire+0x451/0x2250 [ 865.166103] ? srso_alias_untrain_ret+0x1/0x10 [ 865.166137] ? lock_acquire+0x15e/0x2d0 [ 865.166170] __x64_sys_recvmmsg+0x211/0x260 [ 865.166201] ? lock_release+0xc8/0x270 [ 865.166227] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 865.166257] ? __might_fault+0xe0/0x190 [ 865.166280] ? __might_fault+0x151/0x190 [ 865.166308] do_syscall_64+0xbf/0x420 [ 865.166335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.166357] RIP: 0033:0x7f4b915d8b19 [ 865.166376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 865.166396] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 865.166418] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 865.166433] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 865.166446] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 865.166460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 865.166472] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 865.166504] 00:54:25 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x4, &(0x7f0000ff8000/0x4000)=nil) [ 865.275061] FAULT_INJECTION: forcing a failure. [ 865.275061] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 865.299868] CPU: 1 UID: 0 PID: 6877 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 865.299892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 865.299900] Call Trace: [ 865.299905] [ 865.299911] dump_stack_lvl+0xfa/0x120 [ 865.299936] should_fail_ex+0x4d7/0x5e0 [ 865.299962] should_fail_alloc_page+0xe0/0x110 [ 865.299979] prepare_alloc_pages+0x1eb/0x550 [ 865.299999] __alloc_frozen_pages_noprof+0x186/0x25b0 [ 865.300017] ? unwind_get_return_address+0x59/0xa0 [ 865.300037] ? perf_trace_lock+0xbb/0x4f0 [ 865.300054] ? __lock_acquire+0x451/0x2250 [ 865.300073] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 865.300089] ? perf_trace_lock+0xbb/0x4f0 [ 865.300104] ? __lock_acquire+0x451/0x2250 [ 865.300121] ? __pfx_perf_trace_lock+0x10/0x10 [ 865.300140] ? lock_acquire+0x15e/0x2d0 [ 865.300155] ? __is_insn_slot_addr+0x2e/0x290 [ 865.300170] ? find_held_lock+0x2b/0x80 [ 865.300189] ? look_up_lock_class+0x56/0x130 [ 865.300212] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 865.300232] ? policy_nodemask+0xeb/0x4e0 [ 865.300252] alloc_pages_mpol+0xed/0x340 [ 865.300270] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 865.300288] ? __pfx_perf_trace_lock+0x10/0x10 [ 865.300304] ? get_vma_policy+0x23b/0x350 [ 865.300324] vma_alloc_folio_noprof+0xe9/0x440 [ 865.300343] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 865.300362] ? lock_release+0xc8/0x270 [ 865.300381] do_wp_page+0x1386/0x2fe0 [ 865.300403] ? __pfx_do_wp_page+0x10/0x10 [ 865.300418] ? do_raw_spin_lock+0x123/0x260 [ 865.300437] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 865.300459] __handle_mm_fault+0xd9e/0x2fa0 [ 865.300475] ? mt_find+0x744/0x9b0 [ 865.300488] ? __pfx_mt_find+0x10/0x10 [ 865.300501] ? __pfx___handle_mm_fault+0x10/0x10 [ 865.300526] ? find_vma+0xbf/0x140 [ 865.300539] ? __pfx_find_vma+0x10/0x10 [ 865.300554] handle_mm_fault+0x2d8/0x750 [ 865.300570] ? access_error+0x17d/0x380 [ 865.300585] ? lock_mm_and_find_vma+0xae/0x1380 [ 865.300607] do_user_addr_fault+0x3cc/0x12b0 [ 865.300629] exc_page_fault+0xb0/0x180 [ 865.300649] asm_exc_page_fault+0x26/0x30 [ 865.300662] RIP: 0010:__put_user_nocheck_4+0x3/0x10 [ 865.300676] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca e9 37 70 03 00 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca e9 11 70 03 00 90 90 90 90 90 90 90 90 90 90 [ 865.300688] RSP: 0018:ffff88804a3dfa00 EFLAGS: 00050202 [ 865.300700] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020002030 [ 865.300708] RDX: 0000000000040000 RSI: ffffffff83cc816b RDI: 0000000000000005 [ 865.300715] RBP: ffff88804a3dfda0 R08: 0000000000000001 R09: ffffed100947bed4 [ 865.300723] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 865.300730] R13: 0000000020002030 R14: 0000000000000000 R15: 0000000000000000 [ 865.300743] ? ____sys_recvmsg+0x2eb/0x670 [ 865.300772] ____sys_recvmsg+0x2f6/0x670 [ 865.300795] ? __pfx_____sys_recvmsg+0x10/0x10 [ 865.300816] ? copy_msghdr_from_user+0xfb/0x150 [ 865.300832] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 865.300847] ? __pfx__kstrtoull+0x10/0x10 [ 865.300867] ? __lock_acquire+0x451/0x2250 [ 865.300885] ___sys_recvmsg+0xf1/0x190 [ 865.300901] ? __pfx____sys_recvmsg+0x10/0x10 [ 865.300923] ? lock_acquire+0x15e/0x2d0 [ 865.300937] ? __might_fault+0xe0/0x190 [ 865.300949] ? find_held_lock+0x2b/0x80 [ 865.300967] ? __might_fault+0x138/0x190 [ 865.300986] do_recvmmsg+0x2c5/0x6f0 [ 865.301006] ? __pfx_do_recvmmsg+0x10/0x10 [ 865.301020] ? ksys_write+0x187/0x240 [ 865.301034] ? lock_release+0xc8/0x270 [ 865.301051] ? __mutex_unlock_slowpath+0x157/0x740 [ 865.301063] ? kernel_write+0x593/0x660 [ 865.301080] ? __fget_files+0x20d/0x3b0 [ 865.301099] __x64_sys_recvmmsg+0x211/0x260 [ 865.301117] ? ksys_write+0x1a3/0x240 [ 865.301128] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 865.301145] ? irqentry_exit+0xee/0x650 [ 865.301155] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 865.301171] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 865.301191] do_syscall_64+0xbf/0x420 [ 865.301206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.301218] RIP: 0033:0x7f8ef3114b19 [ 865.301227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 865.301239] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 865.301250] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 865.301258] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 865.301265] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 865.301272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 865.301279] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 865.301297] 00:54:36 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 39) 00:54:36 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x800) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:54:36 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffe00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:36 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x64, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:54:36 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfcfdffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:54:36 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 54) 00:54:36 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff8000/0x4000)=nil) 00:54:36 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) shmget(0x2, 0x13000, 0x1, &(0x7f0000fed000/0x13000)=nil) mbind(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000000)=0x81, 0xfffffffffffffff9, 0x5) madvise(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x13) mlock(&(0x7f0000ff8000/0x1000)=nil, 0x1000) r0 = gettid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages(r0, 0x5, &(0x7f0000000180)=[&(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff6000/0x1000)=nil], &(0x7f00000001c0)=[0x7, 0x5, 0x3], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4) sched_getaffinity(r0, 0x8, &(0x7f0000000240)) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) msync(&(0x7f0000ff3000/0x3000)=nil, 0x3000, 0x3) fdatasync(r1) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000fef000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/90, 0x5a, 0x0, &(0x7f00000000c0)=""/39, 0x27}, &(0x7f0000000140)=0x40) shmget$private(0x0, 0x2000, 0x4, &(0x7f0000ffa000/0x2000)=nil) [ 875.789949] loop6: detected capacity change from 0 to 264192 [ 875.814840] FAULT_INJECTION: forcing a failure. [ 875.814840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 875.821879] CPU: 0 UID: 0 PID: 6903 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 875.821896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 875.821905] Call Trace: [ 875.821909] [ 875.821914] dump_stack_lvl+0xfa/0x120 [ 875.821935] should_fail_ex+0x4d7/0x5e0 [ 875.821959] _copy_from_user+0x30/0xd0 [ 875.821980] copy_msghdr_from_user+0x88/0x150 [ 875.821999] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 875.822017] ? __pfx__kstrtoull+0x10/0x10 [ 875.822034] ? kfree+0x2c5/0x5d0 [ 875.822053] ? __lock_acquire+0x451/0x2250 [ 875.822073] ___sys_recvmsg+0xbb/0x190 [ 875.822089] ? __pfx____sys_recvmsg+0x10/0x10 [ 875.822107] ? __pfx_perf_trace_lock+0x10/0x10 [ 875.822127] ? lock_acquire+0x15e/0x2d0 [ 875.822141] ? __might_fault+0xe0/0x190 [ 875.822154] ? find_held_lock+0x2b/0x80 [ 875.822173] ? __might_fault+0x138/0x190 [ 875.822191] do_recvmmsg+0x2c5/0x6f0 [ 875.822211] ? __pfx_do_recvmmsg+0x10/0x10 [ 875.822226] ? ksys_write+0x187/0x240 [ 875.822240] ? perf_trace_lock+0xbb/0x4f0 [ 875.822255] ? __lock_acquire+0x451/0x2250 [ 875.822273] ? srso_alias_untrain_ret+0x1/0x10 [ 875.822292] ? lock_acquire+0x15e/0x2d0 [ 875.822310] __x64_sys_recvmmsg+0x211/0x260 [ 875.822327] ? lock_release+0xc8/0x270 [ 875.822342] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 875.822359] ? __might_fault+0xe0/0x190 [ 875.822371] ? __might_fault+0x151/0x190 [ 875.822386] do_syscall_64+0xbf/0x420 [ 875.822402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.822414] RIP: 0033:0x7f8ef3114b19 [ 875.822425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 875.822437] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 875.822450] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 875.822458] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 875.822465] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 875.822473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 875.822479] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 875.822497] [ 875.846614] FAULT_INJECTION: forcing a failure. [ 875.846614] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 875.856911] CPU: 0 UID: 0 PID: 6901 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 875.856928] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 875.856935] Call Trace: [ 875.856939] [ 875.856943] dump_stack_lvl+0xfa/0x120 [ 875.856960] should_fail_ex+0x4d7/0x5e0 [ 875.856982] _copy_from_user+0x30/0xd0 [ 875.857001] copy_msghdr_from_user+0x88/0x150 [ 875.857022] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 875.857038] ? __pfx__kstrtoull+0x10/0x10 [ 875.857053] ? kfree+0x2c5/0x5d0 [ 875.857070] ? __lock_acquire+0x451/0x2250 [ 875.857089] ___sys_recvmsg+0xbb/0x190 [ 875.857104] ? __pfx____sys_recvmsg+0x10/0x10 [ 875.857121] ? __pfx_perf_trace_lock+0x10/0x10 [ 875.857140] ? lock_acquire+0x15e/0x2d0 [ 875.857154] ? __might_fault+0xe0/0x190 [ 875.857166] ? find_held_lock+0x2b/0x80 [ 875.857185] ? __might_fault+0x138/0x190 [ 875.857203] do_recvmmsg+0x2c5/0x6f0 [ 875.857222] ? __pfx_do_recvmmsg+0x10/0x10 [ 875.857237] ? ksys_write+0x187/0x240 [ 875.857248] ? lock_release+0xc8/0x270 [ 875.857265] ? __mutex_unlock_slowpath+0x157/0x740 [ 875.857278] ? kernel_write+0x593/0x660 [ 875.857294] ? __fget_files+0x20d/0x3b0 [ 875.857313] __x64_sys_recvmmsg+0x211/0x260 [ 875.857330] ? ksys_write+0x1a3/0x240 [ 875.857341] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 875.857357] ? irqentry_exit+0xee/0x650 [ 875.857368] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 875.857385] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 875.857405] do_syscall_64+0xbf/0x420 [ 875.857419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 875.857431] RIP: 0033:0x7f4b915d8b19 [ 875.857441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 875.857453] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 875.857465] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 875.857473] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 875.857480] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 875.857488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 875.857495] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 875.857512] 00:54:36 executing program 7: keyctl$join(0x1, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) keyctl$join(0x1, &(0x7f00000000c0)={'syz', 0x2}) r0 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000004, r0) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x0}) keyctl$join(0x1, &(0x7f0000000080)={'syz', 0x2}) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) 00:54:36 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x2, &(0x7f0000ff7000/0x4000)=nil) 00:54:36 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfefdffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:54:36 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 55) 00:54:36 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x7ffffffff000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:36 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 40) 00:54:36 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 876.048172] FAULT_INJECTION: forcing a failure. [ 876.048172] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 876.049304] CPU: 0 UID: 0 PID: 6919 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 876.049325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 876.049333] Call Trace: [ 876.049337] [ 876.049342] dump_stack_lvl+0xfa/0x120 [ 876.049364] should_fail_ex+0x4d7/0x5e0 [ 876.049388] _copy_from_user+0x30/0xd0 [ 876.049409] copy_msghdr_from_user+0x88/0x150 [ 876.049427] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 876.049443] ? __pfx__kstrtoull+0x10/0x10 [ 876.049458] ? kfree+0x2c5/0x5d0 [ 876.049476] ? __lock_acquire+0x451/0x2250 [ 876.049496] ___sys_recvmsg+0xbb/0x190 [ 876.049512] ? __pfx____sys_recvmsg+0x10/0x10 [ 876.049529] ? __pfx_perf_trace_lock+0x10/0x10 [ 876.049548] ? lock_acquire+0x15e/0x2d0 [ 876.049562] ? __might_fault+0xe0/0x190 [ 876.049574] ? find_held_lock+0x2b/0x80 [ 876.049593] ? __might_fault+0x138/0x190 [ 876.049611] do_recvmmsg+0x2c5/0x6f0 [ 876.049631] ? __pfx_do_recvmmsg+0x10/0x10 [ 876.049645] ? ksys_write+0x187/0x240 [ 876.049658] ? lock_release+0xc8/0x270 [ 876.049675] ? __mutex_unlock_slowpath+0x157/0x740 [ 876.049687] ? kernel_write+0x593/0x660 [ 876.049704] ? __fget_files+0x20d/0x3b0 [ 876.049722] __x64_sys_recvmmsg+0x211/0x260 [ 876.049740] ? ksys_write+0x1a3/0x240 [ 876.049755] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 876.049771] ? irqentry_exit+0xee/0x650 [ 876.049782] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 876.049798] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 876.049818] do_syscall_64+0xbf/0x420 [ 876.049833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.049846] RIP: 0033:0x7f8ef3114b19 [ 876.049856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 876.049868] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 876.049881] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 876.049889] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 876.049896] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 876.049904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 876.049911] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 876.049928] [ 876.090806] FAULT_INJECTION: forcing a failure. [ 876.090806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 876.091951] CPU: 0 UID: 0 PID: 6918 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 876.091968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 876.091975] Call Trace: [ 876.091979] [ 876.091984] dump_stack_lvl+0xfa/0x120 [ 876.092001] should_fail_ex+0x4d7/0x5e0 [ 876.092023] _copy_from_user+0x30/0xd0 [ 876.092043] copy_msghdr_from_user+0x88/0x150 [ 876.092061] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 876.092076] ? __pfx__kstrtoull+0x10/0x10 [ 876.092091] ? kfree+0x2c5/0x5d0 [ 876.092108] ? __lock_acquire+0x451/0x2250 [ 876.092127] ___sys_recvmsg+0xbb/0x190 [ 876.092143] ? __pfx____sys_recvmsg+0x10/0x10 [ 876.092160] ? __pfx_perf_trace_lock+0x10/0x10 [ 876.092179] ? lock_acquire+0x15e/0x2d0 [ 876.092193] ? __might_fault+0xe0/0x190 [ 876.092205] ? find_held_lock+0x2b/0x80 [ 876.092223] ? __might_fault+0x138/0x190 [ 876.092242] do_recvmmsg+0x2c5/0x6f0 [ 876.092261] ? __pfx_do_recvmmsg+0x10/0x10 [ 876.092276] ? ksys_write+0x187/0x240 [ 876.092288] ? lock_release+0xc8/0x270 [ 876.092305] ? __mutex_unlock_slowpath+0x157/0x740 [ 876.092317] ? kernel_write+0x593/0x660 [ 876.092333] ? __fget_files+0x20d/0x3b0 [ 876.092351] __x64_sys_recvmmsg+0x211/0x260 [ 876.092368] ? ksys_write+0x1a3/0x240 [ 876.092379] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 876.092395] ? irqentry_exit+0xee/0x650 [ 876.092407] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 876.092422] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 876.092442] do_syscall_64+0xbf/0x420 [ 876.092457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.092470] RIP: 0033:0x7f4b915d8b19 [ 876.092479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 876.092491] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 876.092504] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 876.092512] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 876.092519] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 876.092526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 876.092533] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 876.092550] 00:54:47 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000001240)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001200)={&(0x7f0000001140)={{0x14}, [@NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x101, 0x0, 0x0, {}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_DATA={0x4}}, @NFT_MSG_DELCHAIN={0x14}], {0x14}}, 0x54}}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in6=@ipv4={""/10, ""/2, @dev}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@ipv4={""/10, ""/2, @remote}}}, &(0x7f0000000180)=0xe8) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', 0x0, 0x29, 0x9, 0x4a, 0x7, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, 0x7800, 0x10, 0x8, 0x7}}) sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xbc, r1, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4801}, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:54:47 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x8000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:47 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 56) 00:54:47 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf5, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:54:47 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 41) 00:54:47 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() process_vm_writev(r1, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xea, 0x2, 0x8, 0x8, 0x0, 0xa8000000000000, 0x22, 0xc, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000000), 0x9}, 0x10, 0x5, 0x8, 0x5, 0x7, 0x3, 0x1f, 0x0, 0xff, 0x0, 0x2e37}, r1, 0x7, r0, 0x2) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:54:47 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mlock(&(0x7f0000ff7000/0x4000)=nil, 0x4000) 00:54:47 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffffffffffdef, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 887.297554] FAULT_INJECTION: forcing a failure. [ 887.297554] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 887.301498] FAULT_INJECTION: forcing a failure. 