1d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, 0x0, 0x0, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:12:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:12:43 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40), 0x0, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:12:43 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), 0x0, &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:12:43 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x46e2, 0x0) execveat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)=[&(0x7f0000000140)=']\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='security.capability\x00', &(0x7f0000000340)='security.capability\x00'], &(0x7f0000000440)=[&(0x7f00000003c0)='\x00', 0x0], 0x1000) fallocate(0xffffffffffffffff, 0x78, 0x0, 0x0) ftruncate(r0, 0x1000003) preadv(r0, &(0x7f0000000400)=[{&(0x7f0000000640)=""/177, 0xb1}, {&(0x7f0000000800)=""/145, 0x91}, {&(0x7f00000008c0)=""/108, 0x6c}], 0x3, 0x1, 0x8) socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@empty}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000000100)=0xe8) clone3(&(0x7f0000000740)={0x40092340, &(0x7f0000000480)=0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000500), {0x34}, &(0x7f0000000540)=""/201, 0xc9, 0x0, &(0x7f0000000700)}, 0x58) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f00000007c0)={0xfffffffd, 0x81, 0x667, 0x3f, 0x8}) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{}, {0x8000000, 0x3}]}, 0x14, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000940)={0x0, r1, 0x3f7e, 0x10002, 0x7, 0x2}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = dup2(r3, r4) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) 17:12:43 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 14) 17:12:43 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40), 0x0, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:12:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1107.627147] FAULT_INJECTION: forcing a failure. [ 1107.627147] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1107.630621] CPU: 0 PID: 6950 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1107.632266] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1107.634255] Call Trace: [ 1107.634886] dump_stack+0x107/0x167 [ 1107.635748] should_fail.cold+0x5/0xa [ 1107.636652] _copy_from_user+0x2e/0x1b0 [ 1107.637603] __copy_msghdr_from_user+0x91/0x4b0 [ 1107.638715] ? __ia32_sys_shutdown+0x80/0x80 [ 1107.639763] ? __lock_acquire+0x1657/0x5b00 [ 1107.640796] ___sys_recvmsg+0xd5/0x200 [ 1107.641710] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1107.642896] ? __fget_files+0x2cf/0x520 [ 1107.643856] ? lock_acquire+0x197/0x470 [ 1107.644793] ? find_held_lock+0x2c/0x110 [ 1107.645768] ? __might_fault+0xd3/0x180 [ 1107.646961] ? lock_downgrade+0x6d0/0x6d0 [ 1107.648012] do_recvmmsg+0x24c/0x6d0 [ 1107.649152] ? ___sys_recvmsg+0x200/0x200 [ 1107.650179] ? lock_downgrade+0x6d0/0x6d0 [ 1107.651445] ? ksys_write+0x12d/0x260 [ 1107.652381] ? wait_for_completion_io+0x270/0x270 [ 1107.653538] ? rcu_read_lock_any_held+0x75/0xa0 [ 1107.654668] ? vfs_write+0x354/0xb10 [ 1107.655567] __x64_sys_recvmmsg+0x20f/0x260 [ 1107.656598] ? ksys_write+0x1a9/0x260 [ 1107.657511] ? __do_sys_socketcall+0x600/0x600 [ 1107.658623] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1107.659871] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1107.661119] do_syscall_64+0x33/0x40 [ 1107.662036] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1107.663341] RIP: 0033:0x7f60a47afb19 [ 1107.664300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1107.669045] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1107.671009] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1107.672851] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1107.674678] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1107.676514] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1107.678359] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1123.352406] FAULT_INJECTION: forcing a failure. [ 1123.352406] name failslab, interval 1, probability 0, space 0, times 0 [ 1123.354488] CPU: 1 PID: 6967 Comm: syz-executor.2 Not tainted 5.10.235 #1 [ 1123.355523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1123.357077] Call Trace: [ 1123.357509] dump_stack+0x107/0x167 [ 1123.358207] should_fail.cold+0x5/0xa [ 1123.358924] ? create_object.isra.0+0x3a/0xa20 [ 1123.359776] should_failslab+0x5/0x20 [ 1123.360470] kmem_cache_alloc+0x5b/0x310 [ 1123.361233] create_object.isra.0+0x3a/0xa20 [ 1123.362063] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1123.362943] kmem_cache_alloc+0x159/0x310 [ 1123.363717] __alloc_file+0x21/0x320 [ 1123.364606] alloc_empty_file+0x6d/0x170 [ 1123.365416] alloc_file+0x5e/0x5a0 [ 1123.366117] alloc_file_pseudo+0x16a/0x250 [ 1123.366747] ? alloc_file+0x5a0/0x5a0 [ 1123.367336] ? do_raw_spin_unlock+0x4f/0x220 [ 1123.367979] ? _raw_spin_unlock+0x1a/0x30 [ 1123.368597] ? alloc_fd+0x2e7/0x670 [ 1123.369138] sock_alloc_file+0x4f/0x1a0 [ 1123.369744] __sys_socket+0x13d/0x200 [ 1123.370328] ? fput_many+0x2f/0x1a0 [ 1123.370882] ? move_addr_to_kernel+0x70/0x70 [ 1123.371545] ? ksys_write+0x1a9/0x260 [ 1123.372124] ? __ia32_sys_read+0xb0/0xb0 [ 1123.372746] __x64_sys_socket+0x6f/0xb0 [ 1123.373350] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1123.374115] do_syscall_64+0x33/0x40 [ 1123.374659] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1123.375417] RIP: 0033:0x7fd7ecb81197 17:12:59 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40), 0x0, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:12:59 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:12:59 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180)={0x0, 0x4346}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000340)={'ip6tnl0\x00', 0x0, 0x2f, 0x5, 0x80, 0x8, 0x49, @dev={0xfe, 0x80, '\x00', 0x3f}, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x7800, 0x0, 0x6, 0x7}}) sendmsg$nl_xfrm(r4, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000500)=@delpolicy={0x1d8, 0x14, 0x2, 0x70bd2d, 0x25dfdbfd, {{@in=@private=0xa010100, @in6=@dev={0xfe, 0x80, '\x00', 0x1c}, 0x4e20, 0x0, 0x4e23, 0x2, 0x2, 0x80, 0x80, 0x32, 0x0, 0xffffffffffffffff}, 0x6e6bb5}, [@encap={0x1c, 0x4, {0xffffffffffffffff, 0x4e23, 0x4e23, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, @XFRMA_IF_ID={0x8}, @algo_crypt={0x65, 0x2, {{'adiantum(pcbc(fcrypt),des3_ede)\x00'}, 0xe8, "1228f51d599a135322fc43b72b6938a0d0f26bb34e3d21c98a440a28c8"}}, @XFRMA_IF_ID={0x8, 0x1f, r5}, @sec_ctx={0xd0, 0x8, {0xcc, 0x8, 0x0, 0x7f, 0xc4, "c763a883e1a9d131292c12bb61c6c89ddcb8a3f2ecd7b5a26238723a37db1babb53a3c8027054f79a3e93e2e8130d47bba5d624f465f62f8f2c319f63f72305e00cdee1526dd09ecbaa5c5f34877b4842bec481fc2cf1cdf814eabc90dc65ef9b6053b7d4bc127c7bc3f8f9030c007b9c9a40ba12075273d658370f8994e5eda7d3a376d90b0b48c162d19b3e54065ff0bd00a35082b4cc4776a79978faea4da030ce6fe6b1ac651db9fc9abeaf5b9db109bb6a08938bb4d5481a4ace31e1e7c50080fbd"}}, @lifetime_val={0x24, 0x9, {0x8, 0x81, 0xb96, 0x2}}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x20000000}, 0x88c0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @ipv4, 0xffffffff}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a64485f108d23b76be1cc0", 0xb}], 0x1}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 17:12:59 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 15) 17:12:59 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:12:59 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), 0x0) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:12:59 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:12:59 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 12) [ 1123.375989] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1123.379100] RSP: 002b:00007fd7ea0f40c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029 [ 1123.380209] RAX: ffffffffffffffda RBX: 00007fd7ecc92f60 RCX: 00007fd7ecb81197 [ 1123.381306] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1123.382353] RBP: 00007fd7ea0f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1123.383391] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000002 [ 1123.384429] R13: 000000000000002e R14: 0000000020000300 R15: 0000000000022000 [ 1123.543178] FAULT_INJECTION: forcing a failure. [ 1123.543178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1123.546028] CPU: 0 PID: 6978 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1123.547618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1123.549533] Call Trace: [ 1123.550161] dump_stack+0x107/0x167 [ 1123.551009] should_fail.cold+0x5/0xa [ 1123.551906] _copy_from_user+0x2e/0x1b0 [ 1123.552829] __copy_msghdr_from_user+0x91/0x4b0 [ 1123.553890] ? __ia32_sys_shutdown+0x80/0x80 [ 1123.554897] ? __lock_acquire+0x1657/0x5b00 [ 1123.555905] ___sys_recvmsg+0xd5/0x200 [ 1123.556788] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1123.557916] ? __fget_files+0x2cf/0x520 [ 1123.558861] ? lock_acquire+0x197/0x470 [ 1123.559791] ? find_held_lock+0x2c/0x110 [ 1123.560744] ? __might_fault+0xd3/0x180 [ 1123.561658] ? lock_downgrade+0x6d0/0x6d0 [ 1123.562644] do_recvmmsg+0x24c/0x6d0 [ 1123.563509] ? ___sys_recvmsg+0x200/0x200 [ 1123.564463] ? lock_downgrade+0x6d0/0x6d0 [ 1123.565423] ? ksys_write+0x12d/0x260 [ 1123.566318] ? wait_for_completion_io+0x270/0x270 [ 1123.567432] ? rcu_read_lock_any_held+0x75/0xa0 [ 1123.568499] ? vfs_write+0x354/0xb10 [ 1123.569357] __x64_sys_recvmmsg+0x20f/0x260 [ 1123.570346] ? ksys_write+0x1a9/0x260 [ 1123.571221] ? __do_sys_socketcall+0x600/0x600 [ 1123.572276] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1123.573467] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1123.574679] do_syscall_64+0x33/0x40 [ 1123.575540] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1123.576699] RIP: 0033:0x7f60a47afb19 [ 1123.577555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1123.581885] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1123.583513] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1123.585039] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1123.586701] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1123.588321] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1123.590003] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 [ 1123.593064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:13:17 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), 0x0) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:13:17 executing program 6: fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f00000001c0)={0x2}) ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x0) flock(0xffffffffffffffff, 0x0) read(0xffffffffffffffff, &(0x7f0000002880)=""/196, 0xc4) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x20000881) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}, 0x2108, 0x10001, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/raw6\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x401, 0x0, 0x0, 'queue1\x00'}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x66e2, 0x0) write$sndseq(r2, &(0x7f0000000380)=[{0x5, 0xff, 0xe0, 0x0, @tick=0x1, {0x40, 0x72}, {0x7, 0x66}, @ext={0x78, &(0x7f0000000200)="6dbf492af2b9c7a13e90a23f37f924342585c8313986ecd2b648a37c621f5f5bba44d4f33a3de4afdedd5738b73358a6a2f860f9e273c914264fd5638d449ad80cda6a97d8ea036e91527f7bbbb343b98dec027b167afec291613937a2babc5fa32ef292b3427af4e605fc03807ea6711c3877ae36004a45"}}, {0x6, 0x5b, 0x49, 0x1, @tick, {0x1}, {0x9}, @quote={{0x6, 0x5}, 0x3ff, &(0x7f00000002c0)={0x7f, 0x1f, 0x4, 0x3, @tick=0x3, {0x1}, {0x5, 0x6}, @time=@time={0x9, 0x3}}}}, {0x78, 0x7f, 0x3, 0x0, @time={0x7, 0x7}, {0x7, 0x2}, {0x6, 0x5}, @raw8={"00019bac5c1694ecddbad872"}}, {0x3f, 0x1, 0x5, 0x3, @tick=0x3, {0x0, 0x2}, {0x1, 0x4}, @control={0x1, 0xffff7fff, 0x10001}}], 0x70) fallocate(r1, 0x0, 0x0, 0x1000002) r3 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x25) sendfile(0xffffffffffffffff, r3, 0x0, 0x100000001) lseek(0xffffffffffffffff, 0x0, 0x3) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000009, 0x1f012, r1, 0x0) r4 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000feb000/0x13000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000002a40)) ioctl$BTRFS_IOC_DEFRAG(r2, 0x50009402, 0x0) io_uring_enter(r4, 0x18e3, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r4, 0x8040942d, &(0x7f0000000100)) 17:13:17 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:17 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:17 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:17 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 16) 17:13:17 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 13) 17:13:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1140.885290] FAULT_INJECTION: forcing a failure. [ 1140.885290] name failslab, interval 1, probability 0, space 0, times 0 [ 1140.887877] CPU: 0 PID: 6991 Comm: syz-executor.2 Not tainted 5.10.235 #1 [ 1140.889252] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1140.891053] Call Trace: [ 1140.891615] dump_stack+0x107/0x167 [ 1140.892551] should_fail.cold+0x5/0xa [ 1140.893504] ? create_object.isra.0+0x3a/0xa20 [ 1140.894499] should_failslab+0x5/0x20 [ 1140.895407] kmem_cache_alloc+0x5b/0x310 [ 1140.896440] create_object.isra.0+0x3a/0xa20 [ 1140.897532] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1140.898821] kmem_cache_alloc+0x159/0x310 [ 1140.899895] __alloc_file+0x21/0x320 [ 1140.900840] alloc_empty_file+0x6d/0x170 [ 1140.901890] alloc_file+0x5e/0x5a0 [ 1140.902809] alloc_file_pseudo+0x16a/0x250 [ 1140.903880] ? alloc_file+0x5a0/0x5a0 [ 1140.904841] ? do_raw_spin_unlock+0x4f/0x220 [ 1140.905963] ? _raw_spin_unlock+0x1a/0x30 [ 1140.907019] ? alloc_fd+0x2e7/0x670 [ 1140.907954] sock_alloc_file+0x4f/0x1a0 [ 1140.908974] __sys_socket+0x13d/0x200 [ 1140.909950] ? fput_many+0x2f/0x1a0 [ 1140.910889] ? move_addr_to_kernel+0x70/0x70 [ 1140.911993] ? ksys_write+0x1a9/0x260 [ 1140.912970] ? __ia32_sys_read+0xb0/0xb0 [ 1140.914007] __x64_sys_socket+0x6f/0xb0 [ 1140.915025] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1140.916332] do_syscall_64+0x33/0x40 [ 1140.917277] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1140.918587] RIP: 0033:0x7fd7ecb81197 [ 1140.919529] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1140.924192] RSP: 002b:00007fd7ea0f40c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029 [ 1140.926107] RAX: ffffffffffffffda RBX: 00007fd7ecc92f60 RCX: 00007fd7ecb81197 [ 1140.927938] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1140.929742] RBP: 00007fd7ea0f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1140.931564] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000002 [ 1140.933374] R13: 000000000000002e R14: 0000000020000300 R15: 0000000000022000 17:13:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1141.017198] FAULT_INJECTION: forcing a failure. [ 1141.017198] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1141.020135] CPU: 0 PID: 7004 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1141.021576] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1141.023339] Call Trace: [ 1141.023903] dump_stack+0x107/0x167 [ 1141.024680] should_fail.cold+0x5/0xa [ 1141.025519] _copy_from_user+0x2e/0x1b0 [ 1141.026406] __copy_msghdr_from_user+0x91/0x4b0 [ 1141.027403] ? __ia32_sys_shutdown+0x80/0x80 [ 1141.028365] ? __lock_acquire+0x1657/0x5b00 [ 1141.029307] ___sys_recvmsg+0xd5/0x200 [ 1141.030166] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1141.031218] ? __fget_files+0x2cf/0x520 [ 1141.032076] ? lock_acquire+0x197/0x470 [ 1141.032926] ? find_held_lock+0x2c/0x110 [ 1141.033818] ? __might_fault+0xd3/0x180 [ 1141.034704] ? lock_downgrade+0x6d0/0x6d0 [ 1141.035610] do_recvmmsg+0x24c/0x6d0 [ 1141.036414] ? ___sys_recvmsg+0x200/0x200 [ 1141.037318] ? lock_downgrade+0x6d0/0x6d0 [ 1141.038224] ? ksys_write+0x12d/0x260 [ 1141.039055] ? wait_for_completion_io+0x270/0x270 [ 1141.040111] ? rcu_read_lock_any_held+0x75/0xa0 [ 1141.041105] ? vfs_write+0x354/0xb10 [ 1141.041913] __x64_sys_recvmmsg+0x20f/0x260 [ 1141.042845] ? ksys_write+0x1a9/0x260 [ 1141.043663] ? __do_sys_socketcall+0x600/0x600 [ 1141.044642] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1141.045775] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1141.046895] do_syscall_64+0x33/0x40 [ 1141.047704] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1141.048814] RIP: 0033:0x7f60a47afb19 [ 1141.049605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1141.053536] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1141.055214] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1141.056725] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1141.058252] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1141.059778] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1141.061304] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 [ 1141.096637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:13:17 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), 0x0) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:13:33 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:33 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1157.175581] FAULT_INJECTION: forcing a failure. [ 1157.175581] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.178475] CPU: 1 PID: 7023 Comm: syz-executor.2 Not tainted 5.10.235 #1 [ 1157.180180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1157.182250] Call Trace: [ 1157.182931] dump_stack+0x107/0x167 [ 1157.183848] should_fail.cold+0x5/0xa [ 1157.184809] ? create_object.isra.0+0x3a/0xa20 [ 1157.185947] should_failslab+0x5/0x20 [ 1157.186907] kmem_cache_alloc+0x5b/0x310 [ 1157.187924] ? percpu_ref_put_many.constprop.0+0x4e/0x110 [ 1157.189302] create_object.isra.0+0x3a/0xa20 [ 1157.190419] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1157.191846] kmem_cache_alloc+0x159/0x310 [ 1157.192905] security_file_alloc+0x34/0x170 [ 1157.193983] __alloc_file+0xb7/0x320 [ 1157.194936] alloc_empty_file+0x6d/0x170 [ 1157.195997] alloc_file+0x5e/0x5a0 [ 1157.196889] alloc_file_pseudo+0x16a/0x250 [ 1157.197948] ? alloc_file+0x5a0/0x5a0 [ 1157.198917] ? do_raw_spin_unlock+0x4f/0x220 [ 1157.200067] ? _raw_spin_unlock+0x1a/0x30 [ 1157.201106] ? alloc_fd+0x2e7/0x670 [ 1157.202028] sock_alloc_file+0x4f/0x1a0 [ 1157.202995] __sys_socket+0x13d/0x200 [ 1157.203827] ? fput_many+0x2f/0x1a0 [ 1157.204590] ? move_addr_to_kernel+0x70/0x70 [ 1157.205512] ? ksys_write+0x1a9/0x260 [ 1157.206335] ? __ia32_sys_read+0xb0/0xb0 [ 1157.207230] __x64_sys_socket+0x6f/0xb0 [ 1157.208067] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1157.209151] do_syscall_64+0x33/0x40 [ 1157.209933] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1157.211033] RIP: 0033:0x7fd7ecb81197 [ 1157.211840] Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1157.215813] RSP: 002b:00007fd7ea0f40c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029 [ 1157.217427] RAX: ffffffffffffffda RBX: 00007fd7ecc92f60 RCX: 00007fd7ecb81197 [ 1157.218948] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1157.220481] RBP: 00007fd7ea0f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1157.221985] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000002 [ 1157.223542] R13: 000000000000002e R14: 0000000020000300 R15: 0000000000022000 17:13:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:33 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:13:33 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:33 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 17) 17:13:33 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 14) 17:13:33 executing program 6: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), 0x0) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:13:33 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1157.355136] FAULT_INJECTION: forcing a failure. [ 1157.355136] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1157.357923] CPU: 0 PID: 7031 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1157.359543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1157.361483] Call Trace: [ 1157.362100] dump_stack+0x107/0x167 [ 1157.362957] should_fail.cold+0x5/0xa [ 1157.363853] _copy_from_user+0x2e/0x1b0 [ 1157.364791] __copy_msghdr_from_user+0x91/0x4b0 [ 1157.365879] ? __ia32_sys_shutdown+0x80/0x80 [ 1157.366918] ? __lock_acquire+0x1657/0x5b00 [ 1157.367934] ___sys_recvmsg+0xd5/0x200 [ 1157.368845] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1157.369987] ? __fget_files+0x2cf/0x520 [ 1157.370924] ? lock_acquire+0x197/0x470 [ 1157.371857] ? find_held_lock+0x2c/0x110 [ 1157.372801] ? __might_fault+0xd3/0x180 [ 1157.373707] ? lock_downgrade+0x6d0/0x6d0 [ 1157.374708] do_recvmmsg+0x24c/0x6d0 [ 1157.375576] ? ___sys_recvmsg+0x200/0x200 [ 1157.376532] ? lock_downgrade+0x6d0/0x6d0 [ 1157.377493] ? ksys_write+0x12d/0x260 [ 1157.378077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1157.378397] ? wait_for_completion_io+0x270/0x270 [ 1157.381429] ? rcu_read_lock_any_held+0x75/0xa0 [ 1157.382503] ? vfs_write+0x354/0xb10 [ 1157.383375] __x64_sys_recvmmsg+0x20f/0x260 [ 1157.384364] ? ksys_write+0x1a9/0x260 [ 1157.385244] ? __do_sys_socketcall+0x600/0x600 [ 1157.386313] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1157.387554] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1157.388741] do_syscall_64+0x33/0x40 [ 1157.389597] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1157.390821] RIP: 0033:0x7f60a47afb19 [ 1157.391670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1157.396317] RSP: 002b:00007f60a1ce3188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1157.398404] RAX: ffffffffffffffda RBX: 00007f60a48c30e0 RCX: 00007f60a47afb19 [ 1157.400395] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1157.402397] RBP: 00007f60a1ce31d0 R08: 0000000000000000 R09: 0000000000000000 [ 1157.404306] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1157.406307] R13: 00007ffeb710efbf R14: 00007f60a1ce3300 R15: 0000000000022000 17:13:33 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f0000000180)={@local, r5}, 0x14) sendto$packet(r3, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r5, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r1, 0x407, 0x80000000) openat2(r2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:33 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:33 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:33 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:13:33 executing program 6: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10112, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0xd3}, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000002c0)=0x2b) readv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000040)=""/102, 0x66}, {&(0x7f00000000c0)=""/82, 0x52}, {&(0x7f0000000140)=""/250, 0xfa}, {&(0x7f0000000240)=""/33, 0x21}], 0x4) pkey_alloc(0x0, 0x0) r0 = pkey_alloc(0x0, 0x5) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, r0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f0000000380)={{0x2, 0x4e21, @remote}, {0x1, @remote}, 0x0, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 'batadv_slave_1\x00'}) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x88ab470809e5749e) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)) fallocate(r1, 0x0, 0x0, 0x8800000) 17:13:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1172.810565] FAULT_INJECTION: forcing a failure. [ 1172.810565] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1172.813655] CPU: 1 PID: 7066 Comm: syz-executor.2 Not tainted 5.10.235 #1 [ 1172.815266] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1172.817188] Call Trace: [ 1172.817824] dump_stack+0x107/0x167 [ 1172.818685] should_fail.cold+0x5/0xa [ 1172.819588] __alloc_pages_nodemask+0x182/0x600 [ 1172.820688] ? add_mm_counter_fast+0x220/0x220 [ 1172.821777] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1172.823212] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1172.824451] ? lock_downgrade+0x6d0/0x6d0 [ 1172.825436] ? mark_held_locks+0x9e/0xe0 [ 1172.826379] alloc_pages_vma+0xbb/0x410 [ 1172.827312] handle_mm_fault+0x152f/0x3500 [ 1172.828286] ? lock_downgrade+0x6d0/0x6d0 [ 1172.829231] ? alloc_file+0x5a0/0x5a0 [ 1172.830098] ? __pmd_alloc+0x5e0/0x5e0 [ 1172.831017] ? vmacache_find+0x55/0x2a0 [ 1172.831965] do_user_addr_fault+0x56e/0xc60 [ 1172.832985] exc_page_fault+0xa2/0x1a0 [ 1172.833889] ? asm_exc_page_fault+0x8/0x30 [ 1172.834886] asm_exc_page_fault+0x1e/0x30 [ 1172.835839] RIP: 0033:0x7fd7ecb32879 17:13:49 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:49 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:13:49 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 18) 17:13:49 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f0000000180)={@local, r5}, 0x14) sendto$packet(r3, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r5, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r1, 0x407, 0x80000000) openat2(r2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:49 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:49 executing program 6: mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10112, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0xd3}, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000002c0)=0x2b) readv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000040)=""/102, 0x66}, {&(0x7f00000000c0)=""/82, 0x52}, {&(0x7f0000000140)=""/250, 0xfa}, {&(0x7f0000000240)=""/33, 0x21}], 0x4) pkey_alloc(0x0, 0x0) r0 = pkey_alloc(0x0, 0x5) pkey_mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, r0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f0000000380)={{0x2, 0x4e21, @remote}, {0x1, @remote}, 0x0, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 'batadv_slave_1\x00'}) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x88ab470809e5749e) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)) fallocate(r1, 0x0, 0x0, 0x8800000) 17:13:49 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 15) 17:13:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1172.836752] Code: b8 2c 00 00 00 0f 05 48 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 <89> 7c 24 08 89 4c 24 28 e8 fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 [ 1172.841386] RSP: 002b:00007fd7ea0f3ff0 EFLAGS: 00010206 [ 1172.842629] RAX: 0000000000000001 RBX: 00007fd7ea0f40f0 RCX: 0000000000000000 [ 1172.844283] RDX: 0000000000000028 RSI: 00007fd7ea0f4140 RDI: 0000000000000004 [ 1172.845957] RBP: 0000000000000001 R08: 00007fd7ea0f4044 R09: 000000000000000c [ 1172.847631] R10: 0000000000000000 R11: 00007fd7ecbd972b R12: 00007fd7ea0f4098 [ 1172.849292] R13: 00007fd7ea0f4140 R14: 0000000000000004 R15: 0000000000000000 [ 1172.851176] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 1172.861304] FAULT_INJECTION: forcing a failure. [ 1172.861304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1172.864129] CPU: 1 PID: 7075 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1172.865736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1172.867708] Call Trace: [ 1172.868334] dump_stack+0x107/0x167 [ 1172.869192] should_fail.cold+0x5/0xa [ 1172.870097] _copy_from_user+0x2e/0x1b0 [ 1172.871056] __copy_msghdr_from_user+0x91/0x4b0 [ 1172.872179] ? __ia32_sys_shutdown+0x80/0x80 [ 1172.873257] ? __lock_acquire+0x1657/0x5b00 [ 1172.874335] ___sys_recvmsg+0xd5/0x200 [ 1172.875297] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1172.876450] ? __fget_files+0x2cf/0x520 [ 1172.877433] ? lock_acquire+0x197/0x470 [ 1172.878373] ? find_held_lock+0x2c/0x110 17:13:49 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1172.879362] ? __might_fault+0xd3/0x180 [ 1172.880425] ? lock_downgrade+0x6d0/0x6d0 [ 1172.881425] do_recvmmsg+0x24c/0x6d0 [ 1172.882314] ? ___sys_recvmsg+0x200/0x200 [ 1172.883312] ? lock_downgrade+0x6d0/0x6d0 [ 1172.884312] ? ksys_write+0x12d/0x260 [ 1172.885245] ? wait_for_completion_io+0x270/0x270 [ 1172.886408] ? rcu_read_lock_any_held+0x75/0xa0 [ 1172.887541] ? vfs_write+0x354/0xb10 [ 1172.888446] __x64_sys_recvmmsg+0x20f/0x260 [ 1172.889477] ? ksys_write+0x1a9/0x260 [ 1172.890397] ? __do_sys_socketcall+0x600/0x600 [ 1172.891519] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1172.892766] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1172.894014] do_syscall_64+0x33/0x40 [ 1172.894925] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1172.896162] RIP: 0033:0x7f60a47afb19 [ 1172.897086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1172.901557] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1172.903427] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1172.905169] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1172.906918] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1172.908657] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1172.910395] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 17:13:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1172.987537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:13:49 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:49 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x8000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x1, 0x10001, 0x0, 0x6, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) 17:13:49 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f0000000180)={@local, r5}, 0x14) sendto$packet(r3, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r5, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r1, 0x407, 0x80000000) openat2(r2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:13:49 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:49 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 19) 17:13:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:13:49 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r1 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r2, r3+10000000}) r4 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r4, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1173.166886] FAULT_INJECTION: forcing a failure. [ 1173.166886] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1173.169425] CPU: 1 PID: 7092 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1173.170889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1173.172657] Call Trace: [ 1173.173218] dump_stack+0x107/0x167 [ 1173.173989] should_fail.cold+0x5/0xa [ 1173.174833] _copy_from_user+0x2e/0x1b0 [ 1173.175680] __copy_msghdr_from_user+0x91/0x4b0 [ 1173.176671] ? __ia32_sys_shutdown+0x80/0x80 [ 1173.177596] ? __lock_acquire+0x1657/0x5b00 [ 1173.178529] ___sys_recvmsg+0xd5/0x200 [ 1173.179362] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1173.180418] ? __fget_files+0x2cf/0x520 [ 1173.181253] ? lock_acquire+0x197/0x470 [ 1173.182083] ? find_held_lock+0x2c/0x110 [ 1173.182958] ? __might_fault+0xd3/0x180 [ 1173.183803] ? lock_downgrade+0x6d0/0x6d0 [ 1173.184698] do_recvmmsg+0x24c/0x6d0 [ 1173.185499] ? ___sys_recvmsg+0x200/0x200 [ 1173.186376] ? lock_downgrade+0x6d0/0x6d0 [ 1173.187277] ? ksys_write+0x12d/0x260 [ 1173.188101] ? wait_for_completion_io+0x270/0x270 [ 1173.189126] ? rcu_read_lock_any_held+0x75/0xa0 [ 1173.190105] ? vfs_write+0x354/0xb10 [ 1173.190899] __x64_sys_recvmmsg+0x20f/0x260 [ 1173.191816] ? ksys_write+0x1a9/0x260 [ 1173.192628] ? __do_sys_socketcall+0x600/0x600 [ 1173.193592] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1173.194699] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1173.195780] do_syscall_64+0x33/0x40 [ 1173.196565] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1173.197656] RIP: 0033:0x7f60a47afb19 [ 1173.198432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1173.202296] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1173.203904] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1173.205397] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1173.206901] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1173.208402] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1173.209898] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:14:03 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:03 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:03 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r1 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r2, r3+10000000}) r4 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r4, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:03 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) readahead(0xffffffffffffffff, 0x0, 0x6) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x8000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x30000000}) fallocate(r3, 0x21, 0x400000000000, 0x6) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) read$eventfd(r5, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000340)={0x0, 0x0}) mq_notify(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x7, @tid=r6}) creat(&(0x7f0000000080)='./file1/file0\x00', 0x142) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000280)={0x0, 0x2, 0x3, 0x2}) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x220000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x30800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) 17:14:03 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:03 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:03 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 20) 17:14:03 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) (fail_nth: 16) [ 1187.229638] FAULT_INJECTION: forcing a failure. [ 1187.229638] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1187.232492] CPU: 0 PID: 7120 Comm: syz-executor.2 Not tainted 5.10.235 #1 [ 1187.234068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1187.236038] Call Trace: [ 1187.236663] dump_stack+0x107/0x167 [ 1187.237513] should_fail.cold+0x5/0xa [ 1187.238404] _copy_from_user+0x2e/0x1b0 [ 1187.239377] move_addr_to_kernel.part.0+0x31/0x110 [ 1187.240520] __sys_sendto+0x166/0x320 [ 1187.241420] ? __ia32_sys_getpeername+0xb0/0xb0 [ 1187.242522] ? __up_read+0x19f/0x7a0 [ 1187.243418] ? _down_write_nest_lock+0x160/0x160 [ 1187.244522] ? vmacache_find+0x55/0x2a0 [ 1187.245520] __x64_sys_sendto+0xdd/0x1b0 [ 1187.246527] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1187.247746] do_syscall_64+0x33/0x40 [ 1187.248632] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1187.249801] RIP: 0033:0x7fd7ecb328ac [ 1187.250641] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b [ 1187.254939] RSP: 002b:00007fd7ea0f3ff0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1187.256705] RAX: ffffffffffffffda RBX: 00007fd7ea0f40f0 RCX: 00007fd7ecb328ac [ 1187.258388] RDX: 0000000000000028 RSI: 00007fd7ea0f4140 RDI: 0000000000000004 [ 1187.260061] RBP: 0000000000000000 R08: 00007fd7ea0f4044 R09: 000000000000000c [ 1187.261720] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fd7ea0f4098 [ 1187.263402] R13: 00007fd7ea0f4140 R14: 0000000000000004 R15: 0000000000000000 17:14:03 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1187.339442] FAULT_INJECTION: forcing a failure. [ 1187.339442] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1187.342186] CPU: 0 PID: 7126 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1187.343693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1187.345522] Call Trace: [ 1187.346116] dump_stack+0x107/0x167 [ 1187.346930] should_fail.cold+0x5/0xa [ 1187.347788] _copy_from_user+0x2e/0x1b0 [ 1187.348696] __copy_msghdr_from_user+0x91/0x4b0 [ 1187.349726] ? __ia32_sys_shutdown+0x80/0x80 [ 1187.350709] ? __lock_acquire+0x1657/0x5b00 [ 1187.351671] ___sys_recvmsg+0xd5/0x200 [ 1187.352534] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1187.353769] ? trace_hardirqs_on+0x5b/0x180 [ 1187.354961] ? lock_acquire+0x197/0x470 [ 1187.356054] ? find_held_lock+0x2c/0x110 [ 1187.357168] ? __might_fault+0xd3/0x180 [ 1187.358262] ? lock_downgrade+0x6d0/0x6d0 [ 1187.359439] do_recvmmsg+0x24c/0x6d0 [ 1187.360398] ? ___sys_recvmsg+0x200/0x200 [ 1187.361444] ? lock_downgrade+0x6d0/0x6d0 [ 1187.362522] ? ksys_write+0x12d/0x260 [ 1187.363572] ? wait_for_completion_io+0x270/0x270 [ 1187.364871] ? rcu_read_lock_any_held+0x75/0xa0 [ 1187.366113] ? vfs_write+0x354/0xb10 [ 1187.367141] __x64_sys_recvmmsg+0x20f/0x260 [ 1187.368334] ? ksys_write+0x1a9/0x260 [ 1187.369364] ? __do_sys_socketcall+0x600/0x600 [ 1187.370567] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1187.371750] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1187.373135] do_syscall_64+0x33/0x40 [ 1187.374152] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1187.375515] RIP: 0033:0x7f60a47afb19 [ 1187.376415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1187.380636] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1187.382355] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1187.383984] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1187.385597] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1187.387351] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1187.389242] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 17:14:03 executing program 6: syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbbb86dd6093de9200300000ff020000000000000000000000000001fe80000000000000000000000000aa0004000000000000040100c910fe80000000000000000000000012003ac910fc00000000000000000000000000000100"], 0x0) 17:14:03 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:03 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1187.453227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:14:03 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:03 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:03 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000340)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000200008000f8000020004000000000000000000001", 0x25}, {0x0, 0x0, 0x4000}], 0x0, &(0x7f0000001500)=ANY=[]) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x10000000c) syz_io_uring_setup(0x77d5, 0x0, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f00000001c0)=0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0}) connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000500)={{{@in=@local, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={""/10, ""/2, @dev}}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8) sendmsg$ETHTOOL_MSG_EEE_SET(r3, &(0x7f0000000400)={&(0x7f0000000080), 0xc, &(0x7f00000003c0)={&(0x7f0000000640)={0xc8, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_EEE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_EEE_HEADER={0x4}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_ENABLED={0x5}]}, 0xc8}, 0x1, 0x0, 0x0, 0x41}, 0x40080) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=@ceph_nfs_snapfh={0x1c, 0x4e, {0x401, 0x9, 0x98, 0xfffffff7}}, 0x444000) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@pktinfo={{0x24, 0x29, 0x3, {@mcast2}}}], 0x28}}], 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x2, 0x0, r7, 0x0, &(0x7f0000000440)="037ec052eb7052ecc311eb97be349b472124662ef4dede168d2cc6b84523e469f7de3551a997ff1a436a6a460d6c7b3b654058217932b9b4e725b61005069a94b0023b61ffa96663ecdf9beb68cbd35d7220f33536b1ffa44c6249741c19fb3b87fc119879864c8fd9e2289f682666006227ca0c846b8af077e9fddcb04be43575ac9567d837f2f5d2333716fd4d", 0x8e, 0x12140, 0x1, {0x0, r8}}, 0x80000000) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000840)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x2, 0x3, &(0x7f0000000740)="96198cf89f1f4304320ce7e1917554058808f84d56d39118fc3b1a07b49a77a5e3f3c5d1459c18a2d79b878e29df3e52adbe6b2845911face250ac980269adfb5bb43c7e88f294a673e362311972eaf118b54c0b4a9f403e811ccc3ff32020fbab095e8250fd6c52c6c687cc70c92bb63fc430029f2f93e2b7a5e5588910431b8d527b70ffa55e35f330fb86cbdc2ef1100ae8c970bd26b8e059d805efdd1a3ea5c1c40c21db83baeb76c24784ffebd26cc766ca65850f073cdd718fd1002f103ac031202ea49e47abc202c6f936098cd6", 0x9, 0x0, 0x0, {0x1}}, 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}], 0x80, "5fabd34a60e47f"}) 17:14:03 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r1 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r2, r3+10000000}) r4 