00:54:47 executing program 7: mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x7b4dc0b4a4e7dac6, &(0x7f0000ffd000/0x3000)=nil) mremap(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ffb000/0x4000)=nil) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) [ 887.301498] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 887.304403] CPU: 0 UID: 0 PID: 6946 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 887.304434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 887.304448] Call Trace: [ 887.304456] [ 887.304464] dump_stack_lvl+0xfa/0x120 [ 887.304497] should_fail_ex+0x4d7/0x5e0 [ 887.304537] _copy_from_user+0x30/0xd0 [ 887.304574] copy_msghdr_from_user+0x88/0x150 [ 887.304615] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 887.304643] ? __pfx__kstrtoull+0x10/0x10 [ 887.304670] ? kfree+0x2c5/0x5d0 [ 887.304702] ? __lock_acquire+0x451/0x2250 [ 887.304737] ___sys_recvmsg+0xbb/0x190 00:54:47 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf0ffffff7f0000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 887.304766] ? __pfx____sys_recvmsg+0x10/0x10 [ 887.304798] ? __pfx_perf_trace_lock+0x10/0x10 [ 887.304832] ? lock_acquire+0x15e/0x2d0 [ 887.304858] ? __might_fault+0xe0/0x190 [ 887.304881] ? find_held_lock+0x2b/0x80 [ 887.304915] ? __might_fault+0x138/0x190 [ 887.304948] do_recvmmsg+0x2c5/0x6f0 [ 887.304984] ? __pfx_do_recvmmsg+0x10/0x10 [ 887.305011] ? ksys_write+0x187/0x240 [ 887.305037] ? perf_trace_lock+0xbb/0x4f0 [ 887.305063] ? __lock_acquire+0x451/0x2250 [ 887.305095] ? srso_alias_untrain_ret+0x1/0x10 [ 887.305130] ? lock_acquire+0x15e/0x2d0 [ 887.305161] __x64_sys_recvmmsg+0x211/0x260 [ 887.305193] ? lock_release+0xc8/0x270 [ 887.305220] ? __pfx___x64_sys_recvmmsg+0x10/0x10 00:54:47 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) [ 887.305249] ? __might_fault+0xe0/0x190 [ 887.305272] ? __might_fault+0x151/0x190 [ 887.305299] do_syscall_64+0xbf/0x420 [ 887.305327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.305349] RIP: 0033:0x7f4b915d8b19 [ 887.305366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 887.305388] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 887.305410] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 00:54:47 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 57) 00:54:47 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000, 0x4, &(0x7f0000ffa000/0x3000)=nil) [ 887.305425] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 887.305438] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 887.305452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 887.305464] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 00:54:47 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 42) [ 887.305496] [ 887.307414] CPU: 0 UID: 0 PID: 6945 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 887.307445] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 887.307457] Call Trace: [ 887.307464] [ 887.307472] dump_stack_lvl+0xfa/0x120 [ 887.307499] should_fail_ex+0x4d7/0x5e0 [ 887.307536] _copy_from_user+0x30/0xd0 [ 887.307571] copy_msghdr_from_user+0x88/0x150 [ 887.307601] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 887.307629] ? __pfx__kstrtoull+0x10/0x10 [ 887.307656] ? kfree+0x2c5/0x5d0 [ 887.307687] ? __lock_acquire+0x451/0x2250 00:54:48 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfe, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 887.307720] ___sys_recvmsg+0xbb/0x190 [ 887.307757] ? __pfx____sys_recvmsg+0x10/0x10 [ 887.307788] ? __pfx_perf_trace_lock+0x10/0x10 [ 887.307839] ? lock_acquire+0x15e/0x2d0 [ 887.307865] ? __might_fault+0xe0/0x190 [ 887.307886] ? find_held_lock+0x2b/0x80 [ 887.307920] ? __might_fault+0x138/0x190 [ 887.307953] do_recvmmsg+0x2c5/0x6f0 00:54:48 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) r1 = perf_event_open$cgroup(&(0x7f0000000000)={0x5, 0x80, 0x3f, 0x0, 0x4, 0x3, 0x0, 0x776, 0x2, 0x4, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xffffb89c, 0x7, @perf_config_ext={0x1, 0x6}, 0x0, 0x100000000, 0x2, 0x7, 0x9, 0x400, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0x9, r0, 0x8) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x7fff) [ 887.307989] ? __pfx_do_recvmmsg+0x10/0x10 [ 887.308015] ? ksys_write+0x187/0x240 [ 887.308035] ? lock_release+0xc8/0x270 [ 887.308067] ? __mutex_unlock_slowpath+0x157/0x740 [ 887.308088] ? kernel_write+0x593/0x660 [ 887.308118] ? __fget_files+0x20d/0x3b0 [ 887.308151] __x64_sys_recvmmsg+0x211/0x260 [ 887.308181] ? ksys_write+0x1a3/0x240 [ 887.308201] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 887.308231] ? irqentry_exit+0xee/0x650 [ 887.308251] ? trace_hardirqs_on_prepare+0xe3/0x110 00:54:48 executing program 7: ioctl$CDROMREADCOOKED(0xffffffffffffffff, 0x5315, &(0x7f0000000000)) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) ioctl$CDROM_SET_OPTIONS(r0, 0x5320, 0x4) syz_io_uring_setup(0x5eb7, &(0x7f0000000a80)={0x0, 0xf61a, 0x11, 0x2, 0x50}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000b00), &(0x7f0000000b40)=0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000b80), 0x60042, 0x0) r3 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0x14, 0x0, r4) syz_io_uring_submit(0x0, r1, &(0x7f0000000d00)=@IORING_OP_STATX={0x15, 0x2, 0x0, r2, &(0x7f0000000bc0), &(0x7f0000000cc0)='mnt\x00', 0x10, 0x6000, 0x0, {0x0, r4}}, 0x8) [ 887.308280] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 887.308316] do_syscall_64+0xbf/0x420 [ 887.308343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.308365] RIP: 0033:0x7f8ef3114b19 [ 887.308382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 887.308403] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 887.308424] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 887.308439] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 887.308453] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 887.308466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 887.308479] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 887.308512] [ 887.320363] loop6: detected capacity change from 0 to 264192 [ 887.545469] FAULT_INJECTION: forcing a failure. [ 887.545469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 887.545511] CPU: 0 UID: 0 PID: 6959 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 887.545538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 887.545551] Call Trace: [ 887.545558] [ 887.545567] dump_stack_lvl+0xfa/0x120 [ 887.545599] should_fail_ex+0x4d7/0x5e0 [ 887.545638] _copy_from_user+0x30/0xd0 [ 887.545674] copy_msghdr_from_user+0x88/0x150 [ 887.545707] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 887.545735] ? __pfx__kstrtoull+0x10/0x10 [ 887.545770] ? kfree+0x2c5/0x5d0 [ 887.545802] ? __lock_acquire+0x451/0x2250 [ 887.545837] ___sys_recvmsg+0xbb/0x190 [ 887.545866] ? __pfx____sys_recvmsg+0x10/0x10 [ 887.545897] ? __pfx_perf_trace_lock+0x10/0x10 [ 887.545931] ? lock_acquire+0x15e/0x2d0 [ 887.545957] ? __might_fault+0xe0/0x190 [ 887.545979] ? find_held_lock+0x2b/0x80 [ 887.546012] ? __might_fault+0x138/0x190 [ 887.546045] do_recvmmsg+0x2c5/0x6f0 [ 887.546081] ? __pfx_do_recvmmsg+0x10/0x10 [ 887.546108] ? ksys_write+0x187/0x240 [ 887.546130] ? lock_release+0xc8/0x270 [ 887.546161] ? __mutex_unlock_slowpath+0x157/0x740 [ 887.546182] ? kernel_write+0x593/0x660 [ 887.546211] ? __fget_files+0x20d/0x3b0 [ 887.546244] __x64_sys_recvmmsg+0x211/0x260 [ 887.546275] ? ksys_write+0x1a3/0x240 [ 887.546295] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 887.546325] ? irqentry_exit+0xee/0x650 [ 887.546345] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 887.546373] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 887.546410] do_syscall_64+0xbf/0x420 [ 887.546436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.546460] RIP: 0033:0x7f4b915d8b19 [ 887.546477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 887.546498] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 887.546521] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 887.546535] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 887.546549] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 887.546562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 887.546575] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 887.546607] [ 887.636969] FAULT_INJECTION: forcing a failure. [ 887.636969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 887.637017] CPU: 1 UID: 0 PID: 6965 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 887.637049] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 887.637064] Call Trace: [ 887.637073] [ 887.637083] dump_stack_lvl+0xfa/0x120 [ 887.637119] should_fail_ex+0x4d7/0x5e0 [ 887.637165] _copy_from_user+0x30/0xd0 [ 887.637208] copy_msghdr_from_user+0x88/0x150 [ 887.637245] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 887.637277] ? __pfx__kstrtoull+0x10/0x10 [ 887.637309] ? kfree+0x2c5/0x5d0 [ 887.637346] ? __lock_acquire+0x451/0x2250 [ 887.637387] ___sys_recvmsg+0xbb/0x190 [ 887.637421] ? __pfx____sys_recvmsg+0x10/0x10 [ 887.637457] ? __pfx_perf_trace_lock+0x10/0x10 [ 887.637498] ? lock_acquire+0x15e/0x2d0 [ 887.637528] ? __might_fault+0xe0/0x190 [ 887.637554] ? find_held_lock+0x2b/0x80 [ 887.637593] ? __might_fault+0x138/0x190 [ 887.637632] do_recvmmsg+0x2c5/0x6f0 [ 887.637674] ? __pfx_do_recvmmsg+0x10/0x10 [ 887.637705] ? ksys_write+0x187/0x240 [ 887.637739] ? lock_release+0xc8/0x270 [ 887.637776] ? __mutex_unlock_slowpath+0x157/0x740 [ 887.637800] ? kernel_write+0x593/0x660 [ 887.637834] ? __fget_files+0x20d/0x3b0 [ 887.637873] __x64_sys_recvmmsg+0x211/0x260 [ 887.637908] ? ksys_write+0x1a3/0x240 [ 887.637932] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 887.637967] ? irqentry_exit+0xee/0x650 [ 887.637990] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 887.638023] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 887.638066] do_syscall_64+0xbf/0x420 [ 887.638096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.638123] RIP: 0033:0x7f8ef3114b19 [ 887.638144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 887.638169] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 887.638195] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 887.638212] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 887.638228] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 887.638243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 887.638259] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 887.638296] [ 887.656949] loop6: detected capacity change from 0 to 264192 00:54:56 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 58) 00:54:56 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 43) 00:54:56 executing program 2: mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x5000, 0x7, &(0x7f0000ff8000/0x5000)=nil) mlock2(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 00:54:56 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x600140, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x20d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x3}, 0x0, 0x0, 0x6f1c}, 0x0, 0x0, r0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) ioctl$sock_bt_hci(r0, 0x800448d5, &(0x7f0000000040)="60a7f71666b504b38978d682689f73a2b08bc2aa93999b52482ecc55fc89a19da0d5804953f225bc693e05119545068fb742db6a90bf14e3b4e91499dc9950c95c29dc129d2466c63ef341e0865a6878083b0384ad0e5956ba237ebff5acbd62db1a547057145eb2d901655f0ae300b5a739a3cff5bf7dc1fce73b614f49ed251b9a6dc50f2ab6055dca870176866df20a5cc833dc1830b6b73ea75441e9b2ce5da0f8d157cb46df16ce13ec771368ffa743a03b0583dfa634") ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) 00:54:56 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x195, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:54:56 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfeffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:54:56 executing program 7: r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0xc, 0x2, &(0x7f00000002c0)=[{&(0x7f00000000c0)="daa13bd2b8f7f0089cb384487df7aa2b003efb0c95080fef159a1046a7952add88cf10c6f109c405037b1a4d1b248d5d48189521c1e7a384daae0cde20325586112493baae496dc675fa05ad48c783f70436fad66bd8e551ac48101cd343498bddf1a3914ef6cbea920f604c145a3aa7cb837f721fabf4d19b67f85e9949fed045f5d07ffcea83ee7fb9034332af79478751d4b81ba499bb97b998df2221e62098a142d64f5b1160e11804fd22150086b16f1a5e967a4314127dc70018a1d2800ee4bd4d22eafd31e1d1ef3432", 0xcd}, {&(0x7f00000001c0)="3b5fe3b13d0f981f782ec590af9e99e4a8a09223f0ba22ead3fcdb1fb417c16832a24a07bce920ceccf4e66d1fcdfda9c2375c098a3b1084b23689daa1c61a82cfb255da01e6620757f1f9c2f96a410421d5e135ad71be09c928364c806f570ee9c5f5046f64ac1a14bed4e1c58b0f553ad16059baaeb1506200459d5f7d383d09b72aaf6aa4b0f15c07ab6137b062101f983ddfc88514f3ce92a0051411f5bd1c189ae9404f2ab2ec3ac66a06efb83edf57a01027391f45b5c27c82ba63c397cea22c75eef54b476c1ac04c8a3899978a89e8f9cd7439c9ed6f46714d50a67080", 0xe1, 0x4}], 0x1002, &(0x7f0000000300)={[{@shortname_winnt}], [{@fowner_lt={'fowner<', 0xee01}}, {@obj_user={'obj_user', 0x3d, '\x00'}}, {@context={'context', 0x3d, 'system_u'}}, {@subj_user={'subj_user', 0x3d, '.{/+m+'}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]}) statx(r0, &(0x7f0000000380)='./file0\x00', 0x400, 0x100, &(0x7f00000003c0)) mremap(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x8, 0x0, 0x0, 0xfff, 0x2, 0x1}, 0x1) 00:54:56 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffffffffffdfc, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 896.435342] FAULT_INJECTION: forcing a failure. [ 896.435342] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 896.436347] CPU: 0 UID: 0 PID: 6996 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 896.436363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 896.436371] Call Trace: [ 896.436376] [ 896.436381] dump_stack_lvl+0xfa/0x120 [ 896.436403] should_fail_ex+0x4d7/0x5e0 [ 896.436428] _copy_from_user+0x30/0xd0 [ 896.436449] copy_msghdr_from_user+0x88/0x150 [ 896.436469] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 896.436485] ? __pfx__kstrtoull+0x10/0x10 [ 896.436501] ? kfree+0x2c5/0x5d0 [ 896.436519] ? __lock_acquire+0x451/0x2250 [ 896.436540] ___sys_recvmsg+0xbb/0x190 [ 896.436556] ? __pfx____sys_recvmsg+0x10/0x10 [ 896.436573] ? __pfx_perf_trace_lock+0x10/0x10 [ 896.436592] ? lock_acquire+0x15e/0x2d0 [ 896.436607] ? __might_fault+0xe0/0x190 [ 896.436620] ? find_held_lock+0x2b/0x80 [ 896.436639] ? __might_fault+0x138/0x190 [ 896.436657] do_recvmmsg+0x2c5/0x6f0 [ 896.436677] ? __pfx_do_recvmmsg+0x10/0x10 [ 896.436691] ? ksys_write+0x187/0x240 [ 896.436704] ? lock_release+0xc8/0x270 [ 896.436721] ? __mutex_unlock_slowpath+0x157/0x740 [ 896.436734] ? kernel_write+0x593/0x660 [ 896.436754] ? __fget_files+0x20d/0x3b0 [ 896.436773] __x64_sys_recvmmsg+0x211/0x260 [ 896.436791] ? ksys_write+0x1a3/0x240 [ 896.436802] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 896.436819] ? irqentry_exit+0xee/0x650 [ 896.436830] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 896.436847] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 896.436867] do_syscall_64+0xbf/0x420 [ 896.436882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.436896] RIP: 0033:0x7f4b915d8b19 [ 896.436906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 896.436919] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 896.436932] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 896.436940] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 896.436948] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 896.436956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 896.436963] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 896.436981] [ 896.441300] loop6: detected capacity change from 0 to 264192 [ 896.442833] FAULT_INJECTION: forcing a failure. [ 896.442833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 896.442851] CPU: 0 UID: 0 PID: 6994 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 896.442866] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 896.442872] Call Trace: [ 896.442876] [ 896.442881] dump_stack_lvl+0xfa/0x120 [ 896.442895] should_fail_ex+0x4d7/0x5e0 [ 896.442915] _copy_from_user+0x30/0xd0 [ 896.442934] copy_msghdr_from_user+0x88/0x150 [ 896.442950] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 896.442966] ? __pfx__kstrtoull+0x10/0x10 [ 896.442980] ? kfree+0x2c5/0x5d0 [ 896.442996] ? __lock_acquire+0x451/0x2250 [ 896.443014] ___sys_recvmsg+0xbb/0x190 [ 896.443030] ? __pfx____sys_recvmsg+0x10/0x10 00:54:56 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 44) [ 896.443051] ? __pfx_perf_trace_lock+0x10/0x10 [ 896.443070] ? lock_acquire+0x15e/0x2d0 [ 896.443084] ? __might_fault+0xe0/0x190 [ 896.443096] ? find_held_lock+0x2b/0x80 [ 896.443114] ? __might_fault+0x138/0x190 [ 896.443132] do_recvmmsg+0x2c5/0x6f0 [ 896.443151] ? __pfx_do_recvmmsg+0x10/0x10 [ 896.443165] ? ksys_write+0x187/0x240 [ 896.443176] ? lock_release+0xc8/0x270 [ 896.443193] ? __mutex_unlock_slowpath+0x157/0x740 [ 896.443205] ? kernel_write+0x593/0x660 [ 896.443221] ? __fget_files+0x20d/0x3b0 [ 896.443239] __x64_sys_recvmmsg+0x211/0x260 [ 896.443255] ? ksys_write+0x1a3/0x240 [ 896.443267] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 896.443283] ? irqentry_exit+0xee/0x650 [ 896.443293] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 896.443308] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 896.443328] do_syscall_64+0xbf/0x420 [ 896.443343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.443354] RIP: 0033:0x7f8ef3114b19 [ 896.443364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 896.443375] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 896.443386] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 896.443394] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 896.443401] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 896.443409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 896.443416] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 896.443433] [ 896.529642] FAULT_INJECTION: forcing a failure. [ 896.529642] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:54:57 executing program 2: mremap(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f0000ff7000/0x4000)=nil) shmat(0xffffffffffffffff, &(0x7f0000ff8000/0x1000)=nil, 0x2000) [ 896.539614] CPU: 0 UID: 0 PID: 7002 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 896.539631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 896.539639] Call Trace: [ 896.539644] [ 896.539649] dump_stack_lvl+0xfa/0x120 [ 896.539671] should_fail_ex+0x4d7/0x5e0 [ 896.539697] _copy_from_user+0x30/0xd0 [ 896.539719] copy_msghdr_from_user+0x88/0x150 [ 896.539739] ? __pfx_copy_msghdr_from_user+0x10/0x10 00:54:57 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 59) [ 896.539759] ? __pfx__kstrtoull+0x10/0x10 [ 896.539775] ? kfree+0x2c5/0x5d0 [ 896.539795] ? __lock_acquire+0x451/0x2250 [ 896.539816] ___sys_recvmsg+0xbb/0x190 [ 896.539832] ? __pfx____sys_recvmsg+0x10/0x10 [ 896.539850] ? __pfx_perf_trace_lock+0x10/0x10 00:54:57 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000001240)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001200)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x101, 0x0, 0x0, {}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_DATA={0x4}}, @NFT_MSG_DELCHAIN={0x1c, 0x5, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14}}, 0x5c}}, 0x0) sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x0, 0x8, 0x1, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6c}}}}, [@NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x48050}, 0x810) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) [ 896.539871] ? lock_acquire+0x15e/0x2d0 [ 896.539886] ? __might_fault+0xe0/0x190 [ 896.539899] ? find_held_lock+0x2b/0x80 [ 896.539919] ? __might_fault+0x138/0x190 [ 896.539945] do_recvmmsg+0x2c5/0x6f0 00:54:57 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = signalfd(r0, &(0x7f0000000080)={[0x7]}, 0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x80, 0x0, 0x7, 0x20, 0x0, 0x8, 0x103, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x81, 0x2, @perf_config_ext={0x9, 0x2}, 0x50022, 0x3, 0x5, 0x6, 0x10001, 0x38, 0x2000, 0x0, 0x7fffffff, 0x0, 0x13}, 0x0, 0x9, r1, 0x1) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 896.539966] ? __pfx_do_recvmmsg+0x10/0x10 [ 896.539981] ? ksys_write+0x187/0x240 00:54:57 executing program 7: mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) 00:54:57 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 45) [ 896.539994] ? lock_release+0xc8/0x270 [ 896.540012] ? __mutex_unlock_slowpath+0x157/0x740 [ 896.540025] ? kernel_write+0x593/0x660 [ 896.540041] ? __fget_files+0x20d/0x3b0 [ 896.540059] __x64_sys_recvmmsg+0x211/0x260 [ 896.540079] ? ksys_write+0x1a3/0x240 [ 896.540090] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 896.540107] ? irqentry_exit+0xee/0x650 [ 896.540118] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 896.540135] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 896.540156] do_syscall_64+0xbf/0x420 [ 896.540171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.540185] RIP: 0033:0x7f8ef3114b19 [ 896.540196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 896.540208] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 896.540222] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 896.540230] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 