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r4, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1187.604197] loop6: detected capacity change from 0 to 32768 [ 1187.619936] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 1187.747886] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 17:14:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, 0x0, 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:20 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:20 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:20 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:20 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 21) 17:14:20 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x3}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:14:20 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x30, 0x10, 0x1, 0xa, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0x11, 0x3ffc, 0x0, 0x1, [@generic="487fec864b245e0f3f9be149f8"]}]}, 0x30}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x401) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') getdents64(r2, &(0x7f00000007c0)=""/180, 0x200007d8) getdents64(r2, 0x0, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, 0x0, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, [""]}, 0x30}}, 0x1) r3 = syz_genetlink_get_family_id$ipvs(0x0, r2) sendmsg$IPVS_CMD_GET_SERVICE(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x200, 0x1f, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x200}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x1ff}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r4, 0x1, 0x6, @local}, 0x10) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000000c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x2f}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000005c0)=ANY=[@ANYBLOB="2fdb37649ce6de56f1a66de348a417046c0069aa0e0efadc0f97298b035b3be1c5d095708560c432cbd0a799a9c94aa07ca0242933c3799d374b17d979131fb67add1380b3ff0deb06bf947f3d81039dbe009d98baeb6089e9cae74920699e14aad9f26f83f4d50ecc110500000000000000a73a83e4e16e8f7d3472208b8e76a96eea28f6fed55c671e9900b0153cf63c1945d1ffe3", @ANYRES32]) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYRESOCT, @ANYRES16=r3, @ANYBLOB="b731698c0cc625cafd5bcb44996a1c974a3462815d9108c4859e9c4e0a35ab9301e1b8df56b6f135164bfadc22bb4d554d9f41f3a3b65062d2d40a0606d789cd0726864db22c9dc126687368aa1cf2e53b7a15cf605775a8652517b25ad52d318154f15c842e751e499644f063c7d42d82f7c774b48908fe5eff0a71b9206362c79c069773742032a9cfb4eefed5d65e1c6b759a38f76d9e9bc6"], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x0) unshare(0x48020200) 17:14:20 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1204.312193] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.6'. [ 1204.325846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:14:20 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1204.380319] FAULT_INJECTION: forcing a failure. [ 1204.380319] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1204.383032] CPU: 0 PID: 7171 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1204.384494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1204.386265] Call Trace: [ 1204.386847] dump_stack+0x107/0x167 [ 1204.387644] should_fail.cold+0x5/0xa [ 1204.388487] _copy_from_user+0x2e/0x1b0 [ 1204.389355] __copy_msghdr_from_user+0x91/0x4b0 [ 1204.390362] ? __ia32_sys_shutdown+0x80/0x80 [ 1204.391325] ? __lock_acquire+0x1657/0x5b00 [ 1204.392268] ___sys_recvmsg+0xd5/0x200 [ 1204.393127] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1204.394181] ? __fget_files+0x2cf/0x520 [ 1204.395045] ? lock_acquire+0x197/0x470 [ 1204.395913] ? find_held_lock+0x2c/0x110 [ 1204.396789] ? __might_fault+0xd3/0x180 [ 1204.397643] ? lock_downgrade+0x6d0/0x6d0 [ 1204.398556] do_recvmmsg+0x24c/0x6d0 [ 1204.399352] ? ___sys_recvmsg+0x200/0x200 [ 1204.400250] ? lock_downgrade+0x6d0/0x6d0 [ 1204.401149] ? ksys_write+0x12d/0x260 [ 1204.401960] ? wait_for_completion_io+0x270/0x270 [ 1204.403014] ? rcu_read_lock_any_held+0x75/0xa0 [ 1204.404041] ? vfs_write+0x354/0xb10 [ 1204.404841] __x64_sys_recvmmsg+0x20f/0x260 [ 1204.405738] ? ksys_write+0x1a9/0x260 [ 1204.406540] ? __do_sys_socketcall+0x600/0x600 [ 1204.407532] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1204.408664] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1204.409772] do_syscall_64+0x33/0x40 [ 1204.410567] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1204.411663] RIP: 0033:0x7f60a47afb19 [ 1204.412467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1204.416413] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1204.418034] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1204.419554] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1204.421082] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1204.422592] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1204.424115] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 17:14:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:20 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:20 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:20 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 22) [ 1204.585506] FAULT_INJECTION: forcing a failure. [ 1204.585506] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1204.588046] CPU: 0 PID: 7182 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1204.589503] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1204.591296] Call Trace: [ 1204.591861] dump_stack+0x107/0x167 [ 1204.592623] should_fail.cold+0x5/0xa [ 1204.593467] _copy_from_user+0x2e/0x1b0 [ 1204.594312] __copy_msghdr_from_user+0x91/0x4b0 [ 1204.595307] ? __ia32_sys_shutdown+0x80/0x80 [ 1204.596248] ? __lock_acquire+0x1657/0x5b00 [ 1204.597200] ___sys_recvmsg+0xd5/0x200 [ 1204.598019] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1204.599058] ? __fget_files+0x2cf/0x520 [ 1204.599911] ? lock_acquire+0x197/0x470 [ 1204.600739] ? find_held_lock+0x2c/0x110 [ 1204.601585] ? __might_fault+0xd3/0x180 [ 1204.602410] ? lock_downgrade+0x6d0/0x6d0 [ 1204.603280] do_recvmmsg+0x24c/0x6d0 [ 1204.604065] ? ___sys_recvmsg+0x200/0x200 [ 1204.604929] ? lock_downgrade+0x6d0/0x6d0 [ 1204.605814] ? ksys_write+0x12d/0x260 [ 1204.606624] ? wait_for_completion_io+0x270/0x270 [ 1204.607645] ? rcu_read_lock_any_held+0x75/0xa0 [ 1204.608635] ? vfs_write+0x354/0xb10 [ 1204.609435] __x64_sys_recvmmsg+0x20f/0x260 [ 1204.610334] ? ksys_write+0x1a9/0x260 [ 1204.611141] ? __do_sys_socketcall+0x600/0x600 [ 1204.612111] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1204.613212] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1204.614286] do_syscall_64+0x33/0x40 [ 1204.615075] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1204.616146] RIP: 0033:0x7f60a47afb19 [ 1204.616933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1204.620812] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1204.622435] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1204.623940] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1204.625472] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1204.626987] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1204.628489] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1204.637495] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:14:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:21 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x48}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:14:21 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340), 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1204.749139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:14:21 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340), 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1205.061935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1223.037011] FAULT_INJECTION: forcing a failure. [ 1223.037011] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1223.038530] CPU: 1 PID: 7205 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1223.039378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1223.040390] Call Trace: [ 1223.040713] dump_stack+0x107/0x167 [ 1223.041169] should_fail.cold+0x5/0xa [ 1223.041642] _copy_from_user+0x2e/0x1b0 [ 1223.042132] __copy_msghdr_from_user+0x91/0x4b0 [ 1223.042697] ? __ia32_sys_shutdown+0x80/0x80 [ 1223.043244] ? __lock_acquire+0x1657/0x5b00 [ 1223.043777] ___sys_recvmsg+0xd5/0x200 [ 1223.044250] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1223.045145] ? __fget_files+0x2cf/0x520 [ 1223.045780] ? lock_acquire+0x197/0x470 [ 1223.046417] ? find_held_lock+0x2c/0x110 [ 1223.046957] ? __might_fault+0xd3/0x180 [ 1223.047442] ? lock_downgrade+0x6d0/0x6d0 [ 1223.047953] do_recvmmsg+0x24c/0x6d0 [ 1223.048406] ? ___sys_recvmsg+0x200/0x200 [ 1223.048980] ? lock_downgrade+0x6d0/0x6d0 [ 1223.049578] ? ksys_write+0x12d/0x260 [ 1223.050160] ? wait_for_completion_io+0x270/0x270 [ 1223.050829] ? rcu_read_lock_any_held+0x75/0xa0 [ 1223.051480] ? vfs_write+0x354/0xb10 [ 1223.052007] __x64_sys_recvmmsg+0x20f/0x260 [ 1223.052608] ? ksys_write+0x1a9/0x260 [ 1223.053113] ? __do_sys_socketcall+0x600/0x600 [ 1223.053752] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1223.054526] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1223.055289] do_syscall_64+0x33/0x40 [ 1223.055847] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1223.056594] RIP: 0033:0x7f60a47afb19 [ 1223.057145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1223.059865] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1223.060974] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1223.062012] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1223.063020] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1223.064015] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1223.065021] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 [ 1223.083576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:14:39 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 23) 17:14:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:39 executing program 6: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r1 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r2, r3+10000000}) r4 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r4, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:39 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:39 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340), 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:39 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:39 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x50}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:14:39 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 24) 17:14:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1223.177073] FAULT_INJECTION: forcing a failure. [ 1223.177073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1223.178483] CPU: 1 PID: 7220 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1223.179286] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1223.180239] Call Trace: [ 1223.180545] dump_stack+0x107/0x167 [ 1223.180967] should_fail.cold+0x5/0xa [ 1223.181410] _copy_from_user+0x2e/0x1b0 [ 1223.181873] __copy_msghdr_from_user+0x91/0x4b0 [ 1223.182406] ? __ia32_sys_shutdown+0x80/0x80 [ 1223.182913] ? __lock_acquire+0x1657/0x5b00 [ 1223.183430] ___sys_recvmsg+0xd5/0x200 [ 1223.183897] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1223.184464] ? trace_hardirqs_on+0x5b/0x180 [ 1223.184980] ? lock_acquire+0x197/0x470 [ 1223.185438] ? find_held_lock+0x2c/0x110 [ 1223.185913] ? __might_fault+0xd3/0x180 [ 1223.186369] ? lock_downgrade+0x6d0/0x6d0 [ 1223.186852] do_recvmmsg+0x24c/0x6d0 [ 1223.187293] ? ___sys_recvmsg+0x200/0x200 [ 1223.187772] ? lock_downgrade+0x6d0/0x6d0 [ 1223.188253] ? ksys_write+0x12d/0x260 [ 1223.188705] ? wait_for_completion_io+0x270/0x270 [ 1223.189266] ? rcu_read_lock_any_held+0x75/0xa0 [ 1223.189797] ? vfs_write+0x354/0xb10 [ 1223.190240] __x64_sys_recvmmsg+0x20f/0x260 [ 1223.190735] ? ksys_write+0x1a9/0x260 [ 1223.191181] ? __do_sys_socketcall+0x600/0x600 [ 1223.191712] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1223.192332] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1223.192927] do_syscall_64+0x33/0x40 [ 1223.193355] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1223.193946] RIP: 0033:0x7f60a47afb19 [ 1223.194383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1223.196528] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1223.197412] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1223.198228] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1223.199057] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1223.199872] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1223.200684] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:14:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:39 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:39 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 25) 17:14:39 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000180)={@local}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) [ 1223.340085] FAULT_INJECTION: forcing a failure. [ 1223.340085] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1223.341513] CPU: 1 PID: 7230 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1223.342296] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1223.343269] Call Trace: [ 1223.343593] dump_stack+0x107/0x167 [ 1223.344032] should_fail.cold+0x5/0xa [ 1223.344500] __alloc_pages_nodemask+0x182/0x600 [ 1223.345032] ? lock_chain_count+0x20/0x20 [ 1223.345521] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1223.346245] alloc_pages_vma+0xbb/0x410 [ 1223.346707] wp_page_copy+0xee7/0x1f00 [ 1223.347174] ? print_bad_pte+0x5a0/0x5a0 [ 1223.347648] ? lock_downgrade+0x6d0/0x6d0 [ 1223.348150] ? vm_normal_page+0x162/0x2e0 [ 1223.348640] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1223.349250] do_wp_page+0x27b/0x1390 [ 1223.349680] handle_mm_fault+0x1cc7/0x3500 [ 1223.350169] ? __check_object_size+0x2f/0x440 [ 1223.350682] ? __pmd_alloc+0x5e0/0x5e0 [ 1223.351162] ? vmacache_find+0x55/0x2a0 [ 1223.351676] do_user_addr_fault+0x56e/0xc60 [ 1223.352281] exc_page_fault+0xa2/0x1a0 [ 1223.352810] asm_exc_page_fault+0x1e/0x30 [ 1223.353371] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 1223.354092] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 61 ea 1c 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 42 ea 1c 02 66 90 48 bb f9 ef ff ff ff 7f [ 1223.356739] RSP: 0018:ffff88800cea79c8 EFLAGS: 00050202 [ 1223.357503] RAX: 0000000000000020 RBX: ffffffff837e6c40 RCX: 0000000020002030 [ 1223.358519] RDX: 1ffff110019d4fc3 RSI: ffffffff8310cbca RDI: 0000000000000005 [ 1223.359523] RBP: ffff88800cea7dc8 R08: 0000000000000001 R09: ffff88801cc9871f [ 1223.360510] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030 [ 1223.361347] R13: 0000000020002000 R14: 0000000000000022 R15: 0000000000000034 [ 1223.362282] ? packet_create+0xb00/0xb00 [ 1223.362824] ? ____sys_recvmsg+0x2aa/0x590 [ 1223.363409] ____sys_recvmsg+0x2dd/0x590 [ 1223.363965] ? kernel_recvmsg+0x80/0x80 [ 1223.364491] ? __import_iovec+0x458/0x590 [ 1223.365036] ? import_iovec+0x83/0xb0 [ 1223.365471] ___sys_recvmsg+0x127/0x200 [ 1223.365940] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1223.366517] ? __fget_files+0x2cf/0x520 [ 1223.366988] ? lock_acquire+0x197/0x470 [ 1223.367460] ? find_held_lock+0x2c/0x110 [ 1223.367933] ? __might_fault+0xd3/0x180 [ 1223.368402] ? lock_downgrade+0x6d0/0x6d0 [ 1223.368904] do_recvmmsg+0x24c/0x6d0 [ 1223.369341] ? ___sys_recvmsg+0x200/0x200 [ 1223.369826] ? lock_downgrade+0x6d0/0x6d0 [ 1223.370322] ? ksys_write+0x12d/0x260 [ 1223.370770] ? wait_for_completion_io+0x270/0x270 [ 1223.371344] ? rcu_read_lock_any_held+0x75/0xa0 [ 1223.371903] ? vfs_write+0x354/0xb10 [ 1223.372347] __x64_sys_recvmmsg+0x20f/0x260 [ 1223.372868] ? ksys_write+0x1a9/0x260 [ 1223.373310] ? __do_sys_socketcall+0x600/0x600 [ 1223.373846] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1223.374451] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1223.375070] do_syscall_64+0x33/0x40 [ 1223.375501] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1223.376105] RIP: 0033:0x7f60a47afb19 [ 1223.376538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1223.378680] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1223.379572] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1223.380409] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1223.381246] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1223.382108] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1223.382962] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1223.402792] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1239.146251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:14:55 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:55 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:55 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:14:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:55 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 26) 17:14:55 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x65}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:14:55 executing program 6: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:55 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) 17:14:55 executing program 6: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1239.352079] FAULT_INJECTION: forcing a failure. [ 1239.352079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1239.353452] CPU: 0 PID: 7253 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1239.354228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1239.355193] Call Trace: [ 1239.355504] dump_stack+0x107/0x167 [ 1239.355920] should_fail.cold+0x5/0xa [ 1239.356358] _copy_from_user+0x2e/0x1b0 [ 1239.356817] __copy_msghdr_from_user+0x91/0x4b0 [ 1239.357348] ? __ia32_sys_shutdown+0x80/0x80 [ 1239.357852] ? __lock_acquire+0x1657/0x5b00 [ 1239.358352] ___sys_recvmsg+0xd5/0x200 [ 1239.358802] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1239.359368] ? __fget_files+0x2cf/0x520 [ 1239.359825] ? lock_acquire+0x197/0x470 [ 1239.360274] ? find_held_lock+0x2c/0x110 [ 1239.360755] ? __might_fault+0xd3/0x180 [ 1239.361208] ? lock_downgrade+0x6d0/0x6d0 [ 1239.361689] do_recvmmsg+0x24c/0x6d0 [ 1239.362117] ? ___sys_recvmsg+0x200/0x200 [ 1239.362592] ? lock_downgrade+0x6d0/0x6d0 [ 1239.363075] ? ksys_write+0x12d/0x260 [ 1239.363519] ? wait_for_completion_io+0x270/0x270 [ 1239.364073] ? rcu_read_lock_any_held+0x75/0xa0 [ 1239.364601] ? vfs_write+0x354/0xb10 [ 1239.365033] __x64_sys_recvmmsg+0x20f/0x260 [ 1239.365527] ? ksys_write+0x1a9/0x260 [ 1239.365962] ? __do_sys_socketcall+0x600/0x600 [ 1239.366485] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1239.367084] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1239.367676] do_syscall_64+0x33/0x40 [ 1239.368134] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1239.368806] RIP: 0033:0x7f60a47afb19 [ 1239.369298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1239.371712] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1239.372658] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1239.373504] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1239.374329] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1239.375166] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1239.375974] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:14:55 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:14:55 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:14:55 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:14:55 executing program 6: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1239.479062] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:15:14 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1257.969183] netlink: 'syz-executor.6': attribute type 17 has an invalid length. 17:15:14 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c000000100001000000000000000000000000000500000000000000040000800c00118008000000", @ANYRES32, @ANYBLOB="4b145afaef3c97fe6ed7cf4ad261b7678b259ee413664375451ef699758127423c035d2be0706c4c67605d587fd31d8398093af8ffffffffffffff8f294001084af64d4c500c9c4e892daafc95f1293a2a57ca8d55b8671379d4211accae4813a37c551a74637eb3cedfd45aa14068e1081dfbb35fa758386ae02c3d3e0219d867026aa957a6abadec2d066d73041a2b50fae0b2a6a0463a866c34ff1f2cc04dddedebd190a4e6e00d1ce89984c19608479c94a514cbc14485a240b19dbc28362739b647ae0f52fd968c0e08dcdf352c3422add9a1be08293dddaae9ad203ebc8ff02da577"], 0x2c}}, 0x0) 17:15:14 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:15:14 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 27) 17:15:14 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 1) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:15:14 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:14 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x3}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1258.001344] FAULT_INJECTION: forcing a failure. [ 1258.001344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1258.004158] CPU: 0 PID: 7287 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1258.005580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.007277] Call Trace: [ 1258.007829] dump_stack+0x107/0x167 [ 1258.008576] should_fail.cold+0x5/0xa [ 1258.009381] _copy_from_user+0x2e/0x1b0 [ 1258.010215] __copy_msghdr_from_user+0x91/0x4b0 [ 1258.011163] ? __ia32_sys_shutdown+0x80/0x80 [ 1258.012088] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1258.013165] ? mark_lock+0xf5/0x2df0 [ 1258.013913] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1258.014977] ? __lock_acquire+0x1657/0x5b00 [ 1258.015875] ___sys_recvmsg+0xd5/0x200 [ 1258.016671] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1258.017672] ? __fget_files+0x2cf/0x520 [ 1258.018476] ? lock_downgrade+0x6d0/0x6d0 [ 1258.019322] ? lock_downgrade+0x6d0/0x6d0 [ 1258.020188] ? __fget_files+0x2f8/0x520 [ 1258.021020] ? __fget_light+0xea/0x290 [ 1258.021831] do_recvmmsg+0x24c/0x6d0 [ 1258.022604] ? ___sys_recvmsg+0x200/0x200 [ 1258.023456] ? lock_downgrade+0x6d0/0x6d0 [ 1258.024308] ? ksys_write+0x12d/0x260 [ 1258.025093] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1258.026078] ? wait_for_completion_io+0x270/0x270 [ 1258.027070] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.028018] ? vfs_write+0x354/0xb10 [ 1258.028779] __x64_sys_recvmmsg+0x20f/0x260 [ 1258.029655] ? ksys_write+0x1a9/0x260 [ 1258.030441] ? __do_sys_socketcall+0x600/0x600 [ 1258.031379] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.032451] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1258.033505] do_syscall_64+0x33/0x40 [ 1258.034277] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.035316] RIP: 0033:0x7f67c49b5b19 [ 1258.036090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.039805] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1258.041347] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1258.042774] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1258.044211] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.045643] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1258.047082] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1258.054439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:15:14 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 1) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1258.072407] FAULT_INJECTION: forcing a failure. [ 1258.072407] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1258.075181] CPU: 0 PID: 7297 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1258.076771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.078693] Call Trace: [ 1258.079245] dump_stack+0x107/0x167 [ 1258.079985] should_fail.cold+0x5/0xa [ 1258.080730] _copy_from_user+0x2e/0x1b0 [ 1258.081519] __copy_msghdr_from_user+0x91/0x4b0 [ 1258.082443] ? __ia32_sys_shutdown+0x80/0x80 [ 1258.083327] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1258.084431] ? mark_lock+0xf5/0x2df0 [ 1258.085156] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1258.086190] ? __lock_acquire+0x1657/0x5b00 [ 1258.087059] ___sys_recvmsg+0xd5/0x200 [ 1258.087812] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1258.088789] ? __fget_files+0x2cf/0x520 [ 1258.089697] ? lock_downgrade+0x6d0/0x6d0 [ 1258.090610] ? lock_downgrade+0x6d0/0x6d0 [ 1258.091432] ? __fget_files+0x2f8/0x520 [ 1258.092222] ? __fget_light+0xea/0x290 [ 1258.093016] do_recvmmsg+0x24c/0x6d0 [ 1258.093756] ? ___sys_recvmsg+0x200/0x200 [ 1258.094579] ? lock_downgrade+0x6d0/0x6d0 [ 1258.095427] ? ksys_write+0x12d/0x260 [ 1258.096193] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1258.097152] ? wait_for_completion_io+0x270/0x270 [ 1258.098127] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.099023] ? vfs_write+0x354/0xb10 [ 1258.099777] __x64_sys_recvmmsg+0x20f/0x260 [ 1258.100626] ? ksys_write+0x1a9/0x260 [ 1258.101363] ? __do_sys_socketcall+0x600/0x600 [ 1258.102274] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.103309] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1258.104349] do_syscall_64+0x33/0x40 [ 1258.105096] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.106119] RIP: 0033:0x7f11b74b4b19 [ 1258.106843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.110392] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1258.111904] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1258.113303] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1258.114701] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.116121] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1258.117519] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:15:14 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffe}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x1912, &(0x7f0000000200)={0x0, 0x1000, 0x10, 0x0, 0x233}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) io_uring_enter(r0, 0x2818, 0x7be9, 0x0, &(0x7f00000002c0)={[0x3]}, 0x8) r3 = perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0xff, 0x3, 0x3b, 0x3f, 0x0, 0xfffffffffffffff7, 0x44000, 0xc, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x6, 0x2, @perf_config_ext={0x6, 0x400}, 0x1, 0x8, 0x5, 0x8, 0x6, 0x1, 0x3, 0x0, 0xe6, 0x0, 0x9}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200080, 0x23456}, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) r5 = syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000feb000/0x13000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000002a40)) io_uring_enter(r5, 0x18e3, 0x0, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x80010, r5, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000280)=0x80000001) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x242e2, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 17:15:14 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:14 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 2) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1258.192985] FAULT_INJECTION: forcing a failure. [ 1258.192985] name fail_usercopy, interval 1, probability 0, space 0, times 0 17:15:14 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 2) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1258.195541] CPU: 1 PID: 7292 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1258.197366] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.199205] Call Trace: [ 1258.199796] dump_stack+0x107/0x167 [ 1258.200590] should_fail.cold+0x5/0xa [ 1258.201396] _copy_from_user+0x2e/0x1b0 [ 1258.202249] __copy_msghdr_from_user+0x91/0x4b0 [ 1258.203235] ? __ia32_sys_shutdown+0x80/0x80 [ 1258.204241] ? __lock_acquire+0x1657/0x5b00 [ 1258.205224] ___sys_recvmsg+0xd5/0x200 [ 1258.206079] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1258.207187] ? lock_acquire+0x197/0x470 [ 1258.208096] ? find_held_lock+0x2c/0x110 [ 1258.209030] ? __might_fault+0xd3/0x180 [ 1258.210009] ? lock_downgrade+0x6d0/0x6d0 [ 1258.211073] do_recvmmsg+0x24c/0x6d0 [ 1258.212036] ? ___sys_recvmsg+0x200/0x200 [ 1258.213007] ? lock_downgrade+0x6d0/0x6d0 [ 1258.214002] ? ksys_write+0x12d/0x260 [ 1258.214923] ? wait_for_completion_io+0x270/0x270 [ 1258.216027] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.217048] ? vfs_write+0x354/0xb10 [ 1258.217907] __x64_sys_recvmmsg+0x20f/0x260 [ 1258.218948] ? ksys_write+0x1a9/0x260 [ 1258.219939] ? __do_sys_socketcall+0x600/0x600 [ 1258.221113] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.222445] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1258.223745] do_syscall_64+0x33/0x40 [ 1258.224672] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.225949] RIP: 0033:0x7f60a47afb19 [ 1258.226862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.230763] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1258.232378] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1258.233880] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1258.235398] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.236912] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1258.238450] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1258.261440] FAULT_INJECTION: forcing a failure. [ 1258.261440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1258.263446] FAULT_INJECTION: forcing a failure. [ 1258.263446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1258.264157] CPU: 1 PID: 7310 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1258.268259] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.270133] Call Trace: [ 1258.270722] dump_stack+0x107/0x167 [ 1258.271555] should_fail.cold+0x5/0xa [ 1258.272416] _copy_from_user+0x2e/0x1b0 [ 1258.273382] __copy_msghdr_from_user+0x91/0x4b0 [ 1258.274534] ? __ia32_sys_shutdown+0x80/0x80 [ 1258.275601] ? __lock_acquire+0x1657/0x5b00 [ 1258.276693] ___sys_recvmsg+0xd5/0x200 [ 1258.277667] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1258.278882] ? __fget_files+0x2cf/0x520 [ 1258.279884] ? lock_acquire+0x197/0x470 [ 1258.280870] ? find_held_lock+0x2c/0x110 [ 1258.281874] ? __might_fault+0xd3/0x180 [ 1258.282799] ? lock_downgrade+0x6d0/0x6d0 [ 1258.283851] do_recvmmsg+0x24c/0x6d0 [ 1258.284728] ? ___sys_recvmsg+0x200/0x200 [ 1258.285709] ? lock_downgrade+0x6d0/0x6d0 [ 1258.286697] ? ksys_write+0x12d/0x260 [ 1258.287637] ? wait_for_completion_io+0x270/0x270 [ 1258.288813] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.289907] ? vfs_write+0x354/0xb10 [ 1258.290776] __x64_sys_recvmmsg+0x20f/0x260 [ 1258.291794] ? ksys_write+0x1a9/0x260 [ 1258.292766] ? __do_sys_socketcall+0x600/0x600 [ 1258.293844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.295067] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1258.296183] do_syscall_64+0x33/0x40 [ 1258.297137] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.298416] RIP: 0033:0x7f11b74b4b19 [ 1258.299353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.303912] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1258.305790] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1258.307565] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1258.309331] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.311089] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1258.312865] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1258.314663] CPU: 0 PID: 7307 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1258.316069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.317522] Call Trace: [ 1258.318011] dump_stack+0x107/0x167 [ 1258.318656] should_fail.cold+0x5/0xa [ 1258.319358] _copy_from_user+0x2e/0x1b0 [ 1258.320065] __copy_msghdr_from_user+0x91/0x4b0 [ 1258.320910] ? __ia32_sys_shutdown+0x80/0x80 [ 1258.321680] ? __lock_acquire+0x1657/0x5b00 [ 1258.322441] ___sys_recvmsg+0xd5/0x200 [ 1258.323121] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1258.323986] ? __fget_files+0x2cf/0x520 [ 1258.324677] ? lock_acquire+0x197/0x470 [ 1258.325377] ? find_held_lock+0x2c/0x110 [ 1258.326092] ? __might_fault+0xd3/0x180 [ 1258.326778] ? lock_downgrade+0x6d0/0x6d0 [ 1258.327511] do_recvmmsg+0x24c/0x6d0 [ 1258.328160] ? ___sys_recvmsg+0x200/0x200 [ 1258.328874] ? lock_downgrade+0x6d0/0x6d0 [ 1258.329595] ? ksys_write+0x12d/0x260 [ 1258.330256] ? wait_for_completion_io+0x270/0x270 [ 1258.331086] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.331895] ? vfs_write+0x354/0xb10 [ 1258.332541] __x64_sys_recvmmsg+0x20f/0x260 [ 1258.333289] ? ksys_write+0x1a9/0x260 [ 1258.333950] ? __do_sys_socketcall+0x600/0x600 [ 1258.334748] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.335658] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1258.336538] do_syscall_64+0x33/0x40 [ 1258.337175] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.338042] RIP: 0033:0x7f67c49b5b19 [ 1258.338674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.341804] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1258.343093] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1258.344317] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1258.345549] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.346752] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1258.347982] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:15:14 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:15:14 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1258.451058] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:15:14 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 28) 17:15:14 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x4}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1258.591250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1258.597701] FAULT_INJECTION: forcing a failure. [ 1258.597701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1258.600342] CPU: 1 PID: 7321 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1258.601757] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.603549] Call Trace: [ 1258.604100] dump_stack+0x107/0x167 [ 1258.604866] should_fail.cold+0x5/0xa [ 1258.605657] _copy_from_user+0x2e/0x1b0 [ 1258.606512] __copy_msghdr_from_user+0x91/0x4b0 [ 1258.607532] ? __ia32_sys_shutdown+0x80/0x80 [ 1258.608448] ? __lock_acquire+0x1657/0x5b00 [ 1258.609390] ___sys_recvmsg+0xd5/0x200 [ 1258.610263] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1258.611513] ? __fget_files+0x2cf/0x520 [ 1258.612508] ? lock_acquire+0x197/0x470 [ 1258.613377] ? find_held_lock+0x2c/0x110 [ 1258.614314] ? __might_fault+0xd3/0x180 [ 1258.615198] ? lock_downgrade+0x6d0/0x6d0 [ 1258.616143] do_recvmmsg+0x24c/0x6d0 [ 1258.616960] ? ___sys_recvmsg+0x200/0x200 [ 1258.617990] ? lock_downgrade+0x6d0/0x6d0 [ 1258.619031] ? ksys_write+0x12d/0x260 [ 1258.620035] ? wait_for_completion_io+0x270/0x270 [ 1258.621075] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.622101] ? vfs_write+0x354/0xb10 [ 1258.623080] __x64_sys_recvmmsg+0x20f/0x260 [ 1258.624198] ? ksys_write+0x1a9/0x260 [ 1258.625179] ? __do_sys_socketcall+0x600/0x600 [ 1258.626393] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.627655] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1258.628916] do_syscall_64+0x33/0x40 [ 1258.629684] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.630740] RIP: 0033:0x7f60a47afb19 [ 1258.631554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.635464] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1258.637398] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1258.638990] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1258.640567] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.642087] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1258.643676] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1258.898384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1272.953492] FAULT_INJECTION: forcing a failure. [ 1272.953492] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1272.957027] CPU: 0 PID: 7330 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1272.958809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1272.960953] Call Trace: [ 1272.961642] dump_stack+0x107/0x167 [ 1272.962583] should_fail.cold+0x5/0xa [ 1272.963576] _copy_from_user+0x2e/0x1b0 [ 1272.964606] __copy_msghdr_from_user+0x91/0x4b0 [ 1272.965808] ? __ia32_sys_shutdown+0x80/0x80 [ 1272.966931] ? __lock_acquire+0x1657/0x5b00 [ 1272.968055] ___sys_recvmsg+0xd5/0x200 [ 1272.969054] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1272.970302] ? __fget_files+0x2cf/0x520 [ 1272.971325] ? lock_acquire+0x197/0x470 [ 1272.972349] ? find_held_lock+0x2c/0x110 [ 1272.973408] ? __might_fault+0xd3/0x180 [ 1272.974443] ? lock_downgrade+0x6d0/0x6d0 [ 1272.975560] do_recvmmsg+0x24c/0x6d0 [ 1272.976544] ? ___sys_recvmsg+0x200/0x200 [ 1272.977631] ? lock_downgrade+0x6d0/0x6d0 [ 1272.978728] ? ksys_write+0x12d/0x260 [ 1272.979744] ? wait_for_completion_io+0x270/0x270 [ 1272.981025] ? rcu_read_lock_any_held+0x75/0xa0 [ 1272.982226] ? vfs_write+0x354/0xb10 [ 1272.983208] __x64_sys_recvmmsg+0x20f/0x260 [ 1272.984345] ? ksys_write+0x1a9/0x260 [ 1272.985340] ? __do_sys_socketcall+0x600/0x600 [ 1272.986533] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1272.987891] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1272.989235] do_syscall_64+0x33/0x40 [ 1272.990192] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1272.991523] RIP: 0033:0x7f67c49b5b19 [ 1272.992511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1272.997333] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1272.999289] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1273.001156] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1273.002996] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.004866] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1273.006694] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:15:29 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 3) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:15:29 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x4300, 0x4) connect$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @remote}, 0x1c) r1 = open_tree(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) r2 = socket$inet(0xa, 0x3, 0xff) dup(0xffffffffffffffff) dup3(r1, r2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) fallocate(r3, 0x0, 0x0, 0x5) sendmmsg$inet6(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x9, @local, 0x5}, 0x1c, &(0x7f0000000780)=[{&(0x7f00000000c0)="ac06bb7f189d07edf63f2f72c8d505bd7167656e3433c3b3cfe55106851a5a3dc68d8988a6ff8c193311353202635fd2e79cb73617cff6c3af58a07c1d4aafc1f6aaedd2fad859f6344c359c8be62b5eff3c9663619cbf3e9822ce3f51c107b47363c0cadf842e31", 0x68}, {&(0x7f0000000140)="2b272c8e106068c3d8696d6a5f056be2bc4880f3ded58ea01c4c18643e5a2fe6cefdce8b093711b88dd0456b", 0x2c}, {&(0x7f00000001c0)="b306f3c59512002fdf6d4716", 0xc}, {&(0x7f0000000200)="85885202539306ae498d68729b37b191307165cdcf2ca12a3dee22892a3c88bf470d86b44dce785d22d87e554db7747ce7986bd97725ebaa9adeec910ccfc300392f4f37d4b8f2cbfe6e0b8ba13b7703367ee4e6c116f55a434dc80b69b05f40", 0x60}, {&(0x7f0000000280)="14b6cece9e08b409c5aef3c0556d780064f1eb45", 0x14}, {&(0x7f00000002c0)}, {&(0x7f0000000580)="76b9478347315a9b391feefb6ef0b63e30296fb0bb81ba99a4bf931bee2a2352e91d5455149c8a2c9c5201a494937ac9c686b1ed19aef393cc990259331714f86c1026103f40c93ddc145585e839a775c895452ec6b5d40749789c3a80786048ef3228a37353286a59b62e642a3e048095cda156861923252ed346de73b79893f7fb240679a2db7df55420d350907c9a8665252e47d790ee6e5b6557a4ea2475a7ab8ab31ebeed34f9278e098f8582ee6a7fd4930d31652f910d43ecaec8c020bbfb531457483c4cb094924c6324042d36c39d2055cc43e0cdfcaa", 0xdb}, {&(0x7f0000000400)="c7d91435343e701722fc8ccb809b997d7060559e2465c950d7c2ef9fa1ab76e063710648b100da285bcc7b77b68cd67b482f060d3266415e1a23bffa081351d5a30cf8467d41601144656f8dc6f49d07630104e688ef4d1bc05d944859bc24ac3182b6bcc5e15fe184f9513d0167c7684ad8ab3bf67817c55b247aa3a1de0d8e38338ffba67a61c81833da301553709848570c9e8ac920909ed72b50611c3625175e77", 