896.540238] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 896.540245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 896.540252] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 896.540270] [ 896.596944] FAULT_INJECTION: forcing a failure. [ 896.596944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 896.596971] CPU: 0 UID: 0 PID: 7008 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 896.596986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 896.596994] Call Trace: [ 896.597000] [ 896.597005] dump_stack_lvl+0xfa/0x120 [ 896.597027] should_fail_ex+0x4d7/0x5e0 [ 896.597052] _copy_from_user+0x30/0xd0 [ 896.597073] copy_msghdr_from_user+0x88/0x150 [ 896.597092] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 896.597108] ? __pfx__kstrtoull+0x10/0x10 [ 896.597123] ? kfree+0x2c5/0x5d0 [ 896.597142] ? __lock_acquire+0x451/0x2250 [ 896.597162] ___sys_recvmsg+0xbb/0x190 [ 896.597178] ? __pfx____sys_recvmsg+0x10/0x10 [ 896.597195] ? __pfx_perf_trace_lock+0x10/0x10 [ 896.597215] ? lock_acquire+0x15e/0x2d0 [ 896.597233] ? __might_fault+0xe0/0x190 [ 896.597247] ? find_held_lock+0x2b/0x80 [ 896.597266] ? __might_fault+0x138/0x190 [ 896.597284] do_recvmmsg+0x2c5/0x6f0 [ 896.597304] ? __pfx_do_recvmmsg+0x10/0x10 [ 896.597319] ? ksys_write+0x187/0x240 [ 896.597331] ? lock_release+0xc8/0x270 [ 896.597348] ? __mutex_unlock_slowpath+0x157/0x740 [ 896.597361] ? kernel_write+0x593/0x660 [ 896.597377] ? __fget_files+0x20d/0x3b0 [ 896.597396] __x64_sys_recvmmsg+0x211/0x260 [ 896.597414] ? ksys_write+0x1a3/0x240 [ 896.597425] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 896.597441] ? irqentry_exit+0xee/0x650 [ 896.597452] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 896.597469] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 896.597488] do_syscall_64+0xbf/0x420 [ 896.597503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.597517] RIP: 0033:0x7f4b915d8b19 [ 896.597527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 896.597539] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 896.597551] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 896.597560] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 896.597567] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 896.597574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 896.597582] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 896.597599] [ 896.724453] FAULT_INJECTION: forcing a failure. [ 896.724453] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 896.724481] CPU: 0 UID: 0 PID: 7015 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 896.724497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 896.724505] Call Trace: [ 896.724509] [ 896.724515] dump_stack_lvl+0xfa/0x120 [ 896.724536] should_fail_ex+0x4d7/0x5e0 [ 896.724561] _copy_from_user+0x30/0xd0 [ 896.724582] copy_msghdr_from_user+0x88/0x150 [ 896.724602] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 896.724617] ? __pfx__kstrtoull+0x10/0x10 [ 896.724633] ? kfree+0x2c5/0x5d0 [ 896.724651] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 896.724673] ___sys_recvmsg+0xbb/0x190 [ 896.724689] ? __pfx____sys_recvmsg+0x10/0x10 [ 896.724707] ? __pfx_perf_trace_lock+0x10/0x10 [ 896.724726] ? lock_acquire+0x15e/0x2d0 [ 896.724745] ? __might_fault+0xe0/0x190 [ 896.724758] ? find_held_lock+0x2b/0x80 [ 896.724777] ? __might_fault+0x138/0x190 [ 896.724795] do_recvmmsg+0x2c5/0x6f0 [ 896.724815] ? __pfx_do_recvmmsg+0x10/0x10 [ 896.724830] ? ksys_write+0x187/0x240 [ 896.724845] ? perf_trace_lock+0xbb/0x4f0 [ 896.724859] ? __lock_acquire+0x451/0x2250 [ 896.724876] ? srso_alias_untrain_ret+0x1/0x10 [ 896.724896] ? lock_acquire+0x15e/0x2d0 [ 896.724913] __x64_sys_recvmmsg+0x211/0x260 [ 896.724931] ? lock_release+0xc8/0x270 [ 896.724946] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 896.724962] ? __might_fault+0xe0/0x190 [ 896.724974] ? __might_fault+0x151/0x190 [ 896.724989] do_syscall_64+0xbf/0x420 [ 896.725004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.725016] RIP: 0033:0x7f8ef3114b19 [ 896.725026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 896.725039] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 896.725054] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 896.725062] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 896.725070] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 896.725077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 896.725085] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 896.725102] 00:55:05 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 60) 00:55:05 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 46) 00:55:05 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffffffffffdfe, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:55:05 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x100000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:05 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x300, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:05 executing program 7: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x24}}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r6, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x24}}, 0x0) sendmsg$IEEE802154_LLSEC_DEL_DEV(r4, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, 0x0, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40004}, 0x0) sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, r1, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x4004890) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 00:55:05 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) fdatasync(0xffffffffffffffff) 00:55:05 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ff8000/0x2000)=nil) [ 905.012174] loop6: detected capacity change from 0 to 264192 00:55:05 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x200000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:05 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffffffffffe00, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 905.046011] FAULT_INJECTION: forcing a failure. [ 905.046011] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 905.047036] CPU: 0 UID: 0 PID: 7043 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 905.047053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 905.047061] Call Trace: [ 905.047066] [ 905.047070] dump_stack_lvl+0xfa/0x120 [ 905.047091] should_fail_ex+0x4d7/0x5e0 [ 905.047115] _copy_from_user+0x30/0xd0 [ 905.047136] copy_msghdr_from_user+0x88/0x150 [ 905.047155] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 905.047170] ? __pfx__kstrtoull+0x10/0x10 [ 905.047185] ? kfree+0x2c5/0x5d0 [ 905.047204] ? __lock_acquire+0x451/0x2250 [ 905.047223] ___sys_recvmsg+0xbb/0x190 [ 905.047240] ? __pfx____sys_recvmsg+0x10/0x10 [ 905.047257] ? __pfx_perf_trace_lock+0x10/0x10 [ 905.047276] ? lock_acquire+0x15e/0x2d0 [ 905.047291] ? __might_fault+0xe0/0x190 [ 905.047303] ? find_held_lock+0x2b/0x80 [ 905.047322] ? __might_fault+0x138/0x190 [ 905.047340] do_recvmmsg+0x2c5/0x6f0 [ 905.047360] ? __pfx_do_recvmmsg+0x10/0x10 [ 905.047374] ? ksys_write+0x187/0x240 [ 905.047387] ? lock_release+0xc8/0x270 [ 905.047404] ? __mutex_unlock_slowpath+0x157/0x740 [ 905.047416] ? kernel_write+0x593/0x660 [ 905.047432] ? __fget_files+0x20d/0x3b0 [ 905.047450] __x64_sys_recvmmsg+0x211/0x260 [ 905.047468] ? ksys_write+0x1a3/0x240 [ 905.047479] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 905.047495] ? irqentry_exit+0xee/0x650 [ 905.047506] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 905.047523] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 905.047542] do_syscall_64+0xbf/0x420 [ 905.047557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.047570] RIP: 0033:0x7f8ef3114b19 [ 905.047580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 905.047592] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 905.047604] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 905.047613] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 905.047620] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 905.047627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 905.047634] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 905.047651] [ 905.125728] FAULT_INJECTION: forcing a failure. [ 905.125728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 905.126741] CPU: 0 UID: 0 PID: 7042 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 905.126760] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 905.126768] Call Trace: [ 905.126772] [ 905.126778] dump_stack_lvl+0xfa/0x120 [ 905.126797] should_fail_ex+0x4d7/0x5e0 [ 905.126821] _copy_from_user+0x30/0xd0 [ 905.126841] copy_msghdr_from_user+0x88/0x150 [ 905.126860] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 905.126875] ? __pfx__kstrtoull+0x10/0x10 [ 905.126890] ? kfree+0x2c5/0x5d0 [ 905.126909] ? __lock_acquire+0x451/0x2250 [ 905.126928] ___sys_recvmsg+0xbb/0x190 [ 905.126944] ? __pfx____sys_recvmsg+0x10/0x10 [ 905.126961] ? __pfx_perf_trace_lock+0x10/0x10 [ 905.126980] ? lock_acquire+0x15e/0x2d0 [ 905.126995] ? __might_fault+0xe0/0x190 [ 905.127007] ? find_held_lock+0x2b/0x80 [ 905.127026] ? __might_fault+0x138/0x190 [ 905.127044] do_recvmmsg+0x2c5/0x6f0 [ 905.127063] ? __pfx_do_recvmmsg+0x10/0x10 [ 905.127078] ? ksys_write+0x187/0x240 [ 905.127090] ? lock_release+0xc8/0x270 [ 905.127107] ? __mutex_unlock_slowpath+0x157/0x740 [ 905.127119] ? kernel_write+0x593/0x660 [ 905.127135] ? __fget_files+0x20d/0x3b0 [ 905.127154] __x64_sys_recvmmsg+0x211/0x260 [ 905.127171] ? ksys_write+0x1a3/0x240 [ 905.127182] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 905.127198] ? irqentry_exit+0xee/0x650 [ 905.127210] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 905.127228] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 905.127251] do_syscall_64+0xbf/0x420 [ 905.127266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.127279] RIP: 0033:0x7f4b915d8b19 [ 905.127288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 905.127300] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 905.127313] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 905.127321] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 905.127328] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 905.127336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 905.127343] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 905.127360] 00:55:05 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x480, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:05 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 47) 00:55:05 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x300000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:05 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x1f, 0x9, 0x40, 0x80, 0x0, 0x5, 0x800c, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x715, 0x1, @perf_config_ext={0x100, 0x1c6}, 0x20, 0x100, 0x7, 0x0, 0x2, 0xff, 0xffe0, 0x0, 0x0, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x9) signalfd4(r0, &(0x7f0000000080)={[0x1f]}, 0x8, 0x180000) fdatasync(0xffffffffffffffff) 00:55:05 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:55:05 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 61) [ 905.258256] FAULT_INJECTION: forcing a failure. [ 905.258256] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 905.259226] CPU: 0 UID: 0 PID: 7060 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 905.259241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 905.259249] Call Trace: [ 905.259254] [ 905.259259] dump_stack_lvl+0xfa/0x120 [ 905.259279] should_fail_ex+0x4d7/0x5e0 [ 905.259303] _copy_from_user+0x30/0xd0 [ 905.259325] copy_msghdr_from_user+0x88/0x150 [ 905.259346] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 905.259361] ? __pfx__kstrtoull+0x10/0x10 [ 905.259376] ? kfree+0x2c5/0x5d0 [ 905.259394] ? __lock_acquire+0x451/0x2250 [ 905.259414] ___sys_recvmsg+0xbb/0x190 [ 905.259429] ? __pfx____sys_recvmsg+0x10/0x10 [ 905.259447] ? __pfx_perf_trace_lock+0x10/0x10 [ 905.259466] ? lock_acquire+0x15e/0x2d0 [ 905.259480] ? __might_fault+0xe0/0x190 [ 905.259492] ? find_held_lock+0x2b/0x80 [ 905.259511] ? __might_fault+0x138/0x190 [ 905.259529] do_recvmmsg+0x2c5/0x6f0 [ 905.259549] ? __pfx_do_recvmmsg+0x10/0x10 [ 905.259563] ? ksys_write+0x187/0x240 [ 905.259575] ? lock_release+0xc8/0x270 [ 905.259592] ? __mutex_unlock_slowpath+0x157/0x740 [ 905.259604] ? kernel_write+0x593/0x660 [ 905.259620] ? __fget_files+0x20d/0x3b0 [ 905.259639] __x64_sys_recvmmsg+0x211/0x260 [ 905.259656] ? ksys_write+0x1a3/0x240 [ 905.259667] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 905.259683] ? irqentry_exit+0xee/0x650 [ 905.259694] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 905.259711] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 905.259730] do_syscall_64+0xbf/0x420 [ 905.259745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.259762] RIP: 0033:0x7f8ef3114b19 [ 905.259772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 905.259784] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 905.259796] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 905.259804] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 905.259812] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 905.259819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 905.259826] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 905.259844] [ 905.298261] FAULT_INJECTION: forcing a failure. [ 905.298261] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 905.299244] CPU: 0 UID: 0 PID: 7068 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 905.299259] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 905.299267] Call Trace: [ 905.299272] [ 905.299277] dump_stack_lvl+0xfa/0x120 [ 905.299295] should_fail_ex+0x4d7/0x5e0 [ 905.299318] _copy_from_user+0x30/0xd0 [ 905.299338] copy_msghdr_from_user+0x88/0x150 [ 905.299360] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 905.299375] ? __pfx__kstrtoull+0x10/0x10 [ 905.299390] ? kfree+0x2c5/0x5d0 [ 905.299408] ? __lock_acquire+0x451/0x2250 [ 905.299428] ___sys_recvmsg+0xbb/0x190 [ 905.299444] ? __pfx____sys_recvmsg+0x10/0x10 [ 905.299461] ? __pfx_perf_trace_lock+0x10/0x10 [ 905.299480] ? lock_acquire+0x15e/0x2d0 [ 905.299494] ? __might_fault+0xe0/0x190 [ 905.299506] ? find_held_lock+0x2b/0x80 [ 905.299525] ? __might_fault+0x138/0x190 [ 905.299543] do_recvmmsg+0x2c5/0x6f0 [ 905.299562] ? __pfx_do_recvmmsg+0x10/0x10 [ 905.299577] ? ksys_write+0x187/0x240 [ 905.299589] ? lock_release+0xc8/0x270 [ 905.299606] ? __mutex_unlock_slowpath+0x157/0x740 [ 905.299618] ? kernel_write+0x593/0x660 [ 905.299634] ? __fget_files+0x20d/0x3b0 [ 905.299652] __x64_sys_recvmmsg+0x211/0x260 [ 905.299670] ? ksys_write+0x1a3/0x240 [ 905.299681] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 905.299697] ? irqentry_exit+0xee/0x650 [ 905.299708] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 905.299724] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 905.299744] do_syscall_64+0xbf/0x420 [ 905.299762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.299776] RIP: 0033:0x7f4b915d8b19 [ 905.299785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 905.299797] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 905.299810] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 905.299818] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 905.299825] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 905.299833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 905.299840] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 905.299857] 00:55:05 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x500, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:05 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x600, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:05 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x2, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:55:05 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x400000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:06 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x700, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 905.660485] loop6: detected capacity change from 0 to 264192 [ 908.315962] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 908.319856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 908.324418] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 908.329094] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 908.332944] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 910.343836] Bluetooth: hci2: command tx timeout [ 912.392835] Bluetooth: hci2: command tx timeout [ 914.439909] Bluetooth: hci2: command tx timeout [ 916.487998] Bluetooth: hci2: command tx timeout [ 925.621293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 925.623074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 925.703276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 925.705164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 00:55:36 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 48) 00:55:36 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 62) 00:55:36 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) madvise(&(0x7f0000ff6000/0x2000)=nil, 0x2000, 0x13) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, r0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)=""/93, 0x5d}, {&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/99, 0x63}], 0x3, &(0x7f00000002c0)=""/146, 0x92}, 0x0, 0x40010120, 0x1}, 0x3ba) 00:55:36 executing program 2: mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) r0 = pkey_alloc(0x0, 0x4) r1 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2000000, r1) mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8001, &(0x7f0000000000)=0x9e3, 0x101, 0x2) pkey_mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000002, r0) pkey_mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000001, r0) 00:55:36 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x3, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:55:36 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='[)-\x00', &(0x7f0000000040)='\x00', 0x0) fdatasync(0xffffffffffffffff) 00:55:36 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xb00, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:36 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x500000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 936.456215] FAULT_INJECTION: forcing a failure. [ 936.456215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 936.458375] CPU: 1 UID: 0 PID: 7546 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 936.458404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 936.458417] Call Trace: [ 936.458424] [ 936.458433] dump_stack_lvl+0xfa/0x120 [ 936.458464] should_fail_ex+0x4d7/0x5e0 [ 936.458503] _copy_from_user+0x30/0xd0 [ 936.458538] copy_msghdr_from_user+0x88/0x150 [ 936.458568] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 936.458595] ? __pfx__kstrtoull+0x10/0x10 [ 936.458621] ? kfree+0x2c5/0x5d0 [ 936.458651] ? __lock_acquire+0x451/0x2250 [ 936.458684] ___sys_recvmsg+0xbb/0x190 [ 936.458712] ? __pfx____sys_recvmsg+0x10/0x10 [ 936.458742] ? __pfx_perf_trace_lock+0x10/0x10 [ 936.458784] ? lock_acquire+0x15e/0x2d0 [ 936.458809] ? __might_fault+0xe0/0x190 [ 936.458830] ? find_held_lock+0x2b/0x80 [ 936.458863] ? __might_fault+0x138/0x190 [ 936.458894] do_recvmmsg+0x2c5/0x6f0 [ 936.458928] ? __pfx_do_recvmmsg+0x10/0x10 [ 936.458954] ? ksys_write+0x187/0x240 [ 936.458975] ? lock_release+0xc8/0x270 [ 936.459005] ? __mutex_unlock_slowpath+0x157/0x740 [ 936.459026] ? kernel_write+0x593/0x660 [ 936.459054] ? __fget_files+0x20d/0x3b0 [ 936.459085] __x64_sys_recvmmsg+0x211/0x260 [ 936.459115] ? ksys_write+0x1a3/0x240 [ 936.459134] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 936.459163] ? irqentry_exit+0xee/0x650 [ 936.459182] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 936.459209] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 936.459244] do_syscall_64+0xbf/0x420 [ 936.459269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.459292] RIP: 0033:0x7f8ef3114b19 [ 936.459309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 