0xa3}, {&(0x7f0000000680)="f312004e832d0fdd42d45457d2901df345ca63e33169b8e09e3015abcb3409515a6f041efecfc4282f0d578fd5ad166c6f673fe013cfb52f25dc9ee62dc5aeba620b00f038c91efc797f0e2c2c8d08061b4a0dd25fb0c372b9ab3bd237964826735720d6e77b453809973efe8aa565a6a33ee74e9db7086fbd23a8ace814e532ec7d9da63b4dc27929cc2e1be683304a6cb3a081b825129579688817f3074761b57932d2158bf8771edd77df83fb7dfc2547d25b5bcad113bda970146044debf0462d18e2c33510dc6e95a24430c2a3de2c4d3703f06", 0xd6}, {&(0x7f0000000300)="3b43c191f3bf3daa71619443699e10cfc4cd695dfeac62fc1b62bcf36d4b037d94ea327560f49f66aabc3b2a2df5f5b0b1eedde428b73385e7a5cce8858743f457cdc067", 0x44}], 0xa}}, {{&(0x7f0000000500)={0xa, 0x4e21, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}, 0x1c, &(0x7f0000000a80)=[{&(0x7f0000000840)="44a1905647c1fd5189", 0x9}, {&(0x7f0000000880)="99974133e06e2a5c34b4ce1b35d386302ec47fa892b311130527519381a9f7c703267f8414033645c2375cc58ffd03468e324cd2e9222e0de6a9145984659073e1762cc198f43f11122bbca8f36351ad2eb37f397041eaede91739988792a80050154b7176b97e96beda90289d2ef859ffcec02d1c1be5b78b14b839ee1348435f27dc656a912d09c6b285aaa70fdc25c12dcedec7ee2a5b616df50d04663d904ee7f5937e7d8d6b4acec359019bc495218e4c7cf0e572d0c6b0db3f0d734081d14ab962e90ae095ee19fd5042ba260851", 0xd1}, {&(0x7f0000000980)="19a2e133a59aa90a171509e0f609e9ed4fac3e2f79fc5d71b8228f3382e39865fc2f537935d9e78bc4982063507eaced7adceae862e64bc7721a5f6ffdeaf85d69058588d3fecea50e47d3d4b35cd45cea660868e5954545d94b0cdaf96ddf60234518e111f641ae1ffe0222445df67402f77abde294bf81c8eba47187b02c5ce67592263ed7d9770afe6342e5f7d27bb3f04f1619761f40b4d1a07a5f01d9bd2b21f550cd5523b69cf54ecf407b14f837b35ae441317a5edd2dfb97e117304b238d39d9f2da97b79725ac83610fef4707941c4542e59d3f79b806bf4874fa8a0ce705a45e5216240f7a", 0xea}], 0x3, &(0x7f0000000ac0)=[@rthdr={{0x38, 0x29, 0x39, {0x5c, 0x4, 0x0, 0x9, 0x0, [@empty, @ipv4={'\x00', '\xff\xff', @empty}]}}}, @tclass={{0x14, 0x29, 0x43, 0x8}}, @rthdr_2292={{0xa8, 0x29, 0x39, {0xff, 0x12, 0x2, 0x1, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}]}}}, @dstopts_2292={{0x78, 0x29, 0x4, {0x6c, 0xb, '\x00', [@calipso={0x7, 0x58, {0x1, 0x14, 0x0, 0x9, [0x0, 0xfffffffffffffffe, 0x7fffffff, 0x7f, 0x564, 0x0, 0x9, 0x100000001, 0x4, 0x9]}}]}}}], 0x170}}], 0x2, 0x4008050) r4 = socket$inet(0xa, 0x3, 0xff) r5 = dup(r4) setsockopt$inet6_int(r5, 0x29, 0x4c, &(0x7f0000000180), 0x4) socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1, 0x0, 0x0, 0x3}, 0x200000}], 0x7ffff000, 0x0) 17:15:29 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:15:29 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:29 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f0000000180)={@local, r4}, 0x14) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:29 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 3) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:15:29 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x5}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:15:29 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 29) [ 1273.054410] FAULT_INJECTION: forcing a failure. [ 1273.054410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1273.056997] CPU: 1 PID: 7340 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1273.058487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1273.060247] Call Trace: [ 1273.060806] dump_stack+0x107/0x167 [ 1273.061589] should_fail.cold+0x5/0xa [ 1273.062411] _copy_from_user+0x2e/0x1b0 [ 1273.063275] __copy_msghdr_from_user+0x91/0x4b0 [ 1273.064295] ? __ia32_sys_shutdown+0x80/0x80 [ 1273.065243] ? __lock_acquire+0x1657/0x5b00 [ 1273.066193] ___sys_recvmsg+0xd5/0x200 [ 1273.067019] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1273.068085] ? __fget_files+0x2cf/0x520 [ 1273.068933] ? lock_acquire+0x197/0x470 [ 1273.069788] ? find_held_lock+0x2c/0x110 [ 1273.070658] ? __might_fault+0xd3/0x180 [ 1273.071506] ? lock_downgrade+0x6d0/0x6d0 [ 1273.072420] do_recvmmsg+0x24c/0x6d0 [ 1273.073219] ? ___sys_recvmsg+0x200/0x200 [ 1273.074101] ? lock_downgrade+0x6d0/0x6d0 [ 1273.074994] ? ksys_write+0x12d/0x260 [ 1273.075825] ? wait_for_completion_io+0x270/0x270 [ 1273.076864] ? rcu_read_lock_any_held+0x75/0xa0 [ 1273.077856] ? vfs_write+0x354/0xb10 [ 1273.078660] __x64_sys_recvmmsg+0x20f/0x260 [ 1273.079575] ? ksys_write+0x1a9/0x260 [ 1273.080380] ? __do_sys_socketcall+0x600/0x600 [ 1273.081332] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1273.082452] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1273.083517] do_syscall_64+0x33/0x40 [ 1273.084322] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1273.085360] RIP: 0033:0x7f11b74b4b19 [ 1273.086143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1273.089910] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1273.091497] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1273.093022] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1273.094543] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.096074] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1273.097582] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:15:29 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 4) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:15:29 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:29 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:15:29 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 4) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1273.204409] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1273.216603] FAULT_INJECTION: forcing a failure. [ 1273.216603] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1273.221469] CPU: 1 PID: 7351 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1273.222980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1273.224767] Call Trace: [ 1273.225339] dump_stack+0x107/0x167 [ 1273.226143] should_fail.cold+0x5/0xa [ 1273.226986] _copy_from_user+0x2e/0x1b0 [ 1273.227852] __copy_msghdr_from_user+0x91/0x4b0 [ 1273.228865] ? __ia32_sys_shutdown+0x80/0x80 [ 1273.229829] ? __lock_acquire+0x1657/0x5b00 [ 1273.230779] ___sys_recvmsg+0xd5/0x200 [ 1273.231626] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1273.232667] ? __fget_files+0x2cf/0x520 [ 1273.233512] ? lock_acquire+0x197/0x470 [ 1273.234375] ? find_held_lock+0x2c/0x110 [ 1273.234400] FAULT_INJECTION: forcing a failure. [ 1273.234400] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1273.235231] ? __might_fault+0xd3/0x180 [ 1273.235250] ? lock_downgrade+0x6d0/0x6d0 [ 1273.235287] do_recvmmsg+0x24c/0x6d0 [ 1273.239897] ? ___sys_recvmsg+0x200/0x200 [ 1273.240793] ? lock_downgrade+0x6d0/0x6d0 [ 1273.241698] ? ksys_write+0x12d/0x260 [ 1273.242546] ? wait_for_completion_io+0x270/0x270 [ 1273.243597] ? rcu_read_lock_any_held+0x75/0xa0 [ 1273.244596] ? vfs_write+0x354/0xb10 [ 1273.245403] __x64_sys_recvmmsg+0x20f/0x260 [ 1273.246321] ? ksys_write+0x1a9/0x260 [ 1273.247129] ? __do_sys_socketcall+0x600/0x600 [ 1273.248110] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1273.249231] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1273.250312] do_syscall_64+0x33/0x40 [ 1273.251107] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1273.252212] RIP: 0033:0x7f67c49b5b19 [ 1273.252998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1273.256955] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1273.258576] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1273.260132] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1273.261693] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.263235] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1273.264766] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1273.266302] CPU: 0 PID: 7354 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1273.267593] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1273.269105] Call Trace: [ 1273.269596] dump_stack+0x107/0x167 [ 1273.270257] should_fail.cold+0x5/0xa [ 1273.270950] _copy_from_user+0x2e/0x1b0 [ 1273.271692] __copy_msghdr_from_user+0x91/0x4b0 [ 1273.272542] ? __ia32_sys_shutdown+0x80/0x80 [ 1273.273340] ? __lock_acquire+0x1657/0x5b00 [ 1273.274132] ___sys_recvmsg+0xd5/0x200 [ 1273.274849] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1273.275757] ? __fget_files+0x2cf/0x520 [ 1273.276498] ? lock_acquire+0x197/0x470 [ 1273.277223] ? find_held_lock+0x2c/0x110 [ 1273.277971] ? __might_fault+0xd3/0x180 [ 1273.278702] ? lock_downgrade+0x6d0/0x6d0 [ 1273.279457] do_recvmmsg+0x24c/0x6d0 [ 1273.280166] ? ___sys_recvmsg+0x200/0x200 [ 1273.280923] ? lock_downgrade+0x6d0/0x6d0 [ 1273.281676] ? ksys_write+0x12d/0x260 [ 1273.282385] ? wait_for_completion_io+0x270/0x270 [ 1273.283283] ? rcu_read_lock_any_held+0x75/0xa0 [ 1273.284146] ? vfs_write+0x354/0xb10 [ 1273.284820] __x64_sys_recvmmsg+0x20f/0x260 [ 1273.285616] ? ksys_write+0x1a9/0x260 [ 1273.286329] ? __do_sys_socketcall+0x600/0x600 [ 1273.287187] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1273.288159] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1273.289100] do_syscall_64+0x33/0x40 [ 1273.289785] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1273.290718] RIP: 0033:0x7f11b74b4b19 [ 1273.291397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1273.294804] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1273.296202] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1273.297519] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1273.298842] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.300163] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1273.301473] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1273.307596] FAULT_INJECTION: forcing a failure. [ 1273.307596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1273.310211] CPU: 1 PID: 7346 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1273.311678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1273.313436] Call Trace: [ 1273.313975] dump_stack+0x107/0x167 [ 1273.314724] should_fail.cold+0x5/0xa [ 1273.315548] _copy_from_user+0x2e/0x1b0 [ 1273.316394] __copy_msghdr_from_user+0x91/0x4b0 [ 1273.317393] ? __ia32_sys_shutdown+0x80/0x80 [ 1273.318286] ? __lock_acquire+0x1657/0x5b00 [ 1273.319224] ___sys_recvmsg+0xd5/0x200 [ 1273.320068] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1273.321119] ? trace_hardirqs_on+0x5b/0x180 [ 1273.322007] ? lock_acquire+0x197/0x470 [ 1273.322850] ? find_held_lock+0x2c/0x110 [ 1273.323731] ? __might_fault+0xd3/0x180 [ 1273.324576] ? lock_downgrade+0x6d0/0x6d0 [ 1273.325479] do_recvmmsg+0x24c/0x6d0 17:15:29 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1273.326250] ? ___sys_recvmsg+0x200/0x200 [ 1273.327332] ? lock_downgrade+0x6d0/0x6d0 [ 1273.328205] ? ksys_write+0x12d/0x260 [ 1273.329021] ? wait_for_completion_io+0x270/0x270 [ 1273.330015] ? rcu_read_lock_any_held+0x75/0xa0 [ 1273.331000] ? vfs_write+0x354/0xb10 [ 1273.331812] __x64_sys_recvmmsg+0x20f/0x260 [ 1273.332734] ? ksys_write+0x1a9/0x260 [ 1273.333512] ? __do_sys_socketcall+0x600/0x600 [ 1273.334481] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1273.335630] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1273.336699] do_syscall_64+0x33/0x40 [ 1273.337470] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1273.338571] RIP: 0033:0x7f60a47afb19 [ 1273.339359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1273.343189] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1273.344814] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1273.346303] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1273.347807] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.349313] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1273.350811] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:15:29 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f0000000180)={@local, r4}, 0x14) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:29 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 5) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:15:29 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 5) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1273.570665] FAULT_INJECTION: forcing a failure. [ 1273.570665] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1273.572980] CPU: 0 PID: 7367 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1273.574197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1273.575652] Call Trace: [ 1273.576142] dump_stack+0x107/0x167 [ 1273.576779] should_fail.cold+0x5/0xa [ 1273.577453] _copy_from_user+0x2e/0x1b0 [ 1273.578166] __copy_msghdr_from_user+0x91/0x4b0 [ 1273.578983] ? __ia32_sys_shutdown+0x80/0x80 [ 1273.579757] ? __lock_acquire+0x1657/0x5b00 [ 1273.580535] ___sys_recvmsg+0xd5/0x200 [ 1273.581234] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1273.582109] ? __fget_files+0x2cf/0x520 [ 1273.582799] ? lock_acquire+0x197/0x470 [ 1273.583501] ? find_held_lock+0x2c/0x110 [ 1273.584236] ? __might_fault+0xd3/0x180 [ 1273.584917] ? lock_downgrade+0x6d0/0x6d0 [ 1273.585655] do_recvmmsg+0x24c/0x6d0 [ 1273.586328] ? ___sys_recvmsg+0x200/0x200 [ 1273.587074] ? lock_downgrade+0x6d0/0x6d0 [ 1273.587814] ? ksys_write+0x12d/0x260 [ 1273.588480] ? wait_for_completion_io+0x270/0x270 [ 1273.589339] ? rcu_read_lock_any_held+0x75/0xa0 [ 1273.590153] ? vfs_write+0x354/0xb10 [ 1273.590824] __x64_sys_recvmmsg+0x20f/0x260 [ 1273.591580] ? ksys_write+0x1a9/0x260 [ 1273.592248] ? __do_sys_socketcall+0x600/0x600 [ 1273.593068] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1273.594014] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1273.594934] do_syscall_64+0x33/0x40 [ 1273.595592] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1273.596499] RIP: 0033:0x7f67c49b5b19 [ 1273.597166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1273.600441] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1273.601680] FAULT_INJECTION: forcing a failure. [ 1273.601680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1273.601790] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1273.601799] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1273.601809] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.601820] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1273.601839] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1273.610294] CPU: 1 PID: 7369 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1273.611699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1273.613355] Call Trace: [ 1273.613882] dump_stack+0x107/0x167 [ 1273.614611] should_fail.cold+0x5/0xa [ 1273.615371] _copy_from_user+0x2e/0x1b0 [ 1273.616172] __copy_msghdr_from_user+0x91/0x4b0 [ 1273.617100] ? __ia32_sys_shutdown+0x80/0x80 [ 1273.617968] ? __lock_acquire+0x1657/0x5b00 [ 1273.618834] ___sys_recvmsg+0xd5/0x200 [ 1273.619608] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1273.620585] ? __fget_files+0x2cf/0x520 [ 1273.621381] ? lock_acquire+0x197/0x470 [ 1273.622156] ? find_held_lock+0x2c/0x110 [ 1273.622962] ? __might_fault+0xd3/0x180 [ 1273.623756] ? lock_downgrade+0x6d0/0x6d0 [ 1273.624591] do_recvmmsg+0x24c/0x6d0 [ 1273.625328] ? ___sys_recvmsg+0x200/0x200 [ 1273.626143] ? lock_downgrade+0x6d0/0x6d0 [ 1273.626962] ? ksys_write+0x12d/0x260 [ 1273.627733] ? wait_for_completion_io+0x270/0x270 [ 1273.628667] ? rcu_read_lock_any_held+0x75/0xa0 [ 1273.629570] ? vfs_write+0x354/0xb10 [ 1273.630301] __x64_sys_recvmmsg+0x20f/0x260 [ 1273.631135] ? ksys_write+0x1a9/0x260 [ 1273.631905] ? __do_sys_socketcall+0x600/0x600 [ 1273.632797] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1273.633850] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1273.634862] do_syscall_64+0x33/0x40 [ 1273.635599] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1273.636612] RIP: 0033:0x7f11b74b4b19 [ 1273.637336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1273.640888] RSP: 002b:00007f11b4a09188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1273.642359] RAX: ffffffffffffffda RBX: 00007f11b75c8020 RCX: 00007f11b74b4b19 [ 1273.643727] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1273.645113] RBP: 00007f11b4a091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.646500] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1273.647903] R13: 00007ffc1d6cbebf R14: 00007f11b4a09300 R15: 0000000000022000 [ 1278.489895] Bluetooth: hci1: command 0x0409 tx timeout [ 1280.537856] Bluetooth: hci1: command 0x041b tx timeout [ 1282.585901] Bluetooth: hci1: command 0x040f tx timeout [ 1283.973129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.975581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.979300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1284.023600] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1284.025625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1284.029385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1284.187442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1284.498066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1284.633812] Bluetooth: hci1: command 0x0419 tx timeout 17:15:58 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x6}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1302.168080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:15:58 executing program 6: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:58 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:58 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f0000000180)={@local, r4}, 0x14) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:58 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 30) 17:15:58 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:15:58 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 6) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:15:58 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 6) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1302.227459] FAULT_INJECTION: forcing a failure. [ 1302.227459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.228541] FAULT_INJECTION: forcing a failure. [ 1302.228541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.230039] CPU: 0 PID: 7852 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1302.230050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1302.230056] Call Trace: [ 1302.230080] dump_stack+0x107/0x167 [ 1302.230107] should_fail.cold+0x5/0xa [ 1302.237834] _copy_from_user+0x2e/0x1b0 [ 1302.238629] __copy_msghdr_from_user+0x91/0x4b0 [ 1302.239568] ? __ia32_sys_shutdown+0x80/0x80 [ 1302.240477] ? __lock_acquire+0x1657/0x5b00 [ 1302.241342] ___sys_recvmsg+0xd5/0x200 [ 1302.242111] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1302.243082] ? __fget_files+0x2cf/0x520 [ 1302.243909] ? lock_acquire+0x197/0x470 [ 1302.244694] ? find_held_lock+0x2c/0x110 [ 1302.245508] ? __might_fault+0xd3/0x180 [ 1302.246308] ? lock_downgrade+0x6d0/0x6d0 [ 1302.247154] do_recvmmsg+0x24c/0x6d0 [ 1302.247911] ? ___sys_recvmsg+0x200/0x200 [ 1302.248717] ? lock_downgrade+0x6d0/0x6d0 [ 1302.249544] ? ksys_write+0x12d/0x260 [ 1302.250308] ? wait_for_completion_io+0x270/0x270 [ 1302.251260] ? rcu_read_lock_any_held+0x75/0xa0 [ 1302.252203] ? vfs_write+0x354/0xb10 [ 1302.252934] __x64_sys_recvmmsg+0x20f/0x260 [ 1302.253775] ? ksys_write+0x1a9/0x260 [ 1302.254516] ? __do_sys_socketcall+0x600/0x600 [ 1302.255413] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1302.256465] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1302.257481] do_syscall_64+0x33/0x40 [ 1302.258215] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1302.259225] RIP: 0033:0x7f11b74b4b19 [ 1302.259973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1302.263588] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1302.265294] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1302.266989] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1302.268685] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1302.270281] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1302.271704] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1302.273164] CPU: 1 PID: 7850 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1302.274670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1302.276444] Call Trace: [ 1302.277029] dump_stack+0x107/0x167 [ 1302.277830] should_fail.cold+0x5/0xa [ 1302.278639] _copy_from_user+0x2e/0x1b0 [ 1302.279499] __copy_msghdr_from_user+0x91/0x4b0 [ 1302.280517] ? __ia32_sys_shutdown+0x80/0x80 [ 1302.281472] ? __lock_acquire+0x1657/0x5b00 [ 1302.282396] ___sys_recvmsg+0xd5/0x200 [ 1302.283229] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1302.284318] ? __fget_files+0x2cf/0x520 [ 1302.285167] ? lock_acquire+0x197/0x470 [ 1302.286010] ? find_held_lock+0x2c/0x110 [ 1302.286891] ? __might_fault+0xd3/0x180 [ 1302.287741] ? lock_downgrade+0x6d0/0x6d0 [ 1302.288642] do_recvmmsg+0x24c/0x6d0 [ 1302.289436] ? ___sys_recvmsg+0x200/0x200 [ 1302.290326] ? lock_downgrade+0x6d0/0x6d0 [ 1302.291227] ? ksys_write+0x12d/0x260 [ 1302.292050] ? wait_for_completion_io+0x270/0x270 [ 1302.293084] ? rcu_read_lock_any_held+0x75/0xa0 [ 1302.294080] ? vfs_write+0x354/0xb10 [ 1302.294888] __x64_sys_recvmmsg+0x20f/0x260 [ 1302.295796] ? ksys_write+0x1a9/0x260 [ 1302.296610] ? __do_sys_socketcall+0x600/0x600 [ 1302.297586] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1302.298698] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1302.299792] do_syscall_64+0x33/0x40 [ 1302.300581] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1302.301667] RIP: 0033:0x7f67c49b5b19 [ 1302.302469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1302.306385] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1302.308011] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1302.309527] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1302.311032] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1302.312570] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1302.314094] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1302.325974] FAULT_INJECTION: forcing a failure. [ 1302.325974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.328523] CPU: 1 PID: 7846 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1302.329983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1302.331748] Call Trace: [ 1302.332317] dump_stack+0x107/0x167 [ 1302.333098] should_fail.cold+0x5/0xa [ 1302.333909] _copy_from_user+0x2e/0x1b0 [ 1302.334756] __copy_msghdr_from_user+0x91/0x4b0 [ 1302.335753] ? __ia32_sys_shutdown+0x80/0x80 [ 1302.336850] ? __lock_acquire+0x1657/0x5b00 [ 1302.337973] ___sys_recvmsg+0xd5/0x200 [ 1302.338893] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1302.340077] ? __fget_files+0x2cf/0x520 [ 1302.341064] ? lock_acquire+0x197/0x470 [ 1302.341921] ? find_held_lock+0x2c/0x110 [ 1302.342832] ? __might_fault+0xd3/0x180 [ 1302.343811] ? lock_downgrade+0x6d0/0x6d0 [ 1302.344903] do_recvmmsg+0x24c/0x6d0 17:15:58 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1302.345853] ? ___sys_recvmsg+0x200/0x200 [ 1302.347123] ? lock_downgrade+0x6d0/0x6d0 [ 1302.348092] ? ksys_write+0x12d/0x260 [ 1302.348927] ? wait_for_completion_io+0x270/0x270 [ 1302.349958] ? rcu_read_lock_any_held+0x75/0xa0 [ 1302.350947] ? vfs_write+0x354/0xb10 [ 1302.351760] __x64_sys_recvmmsg+0x20f/0x260 [ 1302.352701] ? ksys_write+0x1a9/0x260 [ 1302.353676] ? __do_sys_socketcall+0x600/0x600 [ 1302.354643] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1302.356007] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1302.357325] do_syscall_64+0x33/0x40 [ 1302.358284] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1302.359598] RIP: 0033:0x7f60a47afb19 [ 1302.360586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1302.365281] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1302.367232] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1302.369086] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1302.370934] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1302.372751] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1302.374572] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:15:58 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 31) 17:15:58 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:58 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:15:58 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 7) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1302.509440] FAULT_INJECTION: forcing a failure. [ 1302.509440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.512577] CPU: 1 PID: 7859 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1302.514326] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1302.516461] Call Trace: [ 1302.517143] dump_stack+0x107/0x167 [ 1302.518081] should_fail.cold+0x5/0xa [ 1302.519070] _copy_from_user+0x2e/0x1b0 [ 1302.520117] __copy_msghdr_from_user+0x91/0x4b0 [ 1302.521291] ? __ia32_sys_shutdown+0x80/0x80 [ 1302.522430] ? __lock_acquire+0x1657/0x5b00 [ 1302.523566] ___sys_recvmsg+0xd5/0x200 [ 1302.524560] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1302.525814] ? __fget_files+0x2cf/0x520 [ 1302.526845] ? lock_acquire+0x197/0x470 [ 1302.527841] ? find_held_lock+0x2c/0x110 [ 1302.528907] ? __might_fault+0xd3/0x180 [ 1302.529920] ? lock_downgrade+0x6d0/0x6d0 [ 1302.531011] do_recvmmsg+0x24c/0x6d0 [ 1302.531981] ? ___sys_recvmsg+0x200/0x200 [ 1302.533038] ? lock_downgrade+0x6d0/0x6d0 [ 1302.534117] ? ksys_write+0x12d/0x260 [ 1302.535102] ? wait_for_completion_io+0x270/0x270 [ 1302.536334] ? rcu_read_lock_any_held+0x75/0xa0 [ 1302.537524] ? vfs_write+0x354/0xb10 [ 1302.538488] __x64_sys_recvmmsg+0x20f/0x260 [ 1302.539582] ? ksys_write+0x1a9/0x260 [ 1302.540562] ? __do_sys_socketcall+0x600/0x600 [ 1302.541712] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1302.543039] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1302.544232] do_syscall_64+0x33/0x40 [ 1302.545181] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1302.546494] RIP: 0033:0x7f60a47afb19 [ 1302.547451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1302.552165] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1302.554006] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1302.555599] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1302.557159] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1302.558897] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1302.560564] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1302.564297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:15:58 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1302.623013] FAULT_INJECTION: forcing a failure. [ 1302.623013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.625671] CPU: 1 PID: 7866 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1302.627144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1302.628955] Call Trace: [ 1302.629539] dump_stack+0x107/0x167 [ 1302.630330] should_fail.cold+0x5/0xa [ 1302.631165] _copy_from_user+0x2e/0x1b0 [ 1302.632059] __copy_msghdr_from_user+0x91/0x4b0 [ 1302.633066] ? __ia32_sys_shutdown+0x80/0x80 [ 1302.634021] ? __lock_acquire+0x1657/0x5b00 [ 1302.634983] ___sys_recvmsg+0xd5/0x200 [ 1302.635872] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1302.636955] ? __fget_files+0x2cf/0x520 [ 1302.637838] ? lock_acquire+0x197/0x470 [ 1302.638709] ? find_held_lock+0x2c/0x110 [ 1302.639598] ? __might_fault+0xd3/0x180 [ 1302.640474] ? lock_downgrade+0x6d0/0x6d0 [ 1302.641397] do_recvmmsg+0x24c/0x6d0 [ 1302.642226] ? ___sys_recvmsg+0x200/0x200 [ 1302.643145] ? lock_downgrade+0x6d0/0x6d0 [ 1302.644066] ? ksys_write+0x12d/0x260 [ 1302.644901] ? wait_for_completion_io+0x270/0x270 [ 1302.645950] ? rcu_read_lock_any_held+0x75/0xa0 [ 1302.646972] ? vfs_write+0x354/0xb10 [ 1302.647798] __x64_sys_recvmmsg+0x20f/0x260 [ 1302.648745] ? ksys_write+0x1a9/0x260 [ 1302.649569] ? __do_sys_socketcall+0x600/0x600 [ 1302.650577] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1302.651720] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1302.652865] do_syscall_64+0x33/0x40 [ 1302.653681] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1302.654810] RIP: 0033:0x7f11b74b4b19 [ 1302.655649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1302.659671] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1302.661340] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1302.662887] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1302.664445] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1302.665997] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1302.667538] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:15:59 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 7) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:15:59 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x7}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1302.731602] FAULT_INJECTION: forcing a failure. [ 1302.731602] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.734279] CPU: 0 PID: 7871 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1302.735728] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1302.737523] Call Trace: [ 1302.738091] dump_stack+0x107/0x167 [ 1302.738891] should_fail.cold+0x5/0xa [ 1302.739718] _copy_from_user+0x2e/0x1b0 [ 1302.740592] __copy_msghdr_from_user+0x91/0x4b0 [ 1302.741567] ? __ia32_sys_shutdown+0x80/0x80 [ 1302.742491] ? __lock_acquire+0x1657/0x5b00 [ 1302.743422] ___sys_recvmsg+0xd5/0x200 [ 1302.744276] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1302.745312] ? __fget_files+0x2cf/0x520 [ 1302.746154] ? lock_acquire+0x197/0x470 [ 1302.746992] ? find_held_lock+0x2c/0x110 [ 1302.747874] ? __might_fault+0xd3/0x180 [ 1302.748724] ? lock_downgrade+0x6d0/0x6d0 [ 1302.749625] do_recvmmsg+0x24c/0x6d0 [ 1302.750422] ? ___sys_recvmsg+0x200/0x200 [ 1302.751302] ? lock_downgrade+0x6d0/0x6d0 [ 1302.752208] ? ksys_write+0x12d/0x260 [ 1302.753029] ? wait_for_completion_io+0x270/0x270 [ 1302.754047] ? rcu_read_lock_any_held+0x75/0xa0 [ 1302.755023] ? vfs_write+0x354/0xb10 [ 1302.755824] __x64_sys_recvmmsg+0x20f/0x260 [ 1302.756768] ? ksys_write+0x1a9/0x260 [ 1302.757580] ? __do_sys_socketcall+0x600/0x600 [ 1302.758559] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1302.759670] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1302.760804] do_syscall_64+0x33/0x40 [ 1302.761595] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1302.762683] RIP: 0033:0x7f67c49b5b19 [ 1302.763471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1302.767397] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1302.769191] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1302.770901] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1302.772615] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1302.774313] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1302.776038] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1302.836199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1303.147777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:16:12 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 8) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:12 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x53}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:16:12 executing program 6: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:16:12 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 32) [ 1316.451905] FAULT_INJECTION: forcing a failure. [ 1316.451905] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1316.453375] CPU: 1 PID: 7900 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1316.454171] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1316.455130] Call Trace: [ 1316.455461] dump_stack+0x107/0x167 [ 1316.455893] should_fail.cold+0x5/0xa [ 1316.456346] _copy_from_user+0x2e/0x1b0 [ 1316.456813] __copy_msghdr_from_user+0x91/0x4b0 [ 1316.457349] ? __ia32_sys_shutdown+0x80/0x80 [ 1316.457850] ? __lock_acquire+0x1657/0x5b00 [ 1316.458348] ___sys_recvmsg+0xd5/0x200 [ 1316.458807] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1316.459371] ? trace_hardirqs_on+0x5b/0x180 [ 1316.459891] ? lock_acquire+0x197/0x470 [ 1316.460386] ? find_held_lock+0x2c/0x110 [ 1316.460864] ? __might_fault+0xd3/0x180 [ 1316.461321] ? lock_downgrade+0x6d0/0x6d0 [ 1316.461807] do_recvmmsg+0x24c/0x6d0 [ 1316.462237] ? ___sys_recvmsg+0x200/0x200 [ 1316.462706] ? lock_downgrade+0x6d0/0x6d0 [ 1316.463193] ? ksys_write+0x12d/0x260 [ 1316.463633] ? wait_for_completion_io+0x270/0x270 [ 1316.464198] ? rcu_read_lock_any_held+0x75/0xa0 [ 1316.464730] ? vfs_write+0x354/0xb10 [ 1316.465189] __x64_sys_recvmmsg+0x20f/0x260 [ 1316.465702] ? ksys_write+0x1a9/0x260 [ 1316.466150] ? __do_sys_socketcall+0x600/0x600 [ 1316.466668] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1316.467278] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1316.467868] do_syscall_64+0x33/0x40 [ 1316.468305] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1316.468894] RIP: 0033:0x7f60a47afb19 [ 1316.469317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1316.471490] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1316.472381] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1316.473208] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1316.474040] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1316.474863] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1316.475703] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 [ 1316.484246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1316.494334] FAULT_INJECTION: forcing a failure. [ 1316.494334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1316.495789] CPU: 1 PID: 7903 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1316.496616] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1316.497571] Call Trace: [ 1316.497891] dump_stack+0x107/0x167 [ 1316.498314] should_fail.cold+0x5/0xa [ 1316.498761] _copy_from_user+0x2e/0x1b0 [ 1316.499217] __copy_msghdr_from_user+0x91/0x4b0 [ 1316.499769] ? __ia32_sys_shutdown+0x80/0x80 [ 1316.500318] ? __lock_acquire+0x1657/0x5b00 [ 1316.500829] ___sys_recvmsg+0xd5/0x200 [ 1316.501283] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1316.501845] ? __fget_files+0x2cf/0x520 [ 1316.502301] ? lock_acquire+0x197/0x470 [ 1316.502765] ? find_held_lock+0x2c/0x110 [ 1316.503233] ? __might_fault+0xd3/0x180 [ 1316.503696] ? lock_downgrade+0x6d0/0x6d0 [ 1316.504189] do_recvmmsg+0x24c/0x6d0 [ 1316.504636] ? ___sys_recvmsg+0x200/0x200 [ 1316.505126] ? lock_downgrade+0x6d0/0x6d0 [ 1316.505636] ? ksys_write+0x12d/0x260 [ 1316.506099] ? wait_for_completion_io+0x270/0x270 [ 1316.506643] ? rcu_read_lock_any_held+0x75/0xa0 [ 1316.507175] ? vfs_write+0x354/0xb10 [ 1316.507598] __x64_sys_recvmmsg+0x20f/0x260 [ 1316.508108] ? ksys_write+0x1a9/0x260 [ 1316.508549] ? __do_sys_socketcall+0x600/0x600 [ 1316.509069] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1316.509672] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1316.510260] do_syscall_64+0x33/0x40 [ 1316.510684] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1316.511264] RIP: 0033:0x7f67c49b5b19 [ 1316.511686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1316.513821] RSP: 002b:00007f67c1f0a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1316.514714] RAX: ffffffffffffffda RBX: 00007f67c4ac9020 RCX: 00007f67c49b5b19 [ 1316.515531] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1316.516391] RBP: 00007f67c1f0a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1316.517223] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1316.518055] R13: 00007fff4edb47af R14: 00007f67c1f0a300 R15: 0000000000022000 [ 1316.573003] FAULT_INJECTION: forcing a failure. [ 1316.573003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1316.574474] CPU: 1 PID: 7905 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1316.575301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1316.576338] Call Trace: [ 1316.576700] dump_stack+0x107/0x167 [ 1316.577153] should_fail.cold+0x5/0xa [ 1316.577615] _copy_from_user+0x2e/0x1b0 [ 1316.578110] __copy_msghdr_from_user+0x91/0x4b0 [ 1316.578726] ? __ia32_sys_shutdown+0x80/0x80 [ 1316.579258] ? __lock_acquire+0x1657/0x5b00 [ 1316.579771] ___sys_recvmsg+0xd5/0x200 [ 1316.580252] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1316.580827] ? __fget_files+0x2cf/0x520 [ 1316.581300] ? lock_acquire+0x197/0x470 [ 1316.581778] ? find_held_lock+0x2c/0x110 [ 1316.582275] ? __might_fault+0xd3/0x180 [ 1316.582744] ? lock_downgrade+0x6d0/0x6d0 [ 1316.583237] do_recvmmsg+0x24c/0x6d0 [ 1316.583667] ? ___sys_recvmsg+0x200/0x200 [ 1316.584160] ? lock_downgrade+0x6d0/0x6d0 [ 1316.584670] ? ksys_write+0x12d/0x260 [ 1316.585121] ? wait_for_completion_io+0x270/0x270 [ 1316.585697] ? rcu_read_lock_any_held+0x75/0xa0 [ 1316.586241] ? vfs_write+0x354/0xb10 [ 1316.586677] __x64_sys_recvmmsg+0x20f/0x260 [ 1316.587182] ? ksys_write+0x1a9/0x260 [ 1316.587624] ? __do_sys_socketcall+0x600/0x600 [ 1316.588172] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1316.588790] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1316.589387] do_syscall_64+0x33/0x40 [ 1316.589847] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1316.590483] RIP: 0033:0x7f11b74b4b19 [ 1316.590942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1316.593234] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1316.594139] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1316.594982] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1316.595827] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1316.596667] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1316.597522] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:16:12 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x0, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:12 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:12 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:16:12 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 8) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:12 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 33) 17:16:12 executing program 6: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x6}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:16:13 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:16:13 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 9) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1316.689324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1316.705684] FAULT_INJECTION: forcing a failure. [ 1316.705684] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1316.708440] CPU: 0 PID: 7909 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1316.709957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1316.711774] Call Trace: [ 1316.712383] dump_stack+0x107/0x167 [ 1316.713182] should_fail.cold+0x5/0xa [ 1316.714021] _copy_from_user+0x2e/0x1b0 [ 1316.714898] __copy_msghdr_from_user+0x91/0x4b0 [ 1316.715920] ? __ia32_sys_shutdown+0x80/0x80 [ 1316.716900] ? __lock_acquire+0x1657/0x5b00 [ 1316.717839] ___sys_recvmsg+0xd5/0x200 [ 1316.718456] FAULT_INJECTION: forcing a failure. [ 1316.718456] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1316.718677] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1316.721177] ? __fget_files+0x2cf/0x520 [ 1316.722029] ? lock_acquire+0x197/0x470 [ 1316.722881] ? find_held_lock+0x2c/0x110 [ 1316.723752] ? __might_fault+0xd3/0x180 [ 1316.724607] ? lock_downgrade+0x6d0/0x6d0 [ 1316.725515] do_recvmmsg+0x24c/0x6d0 [ 1316.726313] ? ___sys_recvmsg+0x200/0x200 [ 1316.727197] ? lock_downgrade+0x6d0/0x6d0 [ 1316.728096] ? ksys_write+0x12d/0x260 [ 1316.728917] ? wait_for_completion_io+0x270/0x270 [ 1316.729953] ? rcu_read_lock_any_held+0x75/0xa0 [ 1316.730951] ? vfs_write+0x354/0xb10 [ 1316.731755] __x64_sys_recvmmsg+0x20f/0x260 [ 1316.732693] ? ksys_write+0x1a9/0x260 [ 1316.733525] ? __do_sys_socketcall+0x600/0x600 [ 1316.734509] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1316.735633] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1316.736743] do_syscall_64+0x33/0x40 [ 1316.737535] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1316.738624] RIP: 0033:0x7f60a47afb19 [ 1316.739412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1316.743341] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1316.744954] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1316.746473] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1316.748049] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1316.749612] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1316.751184] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1316.752779] CPU: 