936.459333] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 936.459355] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 936.459369] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 936.459382] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 936.459394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 936.459406] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 936.459437] [ 936.490974] FAULT_INJECTION: forcing a failure. [ 936.490974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 936.492498] CPU: 1 UID: 0 PID: 7545 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 936.492524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 936.492535] Call Trace: [ 936.492542] [ 936.492551] dump_stack_lvl+0xfa/0x120 [ 936.492575] should_fail_ex+0x4d7/0x5e0 [ 936.492609] _copy_from_user+0x30/0xd0 [ 936.492642] copy_msghdr_from_user+0x88/0x150 [ 936.492670] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 936.492700] ? kfree+0x2c5/0x5d0 [ 936.492729] ? __lock_acquire+0x451/0x2250 [ 936.492765] ___sys_recvmsg+0xbb/0x190 [ 936.492792] ? __pfx____sys_recvmsg+0x10/0x10 [ 936.492822] ? __pfx_perf_trace_lock+0x10/0x10 [ 936.492853] ? lock_acquire+0x15e/0x2d0 [ 936.492877] ? __might_fault+0xe0/0x190 [ 936.492897] ? find_held_lock+0x2b/0x80 [ 936.492929] ? __might_fault+0x138/0x190 [ 936.492960] do_recvmmsg+0x2c5/0x6f0 [ 936.492993] ? __pfx_do_recvmmsg+0x10/0x10 [ 936.493019] ? find_held_lock+0x2b/0x80 [ 936.493051] ? __schedule+0x241a/0x4680 [ 936.493081] ? lock_release+0xc8/0x270 [ 936.493108] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 936.493133] ? __schedule+0x241f/0x4680 [ 936.493174] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 936.493201] ? __pfx___schedule+0x10/0x10 [ 936.493235] __x64_sys_recvmmsg+0x211/0x260 [ 936.493266] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 936.493294] ? exit_to_user_mode_loop+0xcf/0x4d0 [ 936.493315] ? trace_hardirqs_off+0x65/0x100 [ 936.493348] do_syscall_64+0xbf/0x420 [ 936.493372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.493393] RIP: 0033:0x7f4b915d8b19 [ 936.493409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 936.493428] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 936.493448] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 936.493461] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 936.493474] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 936.493486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 936.493498] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 936.493528] [ 936.547140] loop6: detected capacity change from 0 to 264192 00:55:37 executing program 2: creat(&(0x7f0000000000)='./file0\x00', 0x9) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:55:37 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 49) 00:55:37 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x12) 00:55:37 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x600000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:37 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x4, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 936.783703] FAULT_INJECTION: forcing a failure. [ 936.783703] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 936.793913] CPU: 0 UID: 0 PID: 7576 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 936.793947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 936.793960] Call Trace: [ 936.793968] [ 936.793976] dump_stack_lvl+0xfa/0x120 [ 936.794009] should_fail_ex+0x4d7/0x5e0 [ 936.794050] _copy_from_user+0x30/0xd0 [ 936.794087] copy_msghdr_from_user+0x88/0x150 [ 936.794119] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 936.794147] ? __pfx__kstrtoull+0x10/0x10 [ 936.794175] ? kfree+0x2c5/0x5d0 [ 936.794207] ? __lock_acquire+0x451/0x2250 [ 936.794242] ___sys_recvmsg+0xbb/0x190 [ 936.794271] ? __pfx____sys_recvmsg+0x10/0x10 [ 936.794303] ? __pfx_perf_trace_lock+0x10/0x10 [ 936.794337] ? lock_acquire+0x15e/0x2d0 [ 936.794363] ? __might_fault+0xe0/0x190 [ 936.794386] ? find_held_lock+0x2b/0x80 [ 936.794420] ? __might_fault+0x138/0x190 [ 936.794454] do_recvmmsg+0x2c5/0x6f0 [ 936.794490] ? __pfx_do_recvmmsg+0x10/0x10 [ 936.794517] ? ksys_write+0x187/0x240 [ 936.794539] ? lock_release+0xc8/0x270 [ 936.794570] ? __mutex_unlock_slowpath+0x157/0x740 [ 936.794592] ? kernel_write+0x593/0x660 [ 936.794622] ? __fget_files+0x20d/0x3b0 [ 936.794655] __x64_sys_recvmmsg+0x211/0x260 [ 936.794687] ? ksys_write+0x1a3/0x240 [ 936.794707] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 936.794737] ? irqentry_exit+0xee/0x650 [ 936.794765] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 936.794793] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 936.794830] do_syscall_64+0xbf/0x420 [ 936.794857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.794880] RIP: 0033:0x7f8ef3114b19 [ 936.794899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 936.794920] RSP: 002b:00007f8ef0669188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 936.794947] RAX: ffffffffffffffda RBX: 00007f8ef3228020 RCX: 00007f8ef3114b19 [ 936.794963] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 936.794976] RBP: 00007f8ef06691d0 R08: 0000000000000000 R09: 0000000000000000 [ 936.794990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 936.795003] R13: 00007ffe3438f3ff R14: 00007f8ef0669300 R15: 0000000000022000 [ 936.795035] 00:55:46 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x14000, 0x7, &(0x7f0000fec000/0x14000)=nil) 00:55:46 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 50) 00:55:46 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x17}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = gettid() process_vm_writev(r2, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@initdev, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@dev}}, &(0x7f0000000300)=0xe8) sendmsg$unix(r1, &(0x7f0000000500)={&(0x7f0000000180)=@abs={0x2, 0x0, 0x4e24}, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000100)="a419ba53e71b51e0cc62b35f297db260382b3038559ddc6f4ae503c24ee2", 0x1e}, {&(0x7f0000000200)="3505267d979653e557aeda324413ce4c9981dc838babd596ae19747bcdabd0d3129b82d9f6c86ba10d10b37560da0299db259667cde830f256b241618f3f0a34323ebd230145e1d952017b78acb972235c", 0x51}, {&(0x7f0000000280)="2112c3bc1fc981c654ff5111247921efe5f8f2dc8e5e748ca3ed3703", 0x1c}], 0x3, &(0x7f00000004c0)=[@cred={{0x1c, 0x1, 0x2, {r2, r3, 0xffffffffffffffff}}}], 0x20, 0x4008090}, 0x40) r4 = dup3(r0, r1, 0x0) r5 = io_uring_setup(0xa4d, &(0x7f0000000000)={0x0, 0x4294, 0x8, 0x1, 0x32e, 0x0, r4}) openat$cgroup_freezer_state(r4, &(0x7f00000000c0), 0x2, 0x0) read(r5, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:55:46 executing program 2: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x4000, 0x2, &(0x7f0000ff7000/0x4000)=nil) 00:55:46 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1008, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:46 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 63) 00:55:46 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x700000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:46 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x5, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 945.850658] loop6: detected capacity change from 0 to 264192 00:55:46 executing program 2: ioctl$CDROM_GET_MCN(0xffffffffffffffff, 0x5311, &(0x7f0000000000)) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 945.899499] FAULT_INJECTION: forcing a failure. [ 945.899499] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 945.903438] CPU: 1 UID: 0 PID: 7591 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 945.903457] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 945.903466] Call Trace: [ 945.903470] [ 945.903475] dump_stack_lvl+0xfa/0x120 [ 945.903498] should_fail_ex+0x4d7/0x5e0 [ 945.903523] _copy_from_user+0x30/0xd0 [ 945.903545] copy_msghdr_from_user+0x88/0x150 [ 945.903566] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 945.903581] ? __pfx__kstrtoull+0x10/0x10 [ 945.903597] ? kfree+0x2c5/0x5d0 [ 945.903622] ? __lock_acquire+0x451/0x2250 [ 945.903642] ___sys_recvmsg+0xbb/0x190 [ 945.903659] ? __pfx____sys_recvmsg+0x10/0x10 [ 945.903682] ? __pfx_perf_trace_lock+0x10/0x10 [ 945.903701] ? lock_acquire+0x15e/0x2d0 [ 945.903716] ? __might_fault+0xe0/0x190 [ 945.903729] ? find_held_lock+0x2b/0x80 [ 945.903754] ? __might_fault+0x138/0x190 [ 945.903772] do_recvmmsg+0x2c5/0x6f0 [ 945.903792] ? __pfx_do_recvmmsg+0x10/0x10 [ 945.903806] ? ksys_write+0x187/0x240 [ 945.903820] ? lock_release+0xc8/0x270 [ 945.903837] ? __mutex_unlock_slowpath+0x157/0x740 [ 945.903850] ? kernel_write+0x593/0x660 [ 945.903866] ? __fget_files+0x20d/0x3b0 [ 945.903884] __x64_sys_recvmmsg+0x211/0x260 [ 945.903902] ? ksys_write+0x1a3/0x240 [ 945.903913] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 945.903929] ? irqentry_exit+0xee/0x650 [ 945.903941] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 945.903958] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 945.903978] do_syscall_64+0xbf/0x420 [ 945.903993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.904006] RIP: 0033:0x7f4b915d8b19 [ 945.904017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 945.904029] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 945.904042] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 945.904049] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 945.904057] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 945.904065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 945.904072] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 945.904089] 00:55:46 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x800000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 945.972615] FAULT_INJECTION: forcing a failure. [ 945.972615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 945.973602] CPU: 1 UID: 0 PID: 7597 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 945.973617] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 945.973625] Call Trace: [ 945.973630] [ 945.973636] dump_stack_lvl+0xfa/0x120 [ 945.973657] should_fail_ex+0x4d7/0x5e0 [ 945.973681] _copy_from_user+0x30/0xd0 [ 945.973701] copy_msghdr_from_user+0x88/0x150 [ 945.973722] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 945.973737] ? __pfx__kstrtoull+0x10/0x10 [ 945.973756] ? kfree+0x2c5/0x5d0 [ 945.973775] ? __lock_acquire+0x451/0x2250 [ 945.973795] ___sys_recvmsg+0xbb/0x190 [ 945.973811] ? __pfx____sys_recvmsg+0x10/0x10 [ 945.973829] ? __pfx_perf_trace_lock+0x10/0x10 [ 945.973848] ? lock_acquire+0x15e/0x2d0 [ 945.973862] ? __might_fault+0xe0/0x190 [ 945.973875] ? find_held_lock+0x2b/0x80 [ 945.973894] ? __might_fault+0x138/0x190 [ 945.973912] do_recvmmsg+0x2c5/0x6f0 [ 945.973932] ? __pfx_do_recvmmsg+0x10/0x10 [ 945.973946] ? ksys_write+0x187/0x240 [ 945.973959] ? lock_release+0xc8/0x270 [ 945.973976] ? __mutex_unlock_slowpath+0x157/0x740 [ 945.973988] ? kernel_write+0x593/0x660 [ 945.974005] ? __fget_files+0x20d/0x3b0 [ 945.974024] __x64_sys_recvmmsg+0x211/0x260 [ 945.974042] ? ksys_write+0x1a3/0x240 [ 945.974053] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 945.974069] ? irqentry_exit+0xee/0x650 [ 945.974081] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 945.974097] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 945.974117] do_syscall_64+0xbf/0x420 [ 945.974132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.974146] RIP: 0033:0x7f8ef3114b19 [ 945.974156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 945.974168] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 945.974180] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 945.974188] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 945.974196] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 945.974203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 945.974210] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 945.974227] 00:55:46 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mlock(&(0x7f0000400000/0xc00000)=nil, 0xc00000) 00:55:46 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1800, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:46 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 64) 00:55:46 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:55:46 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x6, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 946.076904] loop6: detected capacity change from 0 to 264192 [ 946.111426] FAULT_INJECTION: forcing a failure. [ 946.111426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 946.120356] CPU: 0 UID: 0 PID: 7613 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 946.120392] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 946.120406] Call Trace: [ 946.120414] [ 946.120424] dump_stack_lvl+0xfa/0x120 [ 946.120459] should_fail_ex+0x4d7/0x5e0 [ 946.120515] _copy_from_user+0x30/0xd0 [ 946.120554] copy_msghdr_from_user+0x88/0x150 [ 946.120590] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 946.120620] ? __pfx__kstrtoull+0x10/0x10 [ 946.120650] ? kfree+0x2c5/0x5d0 [ 946.120684] ? __lock_acquire+0x451/0x2250 [ 946.120722] ___sys_recvmsg+0xbb/0x190 [ 946.120761] ? __pfx____sys_recvmsg+0x10/0x10 [ 946.120795] ? __pfx_perf_trace_lock+0x10/0x10 [ 946.120832] ? lock_acquire+0x15e/0x2d0 [ 946.120860] ? __might_fault+0xe0/0x190 [ 946.120884] ? find_held_lock+0x2b/0x80 [ 946.120921] ? __might_fault+0x138/0x190 [ 946.120957] do_recvmmsg+0x2c5/0x6f0 [ 946.120996] ? __pfx_do_recvmmsg+0x10/0x10 [ 946.121025] ? ksys_write+0x187/0x240 [ 946.121048] ? lock_release+0xc8/0x270 [ 946.121082] ? __mutex_unlock_slowpath+0x157/0x740 [ 946.121106] ? kernel_write+0x593/0x660 [ 946.121138] ? __fget_files+0x20d/0x3b0 [ 946.121174] __x64_sys_recvmmsg+0x211/0x260 [ 946.121209] ? ksys_write+0x1a3/0x240 [ 946.121231] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 946.121264] ? irqentry_exit+0xee/0x650 [ 946.121286] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 946.121317] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 946.121357] do_syscall_64+0xbf/0x420 [ 946.121387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.121412] RIP: 0033:0x7f4b915d8b19 [ 946.121433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 946.121455] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 946.121480] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 946.121497] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 946.121512] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 946.121527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 946.121541] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 946.121577] 00:55:46 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 51) 00:55:46 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1c00, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 946.290807] FAULT_INJECTION: forcing a failure. [ 946.290807] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 946.292672] CPU: 0 UID: 0 PID: 7622 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 946.292704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 946.292718] Call Trace: [ 946.292728] [ 946.292738] dump_stack_lvl+0xfa/0x120 [ 946.292780] should_fail_ex+0x4d7/0x5e0 [ 946.292824] _copy_from_user+0x30/0xd0 [ 946.292864] copy_msghdr_from_user+0x88/0x150 [ 946.292900] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 946.292931] ? __pfx__kstrtoull+0x10/0x10 [ 946.292961] ? kfree+0x2c5/0x5d0 [ 946.292996] ? __lock_acquire+0x451/0x2250 [ 946.293034] ___sys_recvmsg+0xbb/0x190 [ 946.293067] ? __pfx____sys_recvmsg+0x10/0x10 [ 946.293102] ? __pfx_perf_trace_lock+0x10/0x10 [ 946.293140] ? lock_acquire+0x15e/0x2d0 [ 946.293168] ? __might_fault+0xe0/0x190 [ 946.293192] ? find_held_lock+0x2b/0x80 [ 946.293230] ? __might_fault+0x138/0x190 [ 946.293267] do_recvmmsg+0x2c5/0x6f0 [ 946.293307] ? __pfx_do_recvmmsg+0x10/0x10 [ 946.293336] ? ksys_write+0x187/0x240 [ 946.293360] ? lock_release+0xc8/0x270 [ 946.293395] ? __mutex_unlock_slowpath+0x157/0x740 [ 946.293418] ? kernel_write+0x593/0x660 [ 946.293452] ? __fget_files+0x20d/0x3b0 [ 946.293488] __x64_sys_recvmmsg+0x211/0x260 [ 946.293521] ? ksys_write+0x1a3/0x240 [ 946.293543] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 946.293576] ? irqentry_exit+0xee/0x650 [ 946.293598] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 946.293629] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 946.293669] do_syscall_64+0xbf/0x420 [ 946.293698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.293724] RIP: 0033:0x7f8ef3114b19 [ 946.293743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 946.293766] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 946.293790] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 946.293807] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 946.293822] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 946.293836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 946.293851] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 946.293886] 00:55:57 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 52) 00:55:57 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4800, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) 00:55:57 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mbind(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x3, &(0x7f00000000c0)=0x1, 0x1, 0x0) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0xffffffffffffffff) mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ff7000/0x2000)=nil) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, {@in6=@private2}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1) pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0x99ad) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x7, 0x13, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000, 0x2, &(0x7f0000ffe000/0x2000)=nil) r3 = syz_io_uring_setup(0x455, &(0x7f0000003a00), &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0x14, 0x0, r4) r5 = openat$cgroup_subtree(r1, &(0x7f0000000040), 0x2, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000140)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x4004, @fd=r5, 0x401, 0x0, 0xf3a, 0x1, 0x0, {0x2, r6}}, 0x81) 00:55:57 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x810000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:57 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x7, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:55:57 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:57 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 65) 00:55:57 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) munlock(&(0x7f0000ff7000/0x3000)=nil, 0x3000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000006, 0x20010, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = accept$unix(r1, 0x0, &(0x7f00000000c0)) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000180)={0x0, "1e162f6f1c723b7abc5c5634a2c6067f"}) ioctl$BTRFS_IOC_DEV_INFO(r2, 0xd000941e, &(0x7f0000001740)={r3, "fa3e35ce1c62e3d63e50ed2523986eea"}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) pread64(r0, &(0x7f0000000000)=""/157, 0x9d, 0x1ff) [ 957.070704] loop6: detected capacity change from 0 to 264192 [ 957.084920] FAULT_INJECTION: forcing a failure. [ 957.084920] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 957.086686] CPU: 0 UID: 0 PID: 7639 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 957.086718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 957.086732] Call Trace: [ 957.086741] [ 957.086757] dump_stack_lvl+0xfa/0x120 [ 957.086792] should_fail_ex+0x4d7/0x5e0 [ 957.086835] _copy_from_user+0x30/0xd0 [ 957.086874] copy_msghdr_from_user+0x88/0x150 [ 957.086908] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 957.086942] ? kfree+0x2c5/0x5d0 [ 957.086976] ? __pfx___schedule+0x10/0x10 [ 957.087018] ___sys_recvmsg+0xbb/0x190 [ 957.087049] ? __pfx____sys_recvmsg+0x10/0x10 [ 957.087081] ? __pfx_perf_trace_lock+0x10/0x10 [ 957.087121] ? lock_acquire+0x15e/0x2d0 [ 957.087149] ? __might_fault+0xe0/0x190 [ 957.087172] ? find_held_lock+0x2b/0x80 [ 957.087208] ? __might_fault+0x138/0x190 [ 957.087242] do_recvmmsg+0x2c5/0x6f0 [ 957.087278] ? __pfx_do_recvmmsg+0x10/0x10 [ 957.087306] ? ksys_write+0x187/0x240 [ 957.087331] ? lock_release+0xc8/0x270 [ 957.087363] ? __mutex_unlock_slowpath+0x157/0x740 [ 957.087385] ? kernel_write+0x593/0x660 [ 957.087416] ? __fget_files+0x20d/0x3b0 [ 957.087449] __x64_sys_recvmmsg+0x211/0x260 [ 957.087482] ? ksys_write+0x1a3/0x240 [ 957.087502] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 957.087532] ? irqentry_exit+0xee/0x650 [ 957.087553] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 957.087582] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 957.087620] do_syscall_64+0xbf/0x420 [ 957.087647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.087672] RIP: 0033:0x7f8ef3114b19 [ 957.087691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 957.087712] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 957.087735] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 957.087751] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 957.087765] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 957.087779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 957.087793] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 957.087826] [ 957.122621] FAULT_INJECTION: forcing a failure. [ 957.122621] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 957.124466] CPU: 0 UID: 0 PID: 7637 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 957.124497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 957.124510] Call Trace: [ 957.124518] [ 957.124527] dump_stack_lvl+0xfa/0x120 [ 957.124557] should_fail_ex+0x4d7/0x5e0 [ 957.124618] _copy_from_user+0x30/0xd0 [ 957.124655] copy_msghdr_from_user+0x88/0x150 [ 957.124687] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 957.124721] ? kfree+0x2c5/0x5d0 [ 957.124759] ? ___sys_recvmsg+0xcd/0x190 [ 957.124794] ___sys_recvmsg+0xbb/0x190 [ 957.124824] ? __pfx____sys_recvmsg+0x10/0x10 [ 957.124856] ? __pfx_perf_trace_lock+0x10/0x10 [ 957.124891] ? lock_acquire+0x15e/0x2d0 [ 957.124918] ? __might_fault+0xe0/0x190 [ 957.124941] ? find_held_lock+0x2b/0x80 [ 957.124975] ? __might_fault+0x138/0x190 [ 957.125009] do_recvmmsg+0x2c5/0x6f0 [ 957.125045] ? __pfx_do_recvmmsg+0x10/0x10 [ 957.125073] ? ksys_write+0x187/0x240 [ 957.125094] ? lock_release+0xc8/0x270 [ 957.125126] ? __mutex_unlock_slowpath+0x157/0x740 [ 957.125147] ? kernel_write+0x593/0x660 [ 957.125178] ? __fget_files+0x20d/0x3b0 [ 957.125210] __x64_sys_recvmmsg+0x211/0x260 [ 957.125241] ? ksys_write+0x1a3/0x240 [ 957.125262] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 957.125292] ? irqentry_exit+0xee/0x650 [ 957.125313] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 957.125341] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 957.125377] do_syscall_64+0xbf/0x420 [ 957.125405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.125428] RIP: 0033:0x7f4b915d8b19 [ 957.125446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 957.125467] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 957.125490] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 957.125505] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 957.125519] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 957.125533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 957.125547] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 957.125580] 00:55:57 executing program 2: mremap(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil) 00:55:57 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xf00000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:55:57 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) mbind(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000000000)=0x80000001, 0xd12, 0x5) 00:55:57 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x8, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:55:57 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() process_vm_writev(r1, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./fi,e0\x00']) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x2, 0x3, 0x2, 0x5, 0x0, 0x618f, 0x1, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x8001, 0xfff}, 0x200, 0x8, 0x0, 0x6, 0x4, 0x5, 0x1ff, 0x0, 0x1, 0x0, 0x6}, r1, 0x2, r2, 0x1) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r4, 0x0) recvmmsg$unix(r3, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) recvmmsg$unix(r3, &(0x7f0000002940)=[{{&(0x7f00000000c0), 0x6e, &(0x7f0000000140)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000180)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd8}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)=""/121, 0x79}], 0x1, &(0x7f00000013c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000001000000010000000000000800000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xc0}}, {{&(0x7f0000001480)=@abs, 0x6e, &(0x7f0000002500)=[{&(0x7f0000001500)=""/4096, 0x1000}], 0x1, &(0x7f0000002540)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f0000002640)=@abs, 0x6e, &(0x7f0000002840)=[{&(0x7f00000026c0)=""/102, 0x66}, {&(0x7f0000002740)=""/127, 0x7f}, {&(0x7f00000027c0)=""/117, 0x75}], 0x3, &(0x7f0000002880)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}], 0x4, 0x20, &(0x7f0000002a40)={0x77359400}) 00:55:57 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 53) 00:55:57 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3f00, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:55:57 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 66) [ 957.450854] FAULT_INJECTION: forcing a failure. [ 957.450854] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 957.458927] CPU: 0 UID: 0 PID: 7664 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 957.458960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 957.458975] Call Trace: [ 957.458983] [ 957.458992] dump_stack_lvl+0xfa/0x120 [ 957.459026] should_fail_ex+0x4d7/0x5e0 [ 957.459067] _copy_from_user+0x30/0xd0 [ 957.459106] copy_msghdr_from_user+0x88/0x150 [ 957.459140] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 957.459169] ? __pfx__kstrtoull+0x10/0x10 [ 957.459198] ? kfree+0x2c5/0x5d0 [ 957.459232] ? __lock_acquire+0x451/0x2250 [ 957.459268] ___sys_recvmsg+0xbb/0x190 [ 957.459298] ? __pfx____sys_recvmsg+0x10/0x10 [ 957.459339] ? __pfx_perf_trace_lock+0x10/0x10 [ 957.459379] ? lock_acquire+0x15e/0x2d0 [ 957.459406] ? __might_fault+0xe0/0x190 [ 957.459429] ? find_held_lock+0x2b/0x80 [ 957.459464] ? __might_fault+0x138/0x190 [ 957.459498] do_recvmmsg+0x2c5/0x6f0 [ 957.459535] ? __pfx_do_recvmmsg+0x10/0x10 [ 957.459563] ? ksys_write+0x187/0x240 [ 957.459585] ? lock_release+0xc8/0x270 [ 957.459617] ? __mutex_unlock_slowpath+0x157/0x740 [ 957.459640] ? kernel_write+0x593/0x660 [ 957.459670] ? __fget_files+0x20d/0x3b0 [ 957.459704] __x64_sys_recvmmsg+0x211/0x260 [ 957.459736] ? ksys_write+0x1a3/0x240 [ 957.459756] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 957.459787] ? irqentry_exit+0xee/0x650 [ 957.459808] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 957.459838] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 957.459874] do_syscall_64+0xbf/0x420 [ 957.459902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.459926] RIP: 0033:0x7f8ef3114b19 [ 957.459945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 957.459966] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 957.459989] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 957.460005] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 957.460019] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 957.460033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 957.460046] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 957.460079] [ 957.544663] FAULT_INJECTION: forcing a failure. [ 957.544663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 957.546367] CPU: 1 UID: 0 PID: 7668 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 957.546397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 957.546411] Call Trace: [ 957.546420] [ 957.546429] dump_stack_lvl+0xfa/0x120 [ 957.546461] should_fail_ex+0x4d7/0x5e0 [ 957.546503] _copy_from_user+0x30/0xd0 [ 957.546540] copy_msghdr_from_user+0x88/0x150 [ 957.546574] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 957.546603] ? __pfx__kstrtoull+0x10/0x10 [ 957.546631] ? kfree+0x2c5/0x5d0 [ 957.546664] ? __lock_acquire+0x451/0x2250 [ 957.546699] ___sys_recvmsg+0xbb/0x190 [ 957.546729] ? __pfx____sys_recvmsg+0x10/0x10 [ 957.546769] ? __pfx_perf_trace_lock+0x10/0x10 [ 957.546804] ? lock_acquire+0x15e/0x2d0 [ 957.546831] ? __might_fault+0xe0/0x190 [ 957.546854] ? find_held_lock+0x2b/0x80 [ 957.546889] ? __might_fault+0x138/0x190 [ 957.546922] do_recvmmsg+0x2c5/0x6f0 [ 957.546959] ? __pfx_do_recvmmsg+0x10/0x10 [ 957.546987] ? ksys_write+0x187/0x240 [ 957.547012] ? perf_trace_lock+0xbb/0x4f0 [ 957.547039] ? __lock_acquire+0x451/0x2250 [ 957.547072] ? srso_alias_untrain_ret+0x1/0x10 [ 957.547107] ? lock_acquire+0x15e/0x2d0 [ 957.547140] __x64_sys_recvmmsg+0x211/0x260 [ 957.547171] ? lock_release+0xc8/0x270 [ 957.547198] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 957.547229] ? __might_fault+0xe0/0x190 [ 957.547252] ? __might_fault+0x151/0x190 [ 957.547279] do_syscall_64+0xbf/0x420 [ 957.547307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.547330] RIP: 0033:0x7f4b915d8b19 [ 957.547348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 957.547370] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 957.547393] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 957.547408] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 957.547422] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 957.547436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 957.547449] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 957.547483] 00:56:07 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x1000000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:56:07 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) munlock(&(0x7f0000ff4000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3000, 0x7, &(0x7f0000ffa000/0x3000)=nil) madvise(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x65) 00:56:07 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 67) 00:56:07 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:56:07 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 54) 00:56:07 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0xf, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:07 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mbind(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000000)=0x7, 0x7ffffffb, 0x0) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) mincore(&(0x7f0000ffd000/0x3000)=nil, 0x3000, &(0x7f00000000c0)=""/167) r0 = shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffc000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r0, &(0x7f0000fff000/0x1000)=nil, 0x4000) shmat(r0, &(0x7f0000ffd000/0x1000)=nil, 0x4000) 00:56:07 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() process_vm_writev(r1, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x4, 0x80, 0x9, 0xc9, 0xff, 0x5, 0x0, 0x2, 0x1409, 0xb, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000080), 0x3}, 0x210, 0xfffffffffffffffb, 0x83, 0x1, 0x9, 0x80000000, 0x20, 0x0, 0x4d, 0x0, 0x7}, r1, 0xd, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x59b6cd9b7f6cbf7a, 0x80, 0x0, 0x4, 0x4, 0x9, 0x0, 0x9, 0x0, 0xc, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x1, @perf_config_ext={0xfff, 0xd2}, 0x8, 0xfffffffffffffffb, 0xff, 0x0, 0x9, 0x6, 0xffd9, 0x0, 0x5, 0x0, 0x1ff}, 0xffffffffffffffff, 0xe, r0, 0x9) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 967.275154] loop6: detected capacity change from 0 to 264192 [ 967.293418] FAULT_INJECTION: forcing a failure. [ 967.293418] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:56:07 executing program 2: membarrier(0x20, 0x0) membarrier(0x0, 0x0) [ 967.307802] CPU: 1 UID: 0 PID: 7686 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 967.307825] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 967.307833] Call Trace: [ 967.307838] [ 967.307844] dump_stack_lvl+0xfa/0x120 [ 967.307865] should_fail_ex+0x4d7/0x5e0 [ 967.307890] _copy_from_user+0x30/0xd0 [ 967.307911] copy_msghdr_from_user+0x88/0x150 [ 967.307930] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 967.307946] ? __pfx__kstrtoull+0x10/0x10 [ 967.307961] ? kfree+0x2c5/0x5d0 [ 967.307980] ? __lock_acquire+0x451/0x2250 [ 967.308000] ___sys_recvmsg+0xbb/0x190 [ 967.308017] ? __pfx____sys_recvmsg+0x10/0x10 [ 967.308034] ? __pfx_perf_trace_lock+0x10/0x10 [ 967.308054] ? lock_acquire+0x15e/0x2d0 [ 967.308069] ? __might_fault+0xe0/0x190 [ 967.308081] ? find_held_lock+0x2b/0x80 [ 967.308101] ? __might_fault+0x138/0x190 [ 967.308119] do_recvmmsg+0x2c5/0x6f0 [ 967.308139] ? __pfx_do_recvmmsg+0x10/0x10 [ 967.308154] ? ksys_write+0x187/0x240 [ 967.308168] ? lock_release+0xc8/0x270 [ 967.308185] ? __mutex_unlock_slowpath+0x157/0x740 [ 967.308198] ? kernel_write+0x593/0x660 [ 967.308215] ? __fget_files+0x20d/0x3b0 [ 967.308233] __x64_sys_recvmmsg+0x211/0x260 [ 967.308251] ? ksys_write+0x1a3/0x240 [ 967.308263] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 967.308279] ? irqentry_exit+0xee/0x650 [ 967.308291] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 967.308307] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 967.308328] do_syscall_64+0xbf/0x420 [ 967.308343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.308357] RIP: 0033:0x7f8ef3114b19 [ 967.308368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 967.308379] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 967.308393] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 967.308401] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 967.308409] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 967.308417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 967.308424] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 967.308442] 00:56:07 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3000000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 967.368354] FAULT_INJECTION: forcing a failure. [ 967.368354] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 967.369390] CPU: 1 UID: 0 PID: 7691 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 967.369407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 967.369415] Call Trace: [ 967.369420] [ 967.369426] dump_stack_lvl+0xfa/0x120 [ 967.369447] should_fail_ex+0x4d7/0x5e0 [ 967.369471] _copy_from_user+0x30/0xd0 [ 967.369492] copy_msghdr_from_user+0x88/0x150 [ 967.369511] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 967.369527] ? __pfx__kstrtoull+0x10/0x10 [ 967.369542] ? kfree+0x2c5/0x5d0 [ 967.369563] ? __lock_acquire+0x451/0x2250 [ 967.369586] ___sys_recvmsg+0xbb/0x190 [ 967.369602] ? __pfx____sys_recvmsg+0x10/0x10 [ 967.369620] ? __pfx_perf_trace_lock+0x10/0x10 [ 967.369639] ? lock_acquire+0x15e/0x2d0 [ 967.369653] ? __might_fault+0xe0/0x190 [ 967.369666] ? find_held_lock+0x2b/0x80 [ 967.369685] ? __might_fault+0x138/0x190 [ 967.369703] do_recvmmsg+0x2c5/0x6f0 [ 967.369723] ? __pfx_do_recvmmsg+0x10/0x10 [ 967.369738] ? ksys_write+0x187/0x240 [ 967.369757] ? perf_trace_lock+0xbb/0x4f0 [ 967.369771] ? __lock_acquire+0x451/0x2250 [ 967.369789] ? srso_alias_untrain_ret+0x1/0x10 [ 967.369809] ? lock_acquire+0x15e/0x2d0 [ 967.369826] __x64_sys_recvmmsg+0x211/0x260 [ 967.369844] ? lock_release+0xc8/0x270 [ 967.369859] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 967.369875] ? __might_fault+0xe0/0x190 [ 967.369888] ? __might_fault+0x151/0x190 [ 967.369903] do_syscall_64+0xbf/0x420 [ 967.369918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.369931] RIP: 0033:0x7f4b915d8b19 [ 967.369941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 967.369953] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 967.369966] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 967.369974] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 967.369982] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 967.369990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 967.369997] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 967.370015] 00:56:07 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 55) [ 967.588552] FAULT_INJECTION: forcing a failure. [ 967.588552] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 967.590450] CPU: 0 UID: 0 PID: 7704 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 967.590481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 967.590495] Call Trace: [ 967.590504] [ 967.590513] dump_stack_lvl+0xfa/0x120 [ 967.590546] should_fail_ex+0x4d7/0x5e0 [ 967.590587] _copy_from_user+0x30/0xd0 [ 967.590625] copy_msghdr_from_user+0x88/0x150 [ 967.590658] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 967.590687] ? __pfx__kstrtoull+0x10/0x10 [ 967.590715] ? kfree+0x2c5/0x5d0 [ 967.590756] ? __lock_acquire+0x451/0x2250 [ 967.590791] ___sys_recvmsg+0xbb/0x190 [ 967.590822] ? __pfx____sys_recvmsg+0x10/0x10 [ 967.590854] ? __pfx_perf_trace_lock+0x10/0x10 [ 967.590889] ? lock_acquire+0x15e/0x2d0 [ 967.590916] ? __might_fault+0xe0/0x190 [ 967.590939] ? find_held_lock+0x2b/0x80 [ 967.590975] ? __might_fault+0x138/0x190 [ 967.591008] do_recvmmsg+0x2c5/0x6f0 [ 967.591046] ? __pfx_do_recvmmsg+0x10/0x10 [ 967.591073] ? ksys_write+0x187/0x240 [ 967.591095] ? lock_release+0xc8/0x270 [ 967.591128] ? __mutex_unlock_slowpath+0x157/0x740 [ 967.591150] ? kernel_write+0x593/0x660 [ 967.591181] ? __fget_files+0x20d/0x3b0 [ 967.591215] __x64_sys_recvmmsg+0x211/0x260 [ 967.591247] ? ksys_write+0x1a3/0x240 [ 967.591268] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 967.591298] ? irqentry_exit+0xee/0x650 [ 967.591319] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 967.591348] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 967.591385] do_syscall_64+0xbf/0x420 [ 967.591413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.591437] RIP: 0033:0x7f8ef3114b19 [ 967.591455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 967.591477] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 967.591499] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 967.591515] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 967.591529] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 967.591542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 967.591556] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 967.591588] 00:56:19 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 56) 00:56:19 executing program 2: mremap(&(0x7f0000ff7000/0x7000)=nil, 0x7000, 0x1000, 0x3, &(0x7f0000ff8000/0x1000)=nil) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) r0 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ff6000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x11) shmat(r0, &(0x7f0000ffd000/0x2000)=nil, 0x6000) mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x3, 0x6, 0x6) mbind(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000040)=0xffff, 0x7fff, 0x0) shmget$private(0x0, 0x4000, 0x8, &(0x7f0000ff7000/0x4000)=nil) 00:56:19 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6400, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:56:19 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000001240)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001200)={&(0x7f0000001140)={{0x14}, [@NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x5, 0x0, 0x0, {}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_DATA={0x4}}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x0, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14}}, 0x54}}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, &(0x7f0000000140)) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f0000000180)={@dev, r3}, 0x14) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1ff}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xe88}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x30000080) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000, 0x7, &(0x7f0000ffc000/0x2000)=nil) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x30, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "9e1961fbccfc2dbd90fd623df5c3d66f"}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2100200}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x81}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x4) 00:56:19 