1 PID: 7914 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1316.753568] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1316.754471] Call Trace: [ 1316.754771] dump_stack+0x107/0x167 [ 1316.755161] should_fail.cold+0x5/0xa [ 1316.755590] _copy_from_user+0x2e/0x1b0 [ 1316.756038] __copy_msghdr_from_user+0x91/0x4b0 [ 1316.756563] ? __ia32_sys_shutdown+0x80/0x80 [ 1316.757039] ? __lock_acquire+0x1657/0x5b00 [ 1316.757547] ___sys_recvmsg+0xd5/0x200 [ 1316.757967] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1316.758526] ? __fget_files+0x2cf/0x520 [ 1316.758990] ? lock_acquire+0x197/0x470 [ 1316.759424] ? find_held_lock+0x2c/0x110 [ 1316.759887] ? __might_fault+0xd3/0x180 [ 1316.760322] ? lock_downgrade+0x6d0/0x6d0 [ 1316.760787] do_recvmmsg+0x24c/0x6d0 [ 1316.761320] ? ___sys_recvmsg+0x200/0x200 [ 1316.761771] ? lock_downgrade+0x6d0/0x6d0 [ 1316.762230] ? ksys_write+0x12d/0x260 [ 1316.762671] ? wait_for_completion_io+0x270/0x270 [ 1316.763312] ? rcu_read_lock_any_held+0x75/0xa0 [ 1316.763944] ? vfs_write+0x354/0xb10 [ 1316.764428] __x64_sys_recvmmsg+0x20f/0x260 [ 1316.764997] ? ksys_write+0x1a9/0x260 [ 1316.765535] ? __do_sys_socketcall+0x600/0x600 [ 1316.766044] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1316.766784] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1316.767355] do_syscall_64+0x33/0x40 [ 1316.767876] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1316.768446] RIP: 0033:0x7f11b74b4b19 [ 1316.768974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1316.771065] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1316.771909] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1316.772687] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1316.773488] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1316.774255] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1316.775031] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:16:13 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 9) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:13 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x0, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1316.794001] FAULT_INJECTION: forcing a failure. [ 1316.794001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1316.795670] CPU: 1 PID: 7917 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1316.796468] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1316.797403] Call Trace: [ 1316.797702] dump_stack+0x107/0x167 [ 1316.798107] should_fail.cold+0x5/0xa [ 1316.798564] _copy_from_user+0x2e/0x1b0 [ 1316.799034] __copy_msghdr_from_user+0x91/0x4b0 [ 1316.799564] ? __ia32_sys_shutdown+0x80/0x80 [ 1316.800080] ? __lock_acquire+0x1657/0x5b00 [ 1316.800554] ___sys_recvmsg+0xd5/0x200 [ 1316.800992] ? __copy_msghdr_from_user+0x4b0/0x4b0 17:16:13 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1316.801551] ? __fget_files+0x2cf/0x520 [ 1316.802197] ? lock_acquire+0x197/0x470 [ 1316.802639] ? find_held_lock+0x2c/0x110 [ 1316.803120] ? __might_fault+0xd3/0x180 [ 1316.803550] ? lock_downgrade+0x6d0/0x6d0 [ 1316.804045] do_recvmmsg+0x24c/0x6d0 [ 1316.804450] ? ___sys_recvmsg+0x200/0x200 [ 1316.804914] ? lock_downgrade+0x6d0/0x6d0 [ 1316.805391] ? ksys_write+0x12d/0x260 [ 1316.805824] ? wait_for_completion_io+0x270/0x270 [ 1316.806504] ? rcu_read_lock_any_held+0x75/0xa0 [ 1316.807165] ? vfs_write+0x354/0xb10 [ 1316.807676] __x64_sys_recvmmsg+0x20f/0x260 [ 1316.808299] ? ksys_write+0x1a9/0x260 [ 1316.808768] ? __do_sys_socketcall+0x600/0x600 [ 1316.809311] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1316.809907] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1316.810479] do_syscall_64+0x33/0x40 [ 1316.810922] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1316.811507] RIP: 0033:0x7f67c49b5b19 [ 1316.811925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1316.814269] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1316.815318] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1316.816260] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1316.817157] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1316.818159] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1316.819010] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1316.820974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:16:13 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x65}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1316.871423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1317.174443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:16:32 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 10) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:32 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x65}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:16:32 executing program 6: prctl$PR_GET_SECUREBITS(0x1b) prctl$PR_GET_SECUREBITS(0x1b) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1f}, 0x1808, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 17:16:32 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x0, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:32 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 34) 17:16:32 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 10) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:32 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:32 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB]) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1336.242172] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1336.325964] FAULT_INJECTION: forcing a failure. [ 1336.325964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.328253] CPU: 1 PID: 7939 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1336.329512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.331023] Call Trace: [ 1336.331514] dump_stack+0x107/0x167 [ 1336.332177] should_fail.cold+0x5/0xa [ 1336.332884] _copy_from_user+0x2e/0x1b0 [ 1336.333614] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.334471] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.335295] ? __lock_acquire+0x1657/0x5b00 [ 1336.336090] ___sys_recvmsg+0xd5/0x200 [ 1336.336820] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.337735] ? __fget_files+0x2cf/0x520 [ 1336.338479] ? lock_acquire+0x197/0x470 [ 1336.339219] ? find_held_lock+0x2c/0x110 [ 1336.339962] ? __might_fault+0xd3/0x180 [ 1336.340700] ? lock_downgrade+0x6d0/0x6d0 [ 1336.341481] do_recvmmsg+0x24c/0x6d0 [ 1336.342167] ? ___sys_recvmsg+0x200/0x200 [ 1336.342929] ? lock_downgrade+0x6d0/0x6d0 [ 1336.343707] ? ksys_write+0x12d/0x260 [ 1336.344426] ? wait_for_completion_io+0x270/0x270 [ 1336.345300] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.346141] ? vfs_write+0x354/0xb10 [ 1336.346837] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.347625] ? ksys_write+0x1a9/0x260 [ 1336.348316] ? __do_sys_socketcall+0x600/0x600 [ 1336.349166] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.350139] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.351100] do_syscall_64+0x33/0x40 [ 1336.351790] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.352749] RIP: 0033:0x7f11b74b4b19 [ 1336.353436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.356843] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.358140] FAULT_INJECTION: forcing a failure. [ 1336.358140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.358261] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1336.358284] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1336.364340] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.365617] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.366917] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1336.368273] CPU: 0 PID: 7944 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1336.370417] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.372997] Call Trace: [ 1336.373820] dump_stack+0x107/0x167 [ 1336.374946] should_fail.cold+0x5/0xa [ 1336.376126] _copy_from_user+0x2e/0x1b0 [ 1336.377208] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.378396] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.379542] ? __lock_acquire+0x1657/0x5b00 [ 1336.380754] ___sys_recvmsg+0xd5/0x200 [ 1336.381655] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.382712] ? __fget_files+0x2cf/0x520 [ 1336.383579] ? lock_acquire+0x197/0x470 [ 1336.384538] ? find_held_lock+0x2c/0x110 [ 1336.385439] ? __might_fault+0xd3/0x180 [ 1336.386297] ? lock_downgrade+0x6d0/0x6d0 [ 1336.387215] do_recvmmsg+0x24c/0x6d0 [ 1336.388033] ? ___sys_recvmsg+0x200/0x200 [ 1336.388943] ? lock_downgrade+0x6d0/0x6d0 [ 1336.389816] ? ksys_write+0x12d/0x260 [ 1336.390620] ? wait_for_completion_io+0x270/0x270 [ 1336.391630] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.392699] ? vfs_write+0x354/0xb10 [ 1336.393563] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.394538] ? ksys_write+0x1a9/0x260 [ 1336.395415] ? __do_sys_socketcall+0x600/0x600 [ 1336.396513] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.397647] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.398902] do_syscall_64+0x33/0x40 [ 1336.399809] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.401046] RIP: 0033:0x7f67c49b5b19 [ 1336.401929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.406405] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.408261] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1336.410007] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1336.411748] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.413361] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.414867] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1336.440542] FAULT_INJECTION: forcing a failure. [ 1336.440542] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.442932] CPU: 1 PID: 7938 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1336.444247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.445972] Call Trace: [ 1336.446419] dump_stack+0x107/0x167 [ 1336.447182] should_fail.cold+0x5/0xa [ 1336.447961] _copy_from_user+0x2e/0x1b0 [ 1336.448802] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.449778] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.450710] ? find_held_lock+0x2c/0x110 [ 1336.451422] ? finish_task_switch+0x126/0x5d0 [ 1336.452333] ? lock_downgrade+0x6d0/0x6d0 [ 1336.453218] ___sys_recvmsg+0xd5/0x200 [ 1336.453867] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.454666] ? trace_hardirqs_on+0x5b/0x180 [ 1336.455565] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1336.456347] ? finish_task_switch+0x126/0x5d0 [ 1336.457266] ? finish_task_switch+0xef/0x5d0 [ 1336.458169] ? __switch_to+0x572/0xf70 [ 1336.458980] ? __switch_to_asm+0x3a/0x60 [ 1336.459822] ? __switch_to_asm+0x34/0x60 [ 1336.460674] ? __schedule+0x82c/0x1ea0 [ 1336.461479] ? io_schedule_timeout+0x140/0x140 [ 1336.462434] do_recvmmsg+0x24c/0x6d0 [ 1336.463103] ? ___sys_recvmsg+0x200/0x200 [ 1336.463826] ? lock_downgrade+0x6d0/0x6d0 [ 1336.464501] ? ksys_write+0x12d/0x260 [ 1336.465137] ? wait_for_completion_io+0x270/0x270 [ 1336.465902] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.466630] ? vfs_write+0x354/0xb10 [ 1336.467230] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.467911] ? ksys_write+0x1a9/0x260 [ 1336.468523] ? __do_sys_socketcall+0x600/0x600 [ 1336.469254] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.470104] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.471156] do_syscall_64+0x33/0x40 [ 1336.471806] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.472638] RIP: 0033:0x7f60a47afb19 [ 1336.473243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.476575] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.477795] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1336.478920] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1336.480030] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.481142] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.482257] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:16:32 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 11) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:32 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x8, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r1 = perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x4) dup3(0xffffffffffffffff, r1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000240)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}, 0x404c008) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) close(r1) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x20, 0x2000, 0x7ff, 0x3ff, 0x1196, 0x4}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r3 = creat(&(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x0) open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000200000008000000000000000000fffbffff00000000c64c000000007418bcb53f54cf856fcc1c693a5eb0452c3257fac49ac4ce4d76"], 0x307182) getsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r4, @ANYBLOB="00042bbd7000fcdbdf252e00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000300000048000000040046000400d0000600fb00d90000004e00fa0001ba0f7ebcf16a8a1b8fb68d7f855bf88f10ee002650ff0d24d0bc20a287684145cb5b8446a84e997a7275f28e00eba78ab4d9e4768911fca068f8099d27ea859a6a4dddc276ea089d8900000d00f900a88748809db64a5a620000004c00fa00345db12fac99bbaa40b6a9d5c21208a13cc8b6e191a1acb26a49adca44aaf8508ffc0ab1b46e2daefc435740d62087c731b4a9d2b3c2fa40aeec485a8292091dd757643f6a87b4ac"], 0xe4}, 0x1, 0x0, 0x0, 0x4}, 0x8010) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x2c, r2, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x2c}}, 0x0) 17:16:32 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1336.555285] FAULT_INJECTION: forcing a failure. [ 1336.555285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.557421] CPU: 1 PID: 7953 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1336.558541] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.560076] Call Trace: [ 1336.560548] dump_stack+0x107/0x167 [ 1336.561113] should_fail.cold+0x5/0xa [ 1336.561698] _copy_from_user+0x2e/0x1b0 [ 1336.562330] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.563055] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.563707] ? __lock_acquire+0x1657/0x5b00 [ 1336.564396] ___sys_recvmsg+0xd5/0x200 [ 1336.565072] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.565798] ? __fget_files+0x2cf/0x520 [ 1336.566437] ? lock_acquire+0x197/0x470 [ 1336.567055] ? find_held_lock+0x2c/0x110 [ 1336.567687] ? __might_fault+0xd3/0x180 [ 1336.568328] ? lock_downgrade+0x6d0/0x6d0 [ 1336.569015] do_recvmmsg+0x24c/0x6d0 [ 1336.569609] ? ___sys_recvmsg+0x200/0x200 [ 1336.570255] ? lock_downgrade+0x6d0/0x6d0 [ 1336.570919] ? ksys_write+0x12d/0x260 [ 1336.571583] ? wait_for_completion_io+0x270/0x270 [ 1336.572366] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.573095] ? vfs_write+0x354/0xb10 [ 1336.573684] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.574385] ? ksys_write+0x1a9/0x260 [ 1336.575005] ? __do_sys_socketcall+0x600/0x600 [ 1336.575728] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.576562] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.577387] do_syscall_64+0x33/0x40 [ 1336.577940] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.578694] RIP: 0033:0x7f11b74b4b19 [ 1336.579257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.582011] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.583217] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1336.584332] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1336.585462] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.586537] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.587631] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:16:32 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:33 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 35) 17:16:33 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcon']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:16:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 11) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:33 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 12) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1336.718242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1336.730666] FAULT_INJECTION: forcing a failure. [ 1336.730666] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.732299] CPU: 1 PID: 7962 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1336.733280] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.734414] Call Trace: [ 1336.734792] dump_stack+0x107/0x167 [ 1336.735307] should_fail.cold+0x5/0xa [ 1336.735856] _copy_from_user+0x2e/0x1b0 [ 1336.736428] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.737054] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.737646] ? __lock_acquire+0x1657/0x5b00 [ 1336.738260] ___sys_recvmsg+0xd5/0x200 [ 1336.738928] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.739671] ? __fget_files+0x2cf/0x520 [ 1336.740275] ? lock_acquire+0x197/0x470 [ 1336.740857] ? find_held_lock+0x2c/0x110 [ 1336.741444] ? __might_fault+0xd3/0x180 [ 1336.742024] ? lock_downgrade+0x6d0/0x6d0 [ 1336.742640] do_recvmmsg+0x24c/0x6d0 [ 1336.743193] ? ___sys_recvmsg+0x200/0x200 [ 1336.743788] ? lock_downgrade+0x6d0/0x6d0 [ 1336.744369] ? ksys_write+0x12d/0x260 [ 1336.744902] ? wait_for_completion_io+0x270/0x270 [ 1336.745558] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.746202] ? vfs_write+0x354/0xb10 [ 1336.746742] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.747376] ? ksys_write+0x1a9/0x260 [ 1336.747951] ? __do_sys_socketcall+0x600/0x600 [ 1336.748635] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.749371] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.750107] do_syscall_64+0x33/0x40 [ 1336.750642] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.751327] RIP: 0033:0x7f60a47afb19 [ 1336.751857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.754537] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.755656] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1336.756688] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1336.757718] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.758747] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.759796] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1336.772594] FAULT_INJECTION: forcing a failure. [ 1336.772594] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.774380] CPU: 1 PID: 7967 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1336.775345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.776514] Call Trace: [ 1336.776886] dump_stack+0x107/0x167 [ 1336.777397] should_fail.cold+0x5/0xa [ 1336.777940] _copy_from_user+0x2e/0x1b0 [ 1336.778507] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.779160] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.779784] ? __lock_acquire+0x1657/0x5b00 [ 1336.780404] ___sys_recvmsg+0xd5/0x200 [ 1336.780952] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.781642] ? __fget_files+0x2cf/0x520 [ 1336.782205] ? lock_acquire+0x197/0x470 [ 1336.782767] ? find_held_lock+0x2c/0x110 [ 1336.783337] ? __might_fault+0xd3/0x180 [ 1336.783898] ? lock_downgrade+0x6d0/0x6d0 [ 1336.784516] do_recvmmsg+0x24c/0x6d0 [ 1336.785060] ? ___sys_recvmsg+0x200/0x200 [ 1336.785656] ? lock_downgrade+0x6d0/0x6d0 [ 1336.786256] ? ksys_write+0x12d/0x260 [ 1336.786794] ? wait_for_completion_io+0x270/0x270 [ 1336.787487] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.788148] ? vfs_write+0x354/0xb10 [ 1336.788657] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.789274] ? ksys_write+0x1a9/0x260 [ 1336.789812] ? __do_sys_socketcall+0x600/0x600 [ 1336.790460] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.791191] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.791911] do_syscall_64+0x33/0x40 [ 1336.792437] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.793152] RIP: 0033:0x7f67c49b5b19 [ 