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 68) 00:56:19 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:56:19 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x22}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)="fad1a881a87585648ec8e99b6c8294e3df5efb335c10fc0deab7887a320fb26be7bbb2b5e568fdc6dff6433e6b4cefbf69de6423069fd36a27f832bc670c5bb98bfe48a48d621465dedddc961b12aec8994e0bcf163ad2b4d77fea3b0a35d4a6c38451c06d393abbf576fefb613b4ce8ca4ae7e7e0735a3ef2a57411b1c0734c142555fb387f759c0931a4cec2af9df3342e58429724dc15ccb4af72eab951d3aa7dcaed13cc65c8ac1dc789a88768094ec7c8c90f117169b381fbb60dcbe2d923e6738527ac9733bae2c621881581270aacbac479754ae851", 0xd9) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r0) r1 = syz_open_dev$vcsa(&(0x7f0000000180), 0x4, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f00000001c0)={0x10}) ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, &(0x7f0000000140)={0x2, 0x8, [0x8000, 0x20, 0x0, 0x3], &(0x7f0000000100)=[0x0]}) [ 979.382973] FAULT_INJECTION: forcing a failure. [ 979.382973] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 979.390023] CPU: 0 UID: 0 PID: 7713 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 979.390055] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 979.390070] Call Trace: [ 979.390078] [ 979.390087] dump_stack_lvl+0xfa/0x120 [ 979.390119] should_fail_ex+0x4d7/0x5e0 [ 979.390161] _copy_from_user+0x30/0xd0 [ 979.390199] copy_msghdr_from_user+0x88/0x150 [ 979.390232] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 979.390261] ? __pfx__kstrtoull+0x10/0x10 [ 979.390290] ? kfree+0x2c5/0x5d0 [ 979.390323] ? __lock_acquire+0x451/0x2250 [ 979.390359] ___sys_recvmsg+0xbb/0x190 [ 979.390389] ? __pfx____sys_recvmsg+0x10/0x10 [ 979.390421] ? __pfx_perf_trace_lock+0x10/0x10 [ 979.390457] ? lock_acquire+0x15e/0x2d0 [ 979.390484] ? __might_fault+0xe0/0x190 [ 979.390507] ? find_held_lock+0x2b/0x80 [ 979.390542] ? __might_fault+0x138/0x190 [ 979.390576] do_recvmmsg+0x2c5/0x6f0 [ 979.390613] ? __pfx_do_recvmmsg+0x10/0x10 [ 979.390640] ? ksys_write+0x187/0x240 [ 979.390663] ? lock_release+0xc8/0x270 [ 979.390695] ? __mutex_unlock_slowpath+0x157/0x740 [ 979.390718] ? kernel_write+0x593/0x660 [ 979.390756] ? __fget_files+0x20d/0x3b0 [ 979.390791] __x64_sys_recvmmsg+0x211/0x260 [ 979.390823] ? ksys_write+0x1a3/0x240 [ 979.390843] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 979.390874] ? irqentry_exit+0xee/0x650 [ 979.390895] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 979.390925] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 979.390962] do_syscall_64+0xbf/0x420 [ 979.390990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.391013] RIP: 0033:0x7f4b915d8b19 [ 979.391032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 979.391054] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 979.391076] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 979.391092] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 979.391106] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 979.391120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 979.391133] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 979.391166] [ 979.394737] loop6: detected capacity change from 0 to 264192 [ 979.497334] FAULT_INJECTION: forcing a failure. [ 979.497334] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:56:19 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4000000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 979.509973] CPU: 1 UID: 0 PID: 7733 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 979.510009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 979.510024] Call Trace: [ 979.510033] [ 979.510043] dump_stack_lvl+0xfa/0x120 [ 979.510078] should_fail_ex+0x4d7/0x5e0 [ 979.510125] _copy_from_user+0x30/0xd0 [ 979.510167] copy_msghdr_from_user+0x88/0x150 [ 979.510203] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 979.510235] ? __pfx__kstrtoull+0x10/0x10 [ 979.510266] ? kfree+0x2c5/0x5d0 [ 979.510302] ? __lock_acquire+0x451/0x2250 [ 979.510341] ___sys_recvmsg+0xbb/0x190 [ 979.510375] ? __pfx____sys_recvmsg+0x10/0x10 [ 979.510410] ? __pfx_perf_trace_lock+0x10/0x10 [ 979.510449] ? lock_acquire+0x15e/0x2d0 [ 979.510479] ? __might_fault+0xe0/0x190 [ 979.510504] ? find_held_lock+0x2b/0x80 [ 979.510543] ? __might_fault+0x138/0x190 [ 979.510580] do_recvmmsg+0x2c5/0x6f0 [ 979.510621] ? __pfx_do_recvmmsg+0x10/0x10 [ 979.510651] ? ksys_write+0x187/0x240 [ 979.510676] ? lock_release+0xc8/0x270 [ 979.510712] ? __mutex_unlock_slowpath+0x157/0x740 [ 979.510736] ? kernel_write+0x593/0x660 [ 979.510778] ? __fget_files+0x20d/0x3b0 [ 979.510815] __x64_sys_recvmmsg+0x211/0x260 [ 979.510851] ? ksys_write+0x1a3/0x240 [ 979.510873] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 979.510907] ? irqentry_exit+0xee/0x650 [ 979.510929] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 979.510961] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 979.511002] do_syscall_64+0xbf/0x420 [ 979.511032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.511058] RIP: 0033:0x7f8ef3114b19 [ 979.511077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 979.511101] RSP: 002b:00007f8ef0669188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 979.511126] RAX: ffffffffffffffda RBX: 00007f8ef3228020 RCX: 00007f8ef3114b19 [ 979.511143] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 979.511158] RBP: 00007f8ef06691d0 R08: 0000000000000000 R09: 0000000000000000 [ 979.511174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 979.511188] R13: 00007ffe3438f3ff R14: 00007f8ef0669300 R15: 0000000000022000 [ 979.511224] 00:56:20 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x41, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:20 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 69) 00:56:20 executing program 7: ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0xffffffffffffffff, @ANYBLOB="fd000000000000002e2f66696c653000"]) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x2f, 0xa3, 0x7f, 0x3f, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x8, 0x4000000}}) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r2) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000100)={'syztnl2\x00', r1, 0x4, 0x5f, 0x8, 0x5, 0x60, @empty, @mcast1, 0x80, 0x7, 0x7, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', r3, 0x29, 0x8, 0x1, 0x5, 0x14, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, 0x10, 0x40, 0x7, 0x3}}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) 00:56:20 executing program 2: mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x7, &(0x7f0000ffc000/0x2000)=nil) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000000)=0x80000001, 0x7f, 0x2) [ 979.762159] FAULT_INJECTION: forcing a failure. [ 979.762159] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:56:20 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x4100000000000000, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:56:20 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 57) 00:56:20 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) [ 979.778624] CPU: 1 UID: 0 PID: 7747 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 979.778660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 979.778676] Call Trace: [ 979.778684] [ 979.778694] dump_stack_lvl+0xfa/0x120 [ 979.778731] should_fail_ex+0x4d7/0x5e0 [ 979.778786] _copy_from_user+0x30/0xd0 [ 979.778826] copy_msghdr_from_user+0x88/0x150 [ 979.778862] ? __pfx_copy_msghdr_from_user+0x10/0x10 00:56:20 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8004, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 979.778900] ? kfree+0x2c5/0x5d0 [ 979.778935] ? __lock_acquire+0x451/0x2250 [ 979.778973] ___sys_recvmsg+0xbb/0x190 [ 979.779006] ? __pfx____sys_recvmsg+0x10/0x10 [ 979.779040] ? __pfx_perf_trace_lock+0x10/0x10 [ 979.779079] ? lock_acquire+0x15e/0x2d0 [ 979.779108] ? __might_fault+0xe0/0x190 [ 979.779133] ? find_held_lock+0x2b/0x80 [ 979.779171] ? __might_fault+0x138/0x190 [ 979.779207] do_recvmmsg+0x2c5/0x6f0 [ 979.779247] ? __pfx_do_recvmmsg+0x10/0x10 [ 979.779278] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 979.779308] ? finish_task_switch.isra.0+0x1fb/0x840 [ 979.779337] ? finish_task_switch.isra.0+0x1fb/0x840 [ 979.779383] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 979.779417] ? __pfx___schedule+0x10/0x10 [ 979.779459] __x64_sys_recvmmsg+0x211/0x260 [ 979.779497] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 979.779543] do_syscall_64+0xbf/0x420 [ 979.779572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.779598] RIP: 0033:0x7f4b915d8b19 [ 979.779619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 979.779643] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 979.779668] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 979.779684] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 979.779699] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 979.779714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 979.779729] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 979.779764] 00:56:20 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000ff7000/0x4000)=nil) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) sendfile(r0, r0, 0x0, 0xff) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r1) execveat(r1, &(0x7f0000000140)='mnt\x00', &(0x7f00000001c0)=[&(0x7f0000000180)='\'\x00'], &(0x7f0000000300)=[&(0x7f0000000200)='\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='\x00', &(0x7f00000002c0)='\x00'], 0x100) fdatasync(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_rdma(&(0x7f0000000380), &(0x7f00000003c0)='mnt\x00', &(0x7f0000000400), 0x20000, &(0x7f0000000440)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x8fb6}}, {@rq={'rq', 0x3d, 0xd44}}, {@timeout={'timeout', 0x3d, 0x80}}, {@rq={'rq', 0x3d, 0x5}}, {@common=@noextend}], [{@euid_eq}, {@measure}, {@smackfsdef={'smackfsdef', 0x3d, '@\\\xa5!'}}, {@appraise_type}, {@measure}]}}) r4 = dup3(r2, r3, 0x0) mount$9p_fd(0x0, &(0x7f0000000540)='mnt\x00', &(0x7f0000000580), 0x200001, &(0x7f00000005c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@afid={'afid', 0x3d, 0xfd7}}, {@mmap}], [{@hash}, {@dont_appraise}, {@measure}, {@appraise}, {@dont_measure}, {@pcr={'pcr', 0x3d, 0x3c}}, {@smackfshat={'smackfshat', 0x3d, 'port'}}]}}) signalfd4(r3, &(0x7f0000000100)={[0x7f]}, 0x8, 0x80000) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000680), 0x10000, 0x0) execveat(r5, &(0x7f00000006c0)='mnt\x00', &(0x7f0000000740)=[&(0x7f0000000700)='port'], &(0x7f0000000800)=[&(0x7f0000000780)='\x00', &(0x7f00000007c0)='mmap'], 0x800) signalfd(r1, &(0x7f0000000340), 0x8) syz_io_uring_setup(0x3370, &(0x7f0000000000)={0x0, 0x2623, 0x1, 0x2, 0x13e, 0x0, r0}, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000fed000/0x10000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0x941c, 0x0) 00:56:20 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0xfe, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 979.868153] FAULT_INJECTION: forcing a failure. [ 979.868153] name fail_usercopy, interval 1, probability 0, space 0, times 0 00:56:20 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) [ 979.875748] CPU: 0 UID: 0 PID: 7751 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 979.875776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 979.875789] Call Trace: [ 979.875796] [ 979.875803] dump_stack_lvl+0xfa/0x120 [ 979.875832] should_fail_ex+0x4d7/0x5e0 [ 979.875866] _copy_from_user+0x30/0xd0 [ 979.875898] copy_msghdr_from_user+0x88/0x150 [ 979.875925] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 979.875949] ? __pfx__kstrtoull+0x10/0x10 [ 979.875972] ? kfree+0x2c5/0x5d0 [ 979.876000] ? __lock_acquire+0x451/0x2250 [ 979.876029] ___sys_recvmsg+0xbb/0x190 [ 979.876054] ? __pfx____sys_recvmsg+0x10/0x10 [ 979.876081] ? __pfx_perf_trace_lock+0x10/0x10 [ 979.876110] ? lock_acquire+0x15e/0x2d0 [ 979.876134] ? __might_fault+0xe0/0x190 [ 979.876156] ? find_held_lock+0x2b/0x80 [ 979.876185] ? __might_fault+0x138/0x190 [ 979.876213] do_recvmmsg+0x2c5/0x6f0 [ 979.876243] ? __pfx_do_recvmmsg+0x10/0x10 [ 979.876266] ? ksys_write+0x187/0x240 [ 979.876284] ? lock_release+0xc8/0x270 [ 979.876311] ? __mutex_unlock_slowpath+0x157/0x740 [ 979.876329] ? kernel_write+0x593/0x660 [ 979.876355] ? __fget_files+0x20d/0x3b0 [ 979.876383] __x64_sys_recvmmsg+0x211/0x260 [ 979.876409] ? ksys_write+0x1a3/0x240 [ 979.876426] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 979.876451] ? irqentry_exit+0xee/0x650 [ 979.876468] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 979.876492] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 979.876523] do_syscall_64+0xbf/0x420 [ 979.876546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.876565] RIP: 0033:0x7f8ef3114b19 [ 979.876580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 979.876599] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 979.876618] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 979.876630] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 979.876641] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 979.876652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 979.876663] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 979.876690] 00:56:20 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x300, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:20 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x9501, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:56:20 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 58) 00:56:20 executing program 7: mremap(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x6000, 0x3, &(0x7f0000ffa000/0x6000)=nil) 00:56:20 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 70) [ 980.166862] FAULT_INJECTION: forcing a failure. [ 980.166862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 980.169636] FAULT_INJECTION: forcing a failure. [ 980.169636] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 980.171632] CPU: 1 UID: 0 PID: 7775 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 980.171664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 980.171679] Call Trace: [ 980.171688] [ 980.171698] dump_stack_lvl+0xfa/0x120 [ 980.171733] should_fail_ex+0x4d7/0x5e0 [ 980.171786] _copy_from_user+0x30/0xd0 [ 980.171826] copy_msghdr_from_user+0x88/0x150 [ 980.171867] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 980.171898] ? __pfx__kstrtoull+0x10/0x10 [ 980.171928] ? kfree+0x2c5/0x5d0 [ 980.171964] ? __lock_acquire+0x451/0x2250 [ 980.172002] ___sys_recvmsg+0xbb/0x190 [ 980.172035] ? __pfx____sys_recvmsg+0x10/0x10 [ 980.172069] ? __pfx_perf_trace_lock+0x10/0x10 [ 980.172107] ? lock_acquire+0x15e/0x2d0 [ 980.172136] ? __might_fault+0xe0/0x190 [ 980.172160] ? find_held_lock+0x2b/0x80 [ 980.172199] ? __might_fault+0x138/0x190 [ 980.172235] do_recvmmsg+0x2c5/0x6f0 [ 980.172275] ? __pfx_do_recvmmsg+0x10/0x10 [ 980.172304] ? ksys_write+0x187/0x240 [ 980.172328] ? lock_release+0xc8/0x270 [ 980.172362] ? __mutex_unlock_slowpath+0x157/0x740 [ 980.172386] ? kernel_write+0x593/0x660 [ 980.172419] ? __fget_files+0x20d/0x3b0 [ 980.172455] __x64_sys_recvmmsg+0x211/0x260 [ 980.172491] ? ksys_write+0x1a3/0x240 [ 980.172513] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 980.172546] ? irqentry_exit+0xee/0x650 [ 980.172568] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 980.172599] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 980.172639] do_syscall_64+0xbf/0x420 [ 980.172669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 980.172694] RIP: 0033:0x7f4b915d8b19 [ 980.172714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 980.172738] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 980.172763] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 980.172779] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 980.172794] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 980.172809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 980.172823] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 980.172872] [ 980.173808] CPU: 0 UID: 0 PID: 7771 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 980.173830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 980.173840] Call Trace: [ 980.173846] [ 980.173852] dump_stack_lvl+0xfa/0x120 [ 980.173876] should_fail_ex+0x4d7/0x5e0 [ 980.173904] _copy_from_user+0x30/0xd0 [ 980.173930] copy_msghdr_from_user+0x88/0x150 [ 980.173953] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 980.173972] ? __pfx__kstrtoull+0x10/0x10 [ 980.173991] ? kfree+0x2c5/0x5d0 [ 980.174013] ? __lock_acquire+0x451/0x2250 [ 980.174037] ___sys_recvmsg+0xbb/0x190 [ 980.174057] ? __pfx____sys_recvmsg+0x10/0x10 [ 980.174079] ? __pfx_perf_trace_lock+0x10/0x10 [ 980.174103] ? lock_acquire+0x15e/0x2d0 [ 980.174120] ? __might_fault+0xe0/0x190 [ 980.174136] ? find_held_lock+0x2b/0x80 [ 980.174160] ? __might_fault+0x138/0x190 [ 980.174182] do_recvmmsg+0x2c5/0x6f0 [ 980.174207] ? __pfx_do_recvmmsg+0x10/0x10 [ 980.174225] ? ksys_write+0x187/0x240 [ 980.174241] ? lock_release+0xc8/0x270 [ 980.174262] ? __mutex_unlock_slowpath+0x157/0x740 [ 980.174277] ? kernel_write+0x593/0x660 [ 980.174298] ? __fget_files+0x20d/0x3b0 [ 980.174320] __x64_sys_recvmmsg+0x211/0x260 [ 980.174342] ? ksys_write+0x1a3/0x240 [ 980.174356] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 980.174376] ? irqentry_exit+0xee/0x650 [ 980.174390] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 980.174410] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 980.174434] do_syscall_64+0xbf/0x420 [ 980.174453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 980.174469] RIP: 0033:0x7f8ef3114b19 [ 980.174481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 980.174496] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 980.174512] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 980.174522] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 980.174531] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 980.174540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 980.174549] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 980.174571] 00:56:31 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 71) 00:56:31 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3) 00:56:31 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xeffd, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:56:31 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x0) 00:56:31 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x500, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:31 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 59) 00:56:31 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x30, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x10) fdatasync(0xffffffffffffffff) 00:56:31 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xeffdffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) [ 990.794911] loop6: detected capacity change from 0 to 264192 [ 990.828204] FAULT_INJECTION: forcing a failure. [ 990.828204] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 990.834605] FAULT_INJECTION: forcing a failure. [ 990.834605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 990.841839] CPU: 1 UID: 0 PID: 7796 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 990.841877] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 990.841891] Call Trace: [ 990.841900] [ 990.841909] dump_stack_lvl+0xfa/0x120 [ 990.841943] should_fail_ex+0x4d7/0x5e0 [ 990.841985] _copy_from_user+0x30/0xd0 [ 990.842024] copy_msghdr_from_user+0x88/0x150 [ 990.842058] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 990.842092] ? kfree+0x2c5/0x5d0 [ 990.842124] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 990.842163] ___sys_recvmsg+0xbb/0x190 [ 990.842194] ? __pfx____sys_recvmsg+0x10/0x10 [ 990.842226] ? __pfx_perf_trace_lock+0x10/0x10 [ 990.842262] ? lock_acquire+0x15e/0x2d0 [ 990.842289] ? __might_fault+0xe0/0x190 [ 990.842311] ? find_held_lock+0x2b/0x80 [ 990.842347] ? __might_fault+0x138/0x190 [ 990.842381] do_recvmmsg+0x2c5/0x6f0 [ 990.842418] ? __pfx_do_recvmmsg+0x10/0x10 [ 990.842446] ? ksys_write+0x187/0x240 [ 990.842468] ? lock_release+0xc8/0x270 [ 990.842501] ? __mutex_unlock_slowpath+0x157/0x740 [ 990.842523] ? kernel_write+0x593/0x660 [ 990.842554] ? __fget_files+0x20d/0x3b0 [ 990.842588] __x64_sys_recvmmsg+0x211/0x260 [ 990.842621] ? ksys_write+0x1a3/0x240 [ 990.842642] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 990.842672] ? irqentry_exit+0xee/0x650 [ 990.842693] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 990.842722] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 990.842767] do_syscall_64+0xbf/0x420 [ 990.842795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 990.842819] RIP: 0033:0x7f4b915d8b19 [ 990.842838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 990.842859] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 990.842882] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 990.842897] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 990.842911] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 990.842925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 990.842938] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 990.842971] [ 990.845148] CPU: 0 UID: 0 PID: 7793 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 990.845183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 990.845196] Call Trace: [ 990.845205] [ 990.845214] dump_stack_lvl+0xfa/0x120 [ 990.845248] should_fail_ex+0x4d7/0x5e0 [ 990.845289] _copy_from_user+0x30/0xd0 [ 990.845327] copy_msghdr_from_user+0x88/0x150 [ 990.845360] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 990.845389] ? __pfx__kstrtoull+0x10/0x10 [ 990.845418] ? kfree+0x2c5/0x5d0 [ 990.845452] ? __lock_acquire+0x451/0x2250 [ 990.845488] ___sys_recvmsg+0xbb/0x190 [ 990.845518] ? __pfx____sys_recvmsg+0x10/0x10 [ 990.845551] ? __pfx_perf_trace_lock+0x10/0x10 [ 990.845587] ? lock_acquire+0x15e/0x2d0 [ 990.845613] ? __might_fault+0xe0/0x190 [ 990.845636] ? find_held_lock+0x2b/0x80 [ 990.845672] ? __might_fault+0x138/0x190 [ 990.845706] do_recvmmsg+0x2c5/0x6f0 [ 990.845743] ? __pfx_do_recvmmsg+0x10/0x10 [ 990.845784] ? ksys_write+0x187/0x240 [ 990.845806] ? lock_release+0xc8/0x270 [ 990.845839] ? __mutex_unlock_slowpath+0x157/0x740 [ 990.845862] ? kernel_write+0x593/0x660 [ 990.845892] ? __fget_files+0x20d/0x3b0 [ 990.845926] __x64_sys_recvmmsg+0x211/0x260 [ 990.845958] ? ksys_write+0x1a3/0x240 [ 990.845978] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 990.846009] ? irqentry_exit+0xee/0x650 [ 990.846030] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 990.846060] ? lockdep_hardirqs_on_prepare+0xdb/0x190 [ 990.846097] do_syscall_64+0xbf/0x420 [ 990.846125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 990.846149] RIP: 0033:0x7f8ef3114b19 [ 990.846168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 990.846189] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 990.846212] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 990.846228] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 990.846243] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 990.846256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 990.846270] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 990.846303] 00:56:41 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x600, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:41 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 72) 00:56:41 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 60) 00:56:41 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfcfdffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:56:41 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0) 00:56:41 executing program 7: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x20, 0x4, &(0x7f0000001280)=[{&(0x7f0000000080)="f6d46ac4214ca850f7d909b39f1ae013aa0d5081b0318e04c8db98cf107bd136eb95d76a4c3e8670bd6cdab44c1f2215e9", 0x31, 0x1}, {&(0x7f00000000c0)="35c78a23371d897153d0ac2c67d2abcb2ac0435214ce9f312eb5691c9c9b67bb3da1c42a24c69827c5d86ff7a693bdf453edebdf315459202781a7668843282e1bc10442b6a7e005b7f004392c03e94e680c00abb9907c2224417de0a3646ab6733a9d72b1e27ce5469b35d76e56b03a3dd3c7a48c5c6acabd04c64039841989c0520b154885389c3d52cdc1004d610e1f9d568d2eb7c69fa0e62abe6575165675c91cb02f710b2471864c46deee5dba98bee283cb59c305322e3aff4807cff6ae7c9e69bae49337c8", 0xc9, 0x10000}, {&(0x7f00000001c0)="4821403ff6ddd4f3b23834e3eb39264bf5081189e2590ba141e94f24f92ce599eadd2a99e94034e60dcd376e35995d974a194119e13a0ab046606f9a2461ded6092f515bcae91acabbf6fc1c00f34227bc28b9a083400265e846ffa858369199afeb7337af4985128fec27d05a41b988ed1fc30ea3064297ba8dfde4a072e2e2897280c999ea52999bc86028a13a21bdb3da8b3738a207912591cbee83a4ed9e377f90e090b4c8", 0xa7, 0x7fff}, {&(0x7f0000000280)="930fa1f73eb23b3b455d7b0577cdf1b6cdeb259ff80eeb42f16db1a3e7049c0f334fad63293ff83f1f0a36dd0d4974de29fe9ae7059d23f2bad4e84c1931e1c58b28d4ffbc601953513be336c4a33e4390fbd62a7ae8c8408162f7b6792d91447a0cb9b02e5dcd0dff4ed04c9a5231b88931c336f9d198b2cb5667e145436565c3b327d5234386993aeab28c63f94c6e64e653c4f8d2a33a3a6495b0473c4db5d48ba0b58cc0bd848edd42a46cf7cc4bdb5b429ab32e4e52e799778eac20122968bf67446d9adf5c7cdb2bae4018ae943d393fe5238d41bf6d50abd6aed5396c05c18f0a3aedbbfec6029b0cf4cbfa6410c8a92a69665770aec12c33aac045b2c85c452907558c3750068be6195fa6e70ec564fb186634e2a1cea1a434938ff6f9849205a5affef07b1d709bf14f109dbbece02a864e817520c26fa09381841250dae017cc4c3858ca292b98875604a86a18843fc97965df938ac0fcbf84f54a58d8810ec6b73a960182b058c599cae7d2a9c47f4fcf44f8cc65c4e7a20f1c4d68b9a2cf5a6a58e4f9a944c59bde0148e98e0cebdb5672c19983f181831276ebd71ecbe6fcc12d35a6c138c20fc9e495d715cb979361b36fbdc2c02ede9342c254ece525f3bfd0903b36bd70bb92bafc0793595085a181ed2ab44a61479eaff8ad7f52211f2d3d871fdceacf378cac439c571c5af454b776f5c21f9bff37f2b68dc9682c6b6bcc40b6ae6a85693b59f49e3c93f5738d681c2477d7e628d3e79307d2d307015afdee6f9fb34116167519687a4d2cf0f7499ab9dc4612d5130dc478462418cc8de0a707ecb0f2458020bc91e1bb71cb95a59850f34e3652828698b80c10c3f104b5ab3d0e9038cab13bc3367d77791db1f92b03b325975c61a8fd37800deebf470e63030242d23017ed454c03a0a86c7d5d13b9e1f55ef77da48d70be8ec94bf4a9c3fd7cb9b624c25506e6ae4945cec501af989d78b2efa00e5fa291c5faf4606eb3be8d0e5a800f4cccf41822def78b719be6a31803b321f87db02f697d940b3bbbd8dc41ae5a930d14df00434af4c36777ecb58d320c854281cf3c0ca91ab1d9455338678c92cc82cd12d0641b5bbabdb3d92d3d16a67b65c2b40581018f52eae4f8502518fed66725cd46b7f69542196a3e1a75611750837bdaf8848819abf60f9d54e83addd0781d8c21718d7e24fe8e68341f5bb28a33e818d70ac3c758cdf59fdcda6896f869955d1c07282926e65779deb3c4cb59a73447c8831c291ba27549744e17e66dff63ea17aa933c41bd2f2672a3d553b4293e202c1b6df5a4d6273ce47a7db5fb260ea6f5fd5842b1d43c4ebe79793b1a0caedf68bc0ffc095b023148f63d4bba88e008661015c939593a188274b1699d5cb58696e77d4950706a452a69b4e1b569e20cbc1b44d306cdd43eca5dc4c0d17ee532aae73f0c21f80d3925779cfcf01b19979ad49f0acd21960714674520d58fd7b9f8f557db2b4af9ea979ef9a960786d550e5606a31140149942b16db6aecf14a42067d624d2ca394729eaadeec4931fd2f65278dcd021ecd2bcefe871cf8705e7f54edcf84b64b53dd2b989960c7fd125abcc7d502f74f26d76c2023b7d8c706731240982271456f62d20c9db417210ae95f5731473b65b518f86232bf33277aa0e2f76201ce8c41bd764e8567371bb1fdb9ee6029b3d261b8b1bccff3b94de1ab6b8ef5df85c114bdef6432a77de422c56e2dac1f6345fb556e0539ff4b7c0601655d05cd89d5c3d5b55a5c957e2a9b9263f54faa663294c3b8860318643daa09a8567397ccacb51f880828616d865937cf0b5040dd091abb2d7673d0a4fbdaa5c95c9007881df24166ee8546da283f0dcd6ede34dc6309d029b511aa1de299cbf8bea12decd18f0daf00c00c3c2ae15e86b5b998b4ab6efd45cf7323045635cdf9f6d2ab6167524394982b5f49d9ad64b11a996b5fe3ee37ae95f04fbce34d7a7ad5cd03a146c42928ec1d9a2a359b71f27ba4c9c9253716b8e381a5ebc4c08331d0e1e0a8253af3ac964f4a311bf991b9bae9b1eab51f93b3217738a5c89922a9f653fd091dc03f5f3b1c569d1f2fb22dfe215444fd6f0fea3c29dd2ab250baf730bf5646b7dd4046ec6c09f58a2d70aa991121a07c3cee031a85af39502d6d49435f9d1ce9f0ec6b83d5c5794e9cf9ef3c8180db91889ca72bc9d93c5b7ce508becbe601001d9a1ef2321c6eb5824bb715e025ab39a6299c8d885b122281ad759203d53b70b5b06b67d078483eae5b7035ff0e0b20ce34e9eb1dd7fa8f559fc28777c929983db667058e84d49dcfd307fa93b4b4d1d898b7e695844cb5792cba2ecd4e1aee8d5817493bf7d6824422dae506d114fadaff4ff4470a8b747791ef54b8c16d6d97d5b197cfcad7e8f435bacfadf40f755109f223b337ba9f8b4e7f893f900d4e824b2c4c824f35c82355fa8ef94b4c2fe53c5f82f2f51da3923202b610a2a9a450310c87e0310e35abb0023887eacbfbd0d5a2899baf31602b00781caaefbdf229a33c8881ccbafb5de74bb97d136f8e92b2993b879f036afa0888e50c0751f04f67f0d9d337bd6f10eb02a4de3f3bfc658b9f48f17d9864b6e798cce369fb7f0f5b73f9230675bdc4f5a2c54c6a07d0446e467e7034a5e24856b1e3cdbbbab040563d125c8b6e53c7149b22d844d234535b3cdae62380bf33993f98022bc2b7234f873d3d6fbc7bb3369b886399b114cea70d38e349da605e4ce18c02e3b2a4087a00000083257cc30e47a8fd7d7cdc5adda534bac4210da6fe2c8d6b1f5b61b8e5922d82fd1168043c5918e49f83eb7630e11c9c4f327332ae2bb782aa8200491e187d2d2d2ab91584ada77fe9c7d0bb19249e2ddbf5dec8dd80f429301ff6ff8d7be1c3dccb2b01d4cb51de9594cd85dcd4b3c12795541df7dd9fb676213fbdf1fdb58214be232d17f6ba394104b0f039941ab6fdfa0e1a182bc20b14f7193cac680b52e6f7b5d56180b9ee93d6286d127609a86c56a31b1e390252695408bcbff21c33f97332dc27834374a95d334ce77206eb88d6db38cfd36718d944efce725d6ef744e9030aeabf1fbdbd6568e0cfdd0f985f923e2938d89f6daf1a76d52a1edda12b8888cbde72d09a1e1470d8e2652de80b128b1c9585cf721715aa92c1e323b99f61f0e0aee8c0322ff1340a70dc37b1cfb28a84be6b2656ff8e01438d7a1d1462d186a61d832298a7955d0f99026f77b891a25b04e96678dd475fb67cb0e45905c4fa04739d3ee828a560f0f1b12f298e7c4679815e0af1ebd42708a22966f2f6efb8aa0886d6eaf296066c0d84e0aaafc840552fce075ce2f564f20cc1845bb52395ce2c50a3bcc710c7eeef2603ba945712c65d8e3ba99c960fdb999b07c66357b49a56d7a615b1e7e6bb45eb79bb47646d4b650c9f5ac699acab4dc1454e98e7f7b63b74b1a644d5aa7b6dbb5edc8fa99ffaa3a7a289a92c64c454c8f0060e0d6733cbfe2509657f6ee51ba89f02471dc0df8dc2408c44ce54c71604b1a9465ed9afb7c85e04444b6905cf9cc9573a5e959a1036fafbf4e7147381be19a76e4b75b11046deb018144cb850b66d56fed32fc3879996164b4b9dd70f9912f2ad3564a0a2bdd6e3e5b9a23d5ba16bb88a136be83101084e438a5e56932f341c4ae67082d29a429a75c75a57f9ceb5a6257a2256c5c019716d02ef14747ab20dd568edd502d73df124c3a08e169aef604183ec734f1079d3ccce10555ad0e9e075cf58f781af6cd13e5a1becb05d6c2f5bb765bc77f68e1c36f195e8a90b7d9e697a8175321f45d05f7799e64f68784338a7021fd1fd8fd69d5e1246e3791e45c4458f018b5d96466fd189773a6e615c6cb118756cce508e5d7e2c1ed737ec988589f9f852d136e9e9780b4c491ce04a801187a9732ed127593419db633e841e304d5980493ff4a8516dc7e440914669399c64be99afa47dda8ee976c73e5798ef77aefe465823a43acc14803c3d811e0528420a26623ffe09904c64208f6b0b2a7b040ad10133383f7794df22cad0f3dec56b3eedf8f14228871ad7d206e32877ac103fe9f858b106ca027826e3f26aaf77b3f2be79401b48847a2d3f0af3f5253b9860007df8a2893dcf02068a0a785cbc38da559c9148b56562ce061740531f14517e334ed170b24d5da37d99a61d56a9dfb133497c38d5c479a6a7c3b43d76ce652e6075aa46e7554d016ce723a29ce70bdc9fb70722dc6fbd23123224c4a4215b7f4d02e41266443971fa50e323fcf2d55f04e22bfd838613590d8e5b792287d7b32e34c5260cf3af8796c20b13c7d037fd37fbb9add4c6222cad40a7447690d030bcbeb919ed3974051f6630aea6a0572cc086e468629f933a84edd6d76ceed809c27466743962a60c00f9d6a559b0052441cbfd381f53eb168d3c623f4f44868b85bcb90966753f6b8e3f6dd20ba77f97c9701ea3fca491121139d69f90141866a0956d25c4eab1d5deaac37e088123c96118cc3c3ce78452213aa6455edd3f0b74a83717100fcd5c9ccbcd75dd417b273e4cb04e739151d22e2fa77b86447ee288713a90fc76428041973405b15331b43eea597714f7baa7d256c79961f5ee9d8bfc98358cf85c6d707e61807c19ddc365cb2f2b03fc2ce27d77ef4cae8e68076e5ac28b752d6c52b185d194202497a9b0ae0b52841f4a92f0b507df5956e1c35ade32297f5e4d6c8b1ead14058f063d0f0d3d068809485b3d0bfec6389098a9fdf770cdd07ddbdc47653866f8f4885b28a3abbfb8534e194a950816f2b3405e5436745ea5e7383ba7c3a5abdbb3f3103b2a2a83985fec0699e5c84d59aaa5b5ffed1449601124dd4fa257ebc7e22e4ec8d08366c6014ee25539a5edf90c9bf4daa450fbb3c1b6b72cf23e751aca0c2cf465ea5f9e2ad79f637fe44521ed71551f96fdc718861988c6108a56f33a373d5bd88c731576a3819b358c694149c34222378ce2b4d409b121eccf2455aad0343a2d354d9affb65284c0d180a4dd881102474bd168619faa7c239545f67e3fab40ea83985feec4142675b348528553082f6ae4f2b7c110b78a2467a4c66533718a51f11e893c816faeafd34135510e534fe31fa34ac18b42ac102febb90defad9c29f50453f3c6e96aa2ee5aeec0b7b68fedc9a8b367dae4db45a8dfe72aa0885a1dd44914c803e58c5f181c4cabe4bfdee44417cd1c550b6cda947eeda0d7664cd45586d8f35ba9cb2679c4ca9febf0c33f54bcd96c1d4fdc3bef0fadfe20edc0c7ec604faed833f39f317dc9914581e9bd7f50c4dd9665dec151ffec91854ac52e3afa7bb9a83ac2aca02a6b1b90e7c2b8fe416dd74c722c5eb384fa6513246aee73b9ca49363aebc8322df194a644dc6134454d585c532e4236bed21ff4c65dc295cf72ca33cdca23af1b8a6550c81c8b8b801e927f05ab6a7b74ab943991f278d209fa6278f30e41bdd99aa502bf6e12978e06d5a9f1ee10305f6b1314642e6f0e239f77a3f8ca8b5cde7a11155df86eb56a21c056886f3c470e8f866a68548b404dc7fdfadba9d3250226c8fe0b569c3753a762348ef429631dab42d8f3bd1beacc11156792076b90dd0f865ac56dbda235f4b4df931ef39d62b952eb04946eff1d10177557d4d442d1b2ee5c85143516824787ea8007a93b0d21bcb180bc144107a0b0d4305ba70eab9a92578537e9779b1b9086f7dd1a88780c995a69c8461fb442acb9a1bbd23cac918659edd8bbea277b70f0633d2a3d4cf80dc1a", 0x1000, 0xc5}], 0x20, &(0x7f0000001300)={[{@huge_advise}, {@huge_within_size}], [{@subj_user={'subj_user', 0x3d, '}\xa9@'}}]}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ff6000/0x4000)=nil, 0x4000, 0xd) 00:56:41 executing program 4: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x40, 0x3, 0x1f, 0x0, 0x200, 0x40001, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={&(0x7f0000000000), 0xa}, 0x40, 0xc34, 0x7, 0x9, 0x100000000, 0x4, 0x3ff, 0x0, 0xffffff80, 0x0, 0x9}, 0x0, 0x6, r0, 0x8) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) 00:56:41 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf000, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 1001.088388] loop7: detected capacity change from 0 to 256 [ 1001.089652] FAULT_INJECTION: forcing a failure. [ 1001.089652] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1001.094670] FAULT_INJECTION: forcing a failure. [ 1001.094670] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1001.102039] CPU: 0 UID: 0 PID: 7818 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1001.102070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1001.102083] Call Trace: [ 1001.102091] [ 1001.102100] dump_stack_lvl+0xfa/0x120 [ 1001.102132] should_fail_ex+0x4d7/0x5e0 [ 1001.102170] _copy_from_user+0x30/0xd0 [ 1001.102205] copy_msghdr_from_user+0x88/0x150 [ 1001.102235] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1001.102263] ? __pfx__kstrtoull+0x10/0x10 [ 1001.102296] ? kfree+0x2c5/0x5d0 [ 1001.102328] ? __lock_acquire+0x451/0x2250 [ 1001.102360] ___sys_recvmsg+0xbb/0x190 [ 1001.102389] ? __pfx____sys_recvmsg+0x10/0x10 [ 1001.102419] ? __pfx_perf_trace_lock+0x10/0x10 [ 1001.102452] ? lock_acquire+0x15e/0x2d0 [ 1001.102477] ? __might_fault+0xe0/0x190 [ 1001.102498] ? find_held_lock+0x2b/0x80 [ 1001.102531] ? __might_fault+0x138/0x190 [ 1001.102563] do_recvmmsg+0x2c5/0x6f0 [ 1001.102597] ? __pfx_do_recvmmsg+0x10/0x10 [ 1001.102623] ? ksys_write+0x187/0x240 [ 1001.102646] ? perf_trace_lock+0xbb/0x4f0 [ 1001.102672] ? __lock_acquire+0x451/0x2250 [ 1001.102703] ? srso_alias_untrain_ret+0x1/0x10 [ 1001.102736] ? lock_acquire+0x15e/0x2d0 [ 1001.102767] __x64_sys_recvmmsg+0x211/0x260 00:56:41 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) madvise(&(0x7f0000ff6000/0x2000)=nil, 0x2000, 0x4) mbind(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x4000, &(0x7f0000000000)=0x8, 0x1, 0x7) [ 1001.102797] ? lock_release+0xc8/0x270 [ 1001.102822] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1001.102851] ? __might_fault+0xe0/0x190 [ 1001.102873] ? __might_fault+0x151/0x190 00:56:41 executing program 7: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) [ 1001.102899] do_syscall_64+0xbf/0x420 [ 1001.102925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.102947] RIP: 0033:0x7f8ef3114b19 [ 1001.102964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.102985] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b 00:56:41 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 61) 00:56:41 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x700, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) [ 1001.103006] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 1001.103021] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 1001.103034] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1001.103048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1001.103060] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 00:56:41 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 73) [ 1001.103091] [ 1001.105670] CPU: 0 UID: 0 PID: 7815 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1001.105701] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1001.105713] Call Trace: [ 1001.105720] [ 1001.105728] dump_stack_lvl+0xfa/0x120 [ 1001.105762] should_fail_ex+0x4d7/0x5e0 [ 1001.105798] _copy_from_user+0x30/0xd0 [ 1001.105831] copy_msghdr_from_user+0x88/0x150 [ 1001.105860] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1001.105887] ? __pfx__kstrtoull+0x10/0x10 [ 1001.105913] ? kfree+0x2c5/0x5d0 [ 1001.105943] ? __lock_acquire+0x451/0x2250 [ 1001.105974] ___sys_recvmsg+0xbb/0x190 [ 1001.106003] ? __pfx____sys_recvmsg+0x10/0x10 [ 1001.106033] ? __pfx_perf_trace_lock+0x10/0x10 [ 1001.106066] ? lock_acquire+0x15e/0x2d0 [ 1001.106091] ? __might_fault+0xe0/0x190 [ 1001.106112] ? find_held_lock+0x2b/0x80 [ 1001.106144] ? __might_fault+0x138/0x190 [ 1001.106177] do_recvmmsg+0x2c5/0x6f0 [ 1001.106211] ? __pfx_do_recvmmsg+0x10/0x10 [ 1001.106237] ? ksys_write+0x187/0x240 00:56:41 executing program 2: mremap(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ff7000/0x4000)=nil) [ 1001.106260] ? perf_trace_lock+0xbb/0x4f0 [ 1001.106286] ? __lock_acquire+0x451/0x2250 [ 1001.106316] ? srso_alias_untrain_ret+0x1/0x10 [ 1001.106349] ? lock_acquire+0x15e/0x2d0 [ 1001.106379] __x64_sys_recvmmsg+0x211/0x260 [ 1001.106408] ? lock_release+0xc8/0x270 [ 1001.106434] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1001.106463] ? __might_fault+0xe0/0x190 [ 1001.106485] ? __might_fault+0x151/0x190 [ 1001.106511] do_syscall_64+0xbf/0x420 00:56:41 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xf500, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 1001.106536] entry_SYSCALL_64_after_hwframe+0x77/0x7f 00:56:41 executing program 4: r0 = gettid() r1 = gettid() process_vm_writev(r1, 0x0, 0x0, 0x0, 0x0, 0x0) sched_getaffinity(r1, 0x8, &(0x7f0000000000)) process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1, 0x0, 0x800000000}, r0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fchdir(r2) [ 1001.106558] RIP: 0033:0x7f4b915d8b19 [ 1001.106575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 00:56:41 executing program 7: mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x3000, 0xb, &(0x7f0000ffa000/0x3000)=nil) [ 1001.106595] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1001.106616] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 1001.106631] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 1001.106644] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1001.106657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1001.106670] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 1001.106701] [ 1001.109878] loop6: detected capacity change from 0 to 264192 [ 1001.119564] loop7: detected capacity change from 0 to 256 [ 1001.334083] [ 1001.334100] ===================================== [ 1001.334107] WARNING: bad unlock balance detected! [ 1001.334115] 6.19.0-rc5-next-20260116 #1 Not tainted [ 1001.334126] ------------------------------------- [ 1001.334132] syz-executor.5/7835 is trying to release lock (rcu_read_lock) at: [ 1001.334154] [] __wait_on_freeing_inode+0x105/0x350 [ 1001.334189] but there are no more locks to release! [ 1001.334195] [ 1001.334195] other info that might help us debug this: [ 1001.334201] 4 locks held by syz-executor.5/7835: [ 1001.334212] #0: ffff88800fccc3f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400 [ 1001.334271] #1: ffff88801adf0d68 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400 [ 1001.334332] #2: ffff88800fcf8950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0 00:56:41 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfdef, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) [ 1001.334386] #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890 [ 1001.334435] [ 1001.334435] stack backtrace: [ 1001.334446] CPU: 0 UID: 0 PID: 7835 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1001.334468] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1001.334479] Call Trace: [ 1001.334485] [ 1001.334492] dump_stack_lvl+0xca/0x120 [ 1001.334513] ? __wait_on_freeing_inode+0x105/0x350 00:56:42 executing program 7: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000040)=0x7, 0x6) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000) [ 1001.334535] print_unlock_imbalance_bug+0x118/0x130 [ 1001.334558] ? __wait_on_freeing_inode+0x105/0x350 [ 1001.334581] lock_release+0x1ee/0x270 [ 1001.334605] __wait_on_freeing_inode+0x10a/0x350 [ 1001.334628] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 1001.334653] ? __pfx_var_wake_function+0x10/0x10 [ 1001.334681] ? lock_is_held_type+0x9e/0x120 [ 1001.334700] insert_inode_locked+0x25f/0x890 [ 1001.334729] __ext4_new_inode+0x223d/0x4cd0 [ 1001.334765] ? __pfx___ext4_new_inode+0x10/0x10 [ 1001.334789] ? __pfx___dquot_initialize+0x10/0x10 [ 1001.334818] ? __pfx_avc_has_perm+0x10/0x10 [ 1001.334844] ext4_symlink+0x623/0xb40 [ 1001.334875] ? __pfx_ext4_symlink+0x10/0x10 [ 1001.334901] ? security_inode_permission+0x72/0xe0 [ 1001.334923] vfs_symlink+0x44b/0x840 [ 1001.334950] filename_symlinkat+0x158/0x440 [ 1001.334973] ? __pfx_filename_symlinkat+0x10/0x10 [ 1001.334995] ? strncpy_from_user+0x21b/0x2f0 [ 1001.335023] __x64_sys_symlink+0x82/0x110 [ 1001.335044] do_syscall_64+0xbf/0x420 [ 1001.335065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.335085] RIP: 0033:0x7f4b915d8427 [ 1001.335100] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.335117] RSP: 002b:00007ffdbf543c08 EFLAGS: 00000202 ORIG_RAX: 0000000000000058 [ 1001.335134] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b915d8427 [ 1001.335147] RDX: 00007ffdbf543ce7 RSI: 00007f4b91633019 RDI: 00007ffdbf543cd0 [ 1001.335158] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffdbf543aa0 [ 1001.335169] R10: 00007ffdbf543957 R11: 0000000000000202 R12: 0000000000000001 [ 1001.335181] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffdbf543cd0 [ 1001.335200] [ 1001.335302] ------------[ cut here ]------------ [ 1001.335310] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#0: syz-executor.5/7835 [ 1001.335435] Modules linked in: [ 1001.335494] CPU: 0 UID: 0 PID: 7835 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1001.335516] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1001.335526] RIP: 0010:__rcu_read_unlock+0x25f/0x5c0 [ 1001.335642] Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 d6 b7 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 4d 74 03 e8 2c 5d 56 00 e9 [ 1001.335661] RSP: 0018:ffff88804b4ef9a0 EFLAGS: 00010286 [ 1001.335676] RAX: 00000000ffffffff RBX: ffff88804898b700 RCX: ffffffff815660f7 [ 1001.335690] RDX: 0000000000000000 RSI: ffffffff81566100 RDI: ffff88804898bafc [ 1001.335702] RBP: ffff88804898b700 R08: 0000000000000000 R09: fffffbfff0ba7040 [ 1001.335715] R10: 0000000000000000 R11: fffffffffffcf8a0 R12: ffff88804898b700 [ 1001.335728] R13: 0000000000000001 R14: ffffffff85c10580 R15: ffff8880095dbc48 [ 1001.335805] FS: 000055557b33a400(0000) GS:ffff8880e5342000(0000) knlGS:0000000000000000 [ 1001.335838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1001.335852] CR2: 00007f4b91658545 CR3: 0000000041190000 CR4: 0000000000350ef0 [ 1001.335866] Call Trace: [ 1001.335918] [ 1001.336635] __wait_on_freeing_inode+0x10f/0x350 [ 1001.338623] ? __pfx___wait_on_freeing_inode+0x10/0x10 [ 1001.341280] ? __pfx_var_wake_function+0x10/0x10 [ 1001.342567] ? lock_is_held_type+0x9e/0x120 [ 1001.343695] insert_inode_locked+0x25f/0x890 [ 1001.345630] __ext4_new_inode+0x223d/0x4cd0 [ 1001.348901] ? __pfx___ext4_new_inode+0x10/0x10 [ 1001.350183] ? __pfx___dquot_initialize+0x10/0x10 [ 1001.350712] ? __pfx_avc_has_perm+0x10/0x10 [ 1001.352932] ext4_symlink+0x623/0xb40 [ 1001.355885] ? __pfx_ext4_symlink+0x10/0x10 [ 1001.356884] ? security_inode_permission+0x72/0xe0 [ 1001.358691] vfs_symlink+0x44b/0x840 [ 1001.360197] filename_symlinkat+0x158/0x440 [ 1001.361366] ? __pfx_filename_symlinkat+0x10/0x10 [ 1001.361946] ? strncpy_from_user+0x21b/0x2f0 [ 1001.364206] __x64_sys_symlink+0x82/0x110 [ 1001.364829] do_syscall_64+0xbf/0x420 [ 1001.365532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.365686] RIP: 0033:0x7f4b915d8427 [ 1001.365857] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.365876] RSP: 002b:00007ffdbf543c08 EFLAGS: 00000202 ORIG_RAX: 0000000000000058 [ 1001.365895] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b915d8427 [ 1001.365908] RDX: 00007ffdbf543ce7 RSI: 00007f4b91633019 RDI: 00007ffdbf543cd0 [ 1001.365921] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffdbf543aa0 [ 1001.365933] R10: 00007ffdbf543957 R11: 0000000000000202 R12: 0000000000000001 [ 1001.365945] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffdbf543cd0 [ 1001.368981] [ 1001.368990] irq event stamp: 201 [ 1001.368998] hardirqs last enabled at (201): [] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 1001.369128] hardirqs last disabled at (200): [] _raw_spin_lock_irqsave+0x53/0x60 [ 1001.369248] softirqs last enabled at (196): [] kernel_fpu_end+0x59/0x70 [ 1001.369365] softirqs last disabled at (194): [] kernel_fpu_begin_mask+0x1bb/0x300 [ 1001.369483] ---[ end trace 0000000000000000 ]--- [ 1001.397021] FAULT_INJECTION: forcing a failure. [ 1001.397021] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1001.397073] CPU: 1 UID: 0 PID: 7831 Comm: syz-executor.1 Tainted: G W 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1001.397132] Tainted: [W]=WARN [ 1001.397145] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1001.397165] Call Trace: [ 1001.397174] [ 1001.397184] dump_stack_lvl+0xfa/0x120 [ 1001.397220] should_fail_ex+0x4d7/0x5e0 [ 1001.397269] _copy_from_user+0x30/0xd0 [ 1001.397327] copy_msghdr_from_user+0x88/0x150 [ 1001.397376] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1001.397418] ? __pfx__kstrtoull+0x10/0x10 [ 1001.397451] ? kfree+0x2c5/0x5d0 [ 1001.397502] ___sys_recvmsg+0xbb/0x190 [ 1001.397540] ? __pfx____sys_recvmsg+0x10/0x10 [ 1001.397570] ? __pfx_perf_trace_lock+0x10/0x10 [ 1001.397600] ? __fget_files+0x203/0x3b0 [ 1001.397624] ? lock_release+0x1c7/0x270 [ 1001.397653] ? __might_fault+0x138/0x190 [ 1001.397676] ? lock_release+0x1c7/0x270 [ 1001.397702] ? __might_fault+0xe0/0x190 [ 1001.397726] do_recvmmsg+0x2c5/0x6f0 [ 1001.397765] ? __pfx_do_recvmmsg+0x10/0x10 [ 1001.397794] ? lock_release+0x1c7/0x270 [ 1001.397823] ? __mutex_unlock_slowpath+0x157/0x740 [ 1001.397845] ? kernel_write+0x593/0x660 [ 1001.397872] ? __fget_files+0x20d/0x3b0 [ 1001.397899] __x64_sys_recvmmsg+0x211/0x260 [ 1001.397930] ? ksys_write+0x1a3/0x240 [ 1001.397949] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1001.397979] ? irqentry_exit+0xee/0x650 [ 1001.398000] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 1001.398034] do_syscall_64+0xbf/0x420 [ 1001.398060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.398083] RIP: 0033:0x7f8ef3114b19 [ 1001.398102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.398123] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1001.398146] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 1001.398162] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 1001.398176] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1001.398190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1001.398204] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 1001.398229] [ 1001.421845] loop6: detected capacity change from 0 to 264192 [ 1001.507541] FAULT_INJECTION: forcing a failure. [ 1001.507541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1001.507578] CPU: 0 UID: 0 PID: 7848 Comm: syz-executor.5 Tainted: G W 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1001.507602] Tainted: [W]=WARN [ 1001.507608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1001.507618] Call Trace: [ 1001.507624] [ 1001.507631] dump_stack_lvl+0xfa/0x120 [ 1001.507655] should_fail_ex+0x4d7/0x5e0 [ 1001.507682] _copy_from_user+0x30/0xd0 [ 1001.507708] copy_msghdr_from_user+0x88/0x150 [ 1001.507732] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1001.507759] ? __pfx__kstrtoull+0x10/0x10 [ 1001.507777] ? kfree+0x2c5/0x5d0 [ 1001.507798] ? kmem_cache_free+0x2cd/0x670 [ 1001.507820] ? putname+0xb4/0x110 [ 1001.507847] ___sys_recvmsg+0xbb/0x190 [ 1001.507867] ? __pfx____sys_recvmsg+0x10/0x10 [ 1001.507889] ? __pfx_perf_trace_lock+0x10/0x10 [ 1001.507911] ? __fget_files+0x203/0x3b0 [ 1001.507928] ? lock_release+0x1c7/0x270 [ 1001.507949] ? __might_fault+0x138/0x190 [ 1001.507966] ? lock_release+0x1c7/0x270 [ 1001.507985] ? __might_fault+0xe0/0x190 [ 1001.508002] do_recvmmsg+0x2c5/0x6f0 [ 1001.508025] ? __pfx_do_recvmmsg+0x10/0x10 [ 1001.508046] ? lock_release+0x1c7/0x270 [ 1001.508068] ? __mutex_unlock_slowpath+0x157/0x740 [ 1001.508084] ? kernel_write+0x593/0x660 [ 1001.508102] ? __fget_files+0x20d/0x3b0 [ 1001.508122] __x64_sys_recvmmsg+0x211/0x260 [ 1001.508144] ? ksys_write+0x1a3/0x240 [ 1001.508159] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1001.508180] ? irqentry_exit+0xee/0x650 [ 1001.508195] ? trace_hardirqs_on_prepare+0xe3/0x110 [ 1001.508220] do_syscall_64+0xbf/0x420 [ 1001.508240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.508257] RIP: 0033:0x7f4b915d8b19 [ 1001.508270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.508286] RSP: 002b:00007f4b8eb2d188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1001.508302] RAX: ffffffffffffffda RBX: 00007f4b916ec020 RCX: 00007f4b915d8b19 [ 1001.508313] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 1001.508323] RBP: 00007f4b8eb2d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1001.508333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1001.508343] R13: 00007ffdbf5439bf R14: 00007f4b8eb2d300 R15: 0000000000022000 [ 1001.508361] [ 1001.562988] loop6: detected capacity change from 0 to 264192 00:56:51 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0x810, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:51 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfefdffffffffffff, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:56:51 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "9e1961fbccfc2dbd90fd623df5c3d66f"}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, r1, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1000, 0x5b}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x78}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x6e}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x5a}]}, 0x48}, 0x1, 0x0, 0x0, 0x14}, 0x40000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mremap(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x4000, 0x6, &(0x7f0000ff7000/0x4000)=nil) 00:56:51 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfeff, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:56:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 74) 00:56:51 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) recvmmsg$unix(r0, &(0x7f0000001700)=[{{0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x0, 0x57}}], 0x572, 0x0, 0x0) (fail_nth: 62) 00:56:51 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x2, 0x38, 0xfb, 0x0, 0x0, 0x383, 0x4000, 0x5, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xbab, 0x0, @perf_bp, 0x204, 0x5, 0x348be061, 0x2, 0x4, 0x8, 0x2, 0x0, 0x2, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 00:56:51 executing program 2: mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) pkey_mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8, 0xffffffffffffffff) [ 1010.970080] FAULT_INJECTION: forcing a failure. [ 1010.970080] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1010.971376] FAULT_INJECTION: forcing a failure. [ 1010.971376] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1010.972671] loop6: detected capacity change from 0 to 264192 [ 1010.975093] CPU: 0 UID: 0 PID: 7877 Comm: syz-executor.5 Tainted: G W 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1010.975135] Tainted: [W]=WARN [ 1010.975143] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1010.975158] Call Trace: [ 1010.975167] [ 1010.975176] dump_stack_lvl+0xfa/0x120 [ 1010.975210] should_fail_ex+0x4d7/0x5e0 [ 1010.975252] _copy_from_user+0x30/0xd0 [ 1010.975291] copy_msghdr_from_user+0x88/0x150 [ 1010.975332] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1010.975368] ? kfree+0x2c5/0x5d0 [ 1010.975399] ? kmem_cache_free+0x2cd/0x670 [ 1010.975435] ? putname+0xb4/0x110 [ 1010.975475] ___sys_recvmsg+0xbb/0x190 [ 1010.975507] ? __pfx____sys_recvmsg+0x10/0x10 [ 1010.975540] ? __pfx_perf_trace_lock+0x10/0x10 [ 1010.975581] ? __might_fault+0x138/0x190 [ 1010.975606] ? lock_release+0x1c7/0x270 00:56:51 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "99fbe73fa257e98fd1288a183f0243f39bccb6b5dce311f9"}]]}, 0x38}}, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff7000/0x4000)=nil) mbind(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x8000, &(0x7f0000000000)=0x1f, 0x202, 0x5) madvise(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x10) [ 1010.975636] ? __might_fault+0xe0/0x190 [ 1010.975663] do_recvmmsg+0x2c5/0x6f0 [ 1010.975706] ? __pfx_do_recvmmsg+0x10/0x10 [ 1010.975739] ? lock_release+0x1c7/0x270 [ 1010.975769] ? perf_trace_lock+0xbb/0x4f0 [ 1010.975811] ? __pfx_perf_trace_lock+0x10/0x10 [ 1010.975843] ? __might_fault+0x138/0x190 [ 1010.975871] __x64_sys_recvmmsg+0x211/0x260 [ 1010.975906] ? lock_release+0x1c7/0x270 [ 1010.975935] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1010.975969] ? __might_fault+0xe0/0x190 [ 1010.975993] ? __might_fault+0x151/0x190 [ 1010.976021] do_syscall_64+0xbf/0x420 [ 1010.976050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.976075] RIP: 0033:0x7f4b915d8b19 [ 1010.976095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1010.976120] RSP: 002b:00007f4b8eb4e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1010.976145] RAX: ffffffffffffffda RBX: 00007f4b916ebf60 RCX: 00007f4b915d8b19 [ 1010.976163] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 1010.976179] RBP: 00007f4b8eb4e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1010.976194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1010.976210] R13: 00007ffdbf5439bf R14: 00007f4b8eb4e300 R15: 0000000000022000 [ 1010.976238] [ 1010.989425] CPU: 1 UID: 0 PID: 7878 Comm: syz-executor.1 Tainted: G W 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) [ 1010.989467] Tainted: [W]=WARN [ 1010.989474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1010.989486] Call Trace: [ 1010.989493] [ 1010.989501] dump_stack_lvl+0xfa/0x120 [ 1010.989524] should_fail_ex+0x4d7/0x5e0 [ 1010.989559] _copy_from_user+0x30/0xd0 [ 1010.989591] copy_msghdr_from_user+0x88/0x150 [ 1010.989619] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1010.989647] ? __pfx__kstrtoull+0x10/0x10 [ 1010.989671] ? kfree+0x2c5/0x5d0 [ 1010.989703] ___sys_recvmsg+0xbb/0x190 [ 1010.989731] ? __pfx____sys_recvmsg+0x10/0x10 [ 1010.989760] ? __pfx_perf_trace_lock+0x10/0x10 [ 1010.989789] ? __fget_files+0x203/0x3b0 [ 1010.989814] ? lock_release+0x1c7/0x270 [ 1010.989840] ? __might_fault+0x138/0x190 [ 1010.989861] ? lock_release+0x1c7/0x270 [ 1010.989887] ? __might_fault+0xe0/0x190 [ 1010.989910] do_recvmmsg+0x2c5/0x6f0 [ 1010.989941] ? __pfx_do_recvmmsg+0x10/0x10 [ 1010.989968] ? lock_release+0x1c7/0x270 [ 1010.989994] ? perf_trace_lock+0xbb/0x4f0 [ 1010.990030] ? __pfx_perf_trace_lock+0x10/0x10 [ 1010.990057] ? __might_fault+0x138/0x190 [ 1010.990080] __x64_sys_recvmmsg+0x211/0x260 [ 1010.990109] ? lock_release+0x1c7/0x270 [ 1010.990135] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1010.990165] ? __might_fault+0xe0/0x190 [ 1010.990185] ? __might_fault+0x151/0x190 [ 1010.990208] do_syscall_64+0xbf/0x420 [ 1010.990232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.990254] RIP: 0033:0x7f8ef3114b19 [ 1010.990270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1010.990290] RSP: 002b:00007f8ef068a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1010.990311] RAX: ffffffffffffffda RBX: 00007f8ef3227f60 RCX: 00007f8ef3114b19 [ 1010.990326] RDX: 0000000000000572 RSI: 0000000020001700 RDI: 0000000000000004 [ 1010.990339] RBP: 00007f8ef068a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1010.990353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1010.990366] R13: 00007ffe3438f3ff R14: 00007f8ef068a300 R15: 0000000000022000 [ 1010.990390] 00:56:51 executing program 0: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0x0, 0xf00, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}]) 00:56:51 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffffffffffdef, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:56:51 executing program 2: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r1) openat$cgroup_devices(r1, &(0x7f0000000040)='devices.allow\x00', 0x2, 0x0) openat(r0, &(0x7f0000000000)='./file0\x00', 0x8002, 0x41) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fdatasync(r2) mkdirat(r2, &(0x7f0000000080)='./file0\x00', 0x44) 00:56:51 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xff01, 0x3, &(0x7f0000000200)=[{&(0x7f0000000300)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b7000000000000b70000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}, {0x0, 0x0, 0x40000000c800}], 0x0, &(0x7f0000000040)={[{@utf8}]}) 00:56:51 executing program 7: mremap(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000ff8000/0x1000)=nil) r0 = shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffc000/0x4000)=nil) shmget$private(0x0, 0x4000, 0x800, &(0x7f0000ffa000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r0, &(0x7f0000fff000/0x1000)=nil, 0x4000) shmat(r0, &(0x7f0000ff8000/0x3000)=nil, 0x4000) [ 1011.241907] loop6: detected capacity change from 0 to 264192 00:56:51 executing program 3: io_setup(0xfff, &(0x7f0000000040)=0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) io_submit(r0, 0x2, &(0x7f00000004c0)=[&(0x7f0000000100)={0xfffffffffffffdfc, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x0, r2, 0x0}]) 00:56:51 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountstats\x00') sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x19}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x5}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x77}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4a}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}]}, 0x48}, 0x1, 0x0, 0x0, 0x8844}, 0x40000) r1 = socket(0x2b, 0x80004, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x30, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "9e1961fbccfc2dbd90fd623df5c3d66f"}]}, 0x30}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x30, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "9e1961fbccfc2dbd90fd623df5c3d66f"}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, r3, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x4, 0x2b}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x48005}, 0x20000000) VM DIAGNOSIS: 00:56:42 Registers: info registers vcpu 0 RAX=ffff88806ce33700 RBX=ffff88800bf63940 RCX=ffff88800bcb2de0 RDX=0000000000000128 RSI=0000000000000008 RDI=ffff88806ce31f50 RBP=ffff88800904b780 RSP=ffff88806ce08dc0 R8 =0000000000000000 R9 =fffffbfff0ccdd0a R10=ffffffff8666e857 R11=0000000000000000 R12=0000000000000200 R13=0000000000000000 R14=ffff88800bf63940 R15=ffff88800904b780 RIP=ffffffff81b3dfa5 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557b33a400 00000000 00000000 GS =0000 ffff8880e5342000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005555814a9098 CR3=0000000041190000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000007 RCX=ffffffff819fb8b1 RDX=ffff888048988000 RSI=0000000000000010 RDI=0000000000000004 RBP=ffff88801cda0258 RSP=ffff88804a8d7630 R8 =0000000000000000 R9 =fffff940001cee96 R10=0000000000000007 R11=0000000000000000 R12=0000000000000000 R13=dffffc0000000000 R14=0000000000000007 R15=0000000000000000 RIP=ffffffff819fb8b6 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e5442000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f969e966547 CR3=000000000ec63000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000