1336.793669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.796086] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.797136] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1336.798104] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1336.799049] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.800008] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.801009] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:16:33 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:33 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1336.803979] FAULT_INJECTION: forcing a failure. [ 1336.803979] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.805590] CPU: 1 PID: 7968 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1336.806537] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.807652] Call Trace: [ 1336.808019] dump_stack+0x107/0x167 [ 1336.808503] should_fail.cold+0x5/0xa [ 1336.809045] _copy_from_user+0x2e/0x1b0 [ 1336.809607] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.810230] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.810857] ? __lock_acquire+0x1657/0x5b00 [ 1336.811472] ___sys_recvmsg+0xd5/0x200 [ 1336.812019] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.812682] ? __fget_files+0x2cf/0x520 [ 1336.813221] ? lock_acquire+0x197/0x470 [ 1336.813757] ? find_held_lock+0x2c/0x110 [ 1336.814309] ? __might_fault+0xd3/0x180 [ 1336.814839] ? lock_downgrade+0x6d0/0x6d0 [ 1336.815397] do_recvmmsg+0x24c/0x6d0 [ 1336.815885] ? ___sys_recvmsg+0x200/0x200 [ 1336.816445] ? lock_downgrade+0x6d0/0x6d0 [ 1336.817022] ? ksys_write+0x12d/0x260 [ 1336.817526] ? wait_for_completion_io+0x270/0x270 [ 1336.818163] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.818768] ? vfs_write+0x354/0xb10 [ 1336.819258] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.819818] ? ksys_write+0x1a9/0x260 [ 1336.820335] ? __do_sys_socketcall+0x600/0x600 [ 1336.820939] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.821627] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.822310] do_syscall_64+0x33/0x40 [ 1336.822790] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.823443] RIP: 0033:0x7f11b74b4b19 [ 1336.823922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.826444] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.827452] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1336.828409] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1336.829357] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.830273] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.831184] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:16:33 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x8, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r1 = perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x4) dup3(0xffffffffffffffff, r1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000240)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}, 0x404c008) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) close(r1) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x20, 0x2000, 0x7ff, 0x3ff, 0x1196, 0x4}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r3 = creat(&(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x0) open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000200000008000000000000000000fffbffff00000000c64c000000007418bcb53f54cf856fcc1c693a5eb0452c3257fac49ac4ce4d76"], 0x307182) getsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r4, @ANYBLOB="00042bbd7000fcdbdf252e00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000300000048000000040046000400d0000600fb00d90000004e00fa0001ba0f7ebcf16a8a1b8fb68d7f855bf88f10ee002650ff0d24d0bc20a287684145cb5b8446a84e997a7275f28e00eba78ab4d9e4768911fca068f8099d27ea859a6a4dddc276ea089d8900000d00f900a88748809db64a5a620000004c00fa00345db12fac99bbaa40b6a9d5c21208a13cc8b6e191a1acb26a49adca44aaf8508ffc0ab1b46e2daefc435740d62087c731b4a9d2b3c2fa40aeec485a8292091dd757643f6a87b4ac"], 0xe4}, 0x1, 0x0, 0x0, 0x4}, 0x8010) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x2c, r2, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x2c}}, 0x0) [ 1336.844934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:16:33 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 13) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 12) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1336.915129] FAULT_INJECTION: forcing a failure. [ 1336.915129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.916582] CPU: 1 PID: 7979 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1336.917394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.918389] Call Trace: [ 1336.918709] dump_stack+0x107/0x167 [ 1336.919148] should_fail.cold+0x5/0xa [ 1336.919608] _copy_from_user+0x2e/0x1b0 [ 1336.920107] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.920675] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.921217] ? __lock_acquire+0x1657/0x5b00 [ 1336.921738] ___sys_recvmsg+0xd5/0x200 [ 1336.922218] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.922807] ? trace_hardirqs_on+0x5b/0x180 [ 1336.923321] ? lock_acquire+0x197/0x470 [ 1336.923800] ? find_held_lock+0x2c/0x110 [ 1336.924298] ? __might_fault+0xd3/0x180 [ 1336.924770] ? lock_downgrade+0x6d0/0x6d0 [ 1336.925272] do_recvmmsg+0x24c/0x6d0 [ 1336.925719] ? ___sys_recvmsg+0x200/0x200 [ 1336.926210] ? lock_downgrade+0x6d0/0x6d0 [ 1336.926706] ? ksys_write+0x12d/0x260 [ 1336.927165] ? wait_for_completion_io+0x270/0x270 [ 1336.927737] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.928298] ? vfs_write+0x354/0xb10 [ 1336.928744] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.929252] ? ksys_write+0x1a9/0x260 [ 1336.929704] ? __do_sys_socketcall+0x600/0x600 [ 1336.930247] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.930865] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.931475] do_syscall_64+0x33/0x40 [ 1336.931918] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.932533] RIP: 0033:0x7f11b74b4b19 [ 1336.932978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.935152] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.936060] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1336.936910] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1336.937758] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.938601] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.939439] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1336.942270] FAULT_INJECTION: forcing a failure. [ 1336.942270] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1336.943852] CPU: 1 PID: 7980 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1336.944662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1336.945643] Call Trace: [ 1336.945955] dump_stack+0x107/0x167 [ 1336.946382] should_fail.cold+0x5/0xa [ 1336.946846] _copy_from_user+0x2e/0x1b0 [ 1336.947316] __copy_msghdr_from_user+0x91/0x4b0 [ 1336.947867] ? __ia32_sys_shutdown+0x80/0x80 [ 1336.948390] ? __lock_acquire+0x1657/0x5b00 [ 1336.948916] ___sys_recvmsg+0xd5/0x200 [ 1336.949386] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1336.949971] ? __fget_files+0x2cf/0x520 [ 1336.950439] ? lock_acquire+0x197/0x470 [ 1336.950903] ? find_held_lock+0x2c/0x110 [ 1336.951380] ? __might_fault+0xd3/0x180 [ 1336.951848] ? lock_downgrade+0x6d0/0x6d0 [ 1336.952355] do_recvmmsg+0x24c/0x6d0 [ 1336.952796] ? ___sys_recvmsg+0x200/0x200 [ 1336.953276] ? lock_downgrade+0x6d0/0x6d0 [ 1336.953773] ? ksys_write+0x12d/0x260 [ 1336.954233] ? wait_for_completion_io+0x270/0x270 [ 1336.954805] ? rcu_read_lock_any_held+0x75/0xa0 [ 1336.955345] ? vfs_write+0x354/0xb10 [ 1336.955784] __x64_sys_recvmmsg+0x20f/0x260 [ 1336.956298] ? ksys_write+0x1a9/0x260 [ 1336.956742] ? __do_sys_socketcall+0x600/0x600 [ 1336.957278] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1336.957903] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1336.958504] do_syscall_64+0x33/0x40 [ 1336.958979] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1336.959571] RIP: 0033:0x7f67c49b5b19 [ 1336.960003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1336.962174] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1336.963078] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1336.963938] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1336.964789] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1336.965615] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1336.966445] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1337.168428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:16:49 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 36) 17:16:49 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x2}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:16:49 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcon']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:16:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 13) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:49 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:49 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:16:49 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:49 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x8, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r1 = perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x4) dup3(0xffffffffffffffff, r1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000240)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}, 0x404c008) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) close(r1) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x20, 0x2000, 0x7ff, 0x3ff, 0x1196, 0x4}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r3 = creat(&(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x0) open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000200000008000000000000000000fffbffff00000000c64c000000007418bcb53f54cf856fcc1c693a5eb0452c3257fac49ac4ce4d76"], 0x307182) getsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r4, @ANYBLOB="00042bbd7000fcdbdf252e00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000300000048000000040046000400d0000600fb00d90000004e00fa0001ba0f7ebcf16a8a1b8fb68d7f855bf88f10ee002650ff0d24d0bc20a287684145cb5b8446a84e997a7275f28e00eba78ab4d9e4768911fca068f8099d27ea859a6a4dddc276ea089d8900000d00f900a88748809db64a5a620000004c00fa00345db12fac99bbaa40b6a9d5c21208a13cc8b6e191a1acb26a49adca44aaf8508ffc0ab1b46e2daefc435740d62087c731b4a9d2b3c2fa40aeec485a8292091dd757643f6a87b4ac"], 0xe4}, 0x1, 0x0, 0x0, 0x4}, 0x8010) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x2c, r2, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x2c}}, 0x0) [ 1353.482395] FAULT_INJECTION: forcing a failure. [ 1353.482395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1353.485017] CPU: 1 PID: 7997 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1353.486458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1353.488249] Call Trace: [ 1353.488819] dump_stack+0x107/0x167 [ 1353.489579] should_fail.cold+0x5/0xa [ 1353.490378] _copy_from_user+0x2e/0x1b0 [ 1353.491296] __copy_msghdr_from_user+0x91/0x4b0 [ 1353.492265] ? __ia32_sys_shutdown+0x80/0x80 [ 1353.493196] ? __lock_acquire+0x1657/0x5b00 [ 1353.494177] ___sys_recvmsg+0xd5/0x200 [ 1353.495023] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1353.496046] ? __fget_files+0x2cf/0x520 [ 1353.496951] ? lock_acquire+0x197/0x470 [ 1353.497786] ? find_held_lock+0x2c/0x110 [ 1353.498641] ? __might_fault+0xd3/0x180 [ 1353.499469] ? lock_downgrade+0x6d0/0x6d0 [ 1353.500449] do_recvmmsg+0x24c/0x6d0 [ 1353.501245] ? ___sys_recvmsg+0x200/0x200 [ 1353.502109] ? lock_downgrade+0x6d0/0x6d0 [ 1353.502978] ? ksys_write+0x12d/0x260 [ 1353.503792] ? wait_for_completion_io+0x270/0x270 [ 1353.504872] ? rcu_read_lock_any_held+0x75/0xa0 [ 1353.505842] ? vfs_write+0x354/0xb10 [ 1353.506621] __x64_sys_recvmmsg+0x20f/0x260 [ 1353.507521] ? ksys_write+0x1a9/0x260 [ 1353.508408] ? __do_sys_socketcall+0x600/0x600 [ 1353.509363] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1353.510455] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1353.511591] do_syscall_64+0x33/0x40 [ 1353.512373] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1353.513545] RIP: 0033:0x7f11b74b4b19 [ 1353.514399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1353.519041] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1353.520960] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1353.522624] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1353.524365] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1353.526013] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1353.527576] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1353.539654] FAULT_INJECTION: forcing a failure. [ 1353.539654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1353.542948] CPU: 1 PID: 7996 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1353.544747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1353.546913] Call Trace: [ 1353.547610] dump_stack+0x107/0x167 [ 1353.548580] should_fail.cold+0x5/0xa [ 1353.549611] _copy_from_user+0x2e/0x1b0 [ 1353.550683] __copy_msghdr_from_user+0x91/0x4b0 [ 1353.551909] ? __ia32_sys_shutdown+0x80/0x80 [ 1353.553082] ? __lock_acquire+0x1657/0x5b00 [ 1353.554255] ___sys_recvmsg+0xd5/0x200 [ 1353.555292] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1353.556588] ? __fget_files+0x2cf/0x520 [ 1353.557641] ? lock_acquire+0x197/0x470 [ 1353.558682] ? find_held_lock+0x2c/0x110 [ 1353.559752] ? __might_fault+0xd3/0x180 [ 1353.560800] ? lock_downgrade+0x6d0/0x6d0 [ 1353.561908] do_recvmmsg+0x24c/0x6d0 [ 1353.562892] ? ___sys_recvmsg+0x200/0x200 [ 1353.563974] ? lock_downgrade+0x6d0/0x6d0 [ 1353.565109] ? ksys_write+0x12d/0x260 [ 1353.566150] ? wait_for_completion_io+0x270/0x270 [ 1353.567451] ? rcu_read_lock_any_held+0x75/0xa0 [ 1353.568683] ? vfs_write+0x354/0xb10 [ 1353.569673] __x64_sys_recvmmsg+0x20f/0x260 [ 1353.570806] ? ksys_write+0x1a9/0x260 [ 1353.571805] ? __do_sys_socketcall+0x600/0x600 [ 1353.573036] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1353.574434] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1353.575799] do_syscall_64+0x33/0x40 [ 1353.576799] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1353.578166] RIP: 0033:0x7f67c49b5b19 [ 1353.579158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1353.584175] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1353.586233] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1353.587804] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1353.589430] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1353.591030] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1353.591323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1353.592567] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1353.605814] FAULT_INJECTION: forcing a failure. [ 1353.605814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1353.608366] CPU: 1 PID: 7992 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1353.609831] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1353.611584] Call Trace: [ 1353.612151] dump_stack+0x107/0x167 [ 1353.612934] should_fail.cold+0x5/0xa [ 1353.613743] _copy_from_user+0x2e/0x1b0 [ 1353.614589] __copy_msghdr_from_user+0x91/0x4b0 [ 1353.615576] ? __ia32_sys_shutdown+0x80/0x80 [ 1353.616513] ? __lock_acquire+0x1657/0x5b00 [ 1353.617446] ___sys_recvmsg+0xd5/0x200 [ 1353.618266] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1353.619300] ? __fget_files+0x2cf/0x520 [ 1353.620152] ? lock_acquire+0x197/0x470 [ 1353.620999] ? find_held_lock+0x2c/0x110 [ 1353.621872] ? __might_fault+0xd3/0x180 [ 1353.622743] ? lock_downgrade+0x6d0/0x6d0 [ 1353.623737] do_recvmmsg+0x24c/0x6d0 [ 1353.624669] ? ___sys_recvmsg+0x200/0x200 [ 1353.625675] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1353.626923] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1353.628120] ? trace_hardirqs_on+0x5b/0x180 [ 1353.629158] ? look_up_lock_class+0x52/0x110 [ 1353.630148] ? lock_acquire+0x276/0x470 [ 1353.631094] ? lock_release+0x1/0x680 [ 1353.632022] __x64_sys_recvmmsg+0x20f/0x260 [ 1353.632980] ? nmi_handle+0x25d/0x360 [ 1353.633818] ? __do_sys_socketcall+0x600/0x600 [ 1353.635015] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1353.636414] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1353.637738] do_syscall_64+0x33/0x40 [ 1353.638687] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1353.639992] RIP: 0033:0x7f60a47afb19 [ 1353.640958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1353.645001] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1353.646616] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1353.648147] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1353.649671] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1353.651182] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1353.652703] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:16:50 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 15) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:50 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 14) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:16:50 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000280)) [ 1353.746319] FAULT_INJECTION: forcing a failure. [ 1353.746319] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1353.749378] CPU: 1 PID: 8013 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1353.751285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1353.753415] Call Trace: [ 1353.754053] dump_stack+0x107/0x167 [ 1353.754964] should_fail.cold+0x5/0xa [ 1353.755822] _copy_from_user+0x2e/0x1b0 [ 1353.756817] __copy_msghdr_from_user+0x91/0x4b0 [ 1353.757902] ? __ia32_sys_shutdown+0x80/0x80 [ 1353.758951] ? __lock_acquire+0x1657/0x5b00 [ 1353.760069] ___sys_recvmsg+0xd5/0x200 [ 1353.760987] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1353.762098] ? __fget_files+0x2cf/0x520 [ 1353.763003] ? lock_acquire+0x197/0x470 [ 1353.763925] ? find_held_lock+0x2c/0x110 [ 1353.764824] ? __might_fault+0xd3/0x180 [ 1353.765659] ? lock_downgrade+0x6d0/0x6d0 [ 1353.766544] do_recvmmsg+0x24c/0x6d0 [ 1353.767340] ? ___sys_recvmsg+0x200/0x200 [ 1353.768162] ? lock_downgrade+0x6d0/0x6d0 [ 1353.768999] ? ksys_write+0x12d/0x260 [ 1353.769777] ? wait_for_completion_io+0x270/0x270 [ 1353.770767] ? rcu_read_lock_any_held+0x75/0xa0 [ 1353.771721] ? vfs_write+0x354/0xb10 [ 1353.772502] __x64_sys_recvmmsg+0x20f/0x260 [ 1353.773390] ? ksys_write+0x1a9/0x260 [ 1353.774180] ? __do_sys_socketcall+0x600/0x600 [ 1353.775113] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1353.776262] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1353.777328] do_syscall_64+0x33/0x40 [ 1353.778085] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1353.779128] RIP: 0033:0x7f11b74b4b19 [ 1353.779897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1353.783675] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1353.785253] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1353.786718] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1353.788193] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1353.789659] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1353.791129] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:16:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x0, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1353.823663] FAULT_INJECTION: forcing a failure. [ 1353.823663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1353.826480] CPU: 0 PID: 8017 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1353.827924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1353.829690] Call Trace: [ 1353.830234] dump_stack+0x107/0x167 [ 1353.830991] should_fail.cold+0x5/0xa [ 1353.831795] _copy_from_user+0x2e/0x1b0 [ 1353.832658] __copy_msghdr_from_user+0x91/0x4b0 [ 1353.833632] ? __ia32_sys_shutdown+0x80/0x80 [ 1353.834551] ? __lock_acquire+0x1657/0x5b00 [ 1353.835466] ___sys_recvmsg+0xd5/0x200 [ 1353.836285] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1353.837346] ? __fget_files+0x2cf/0x520 [ 1353.838162] ? lock_acquire+0x197/0x470 [ 1353.838992] ? find_held_lock+0x2c/0x110 [ 1353.839856] ? __might_fault+0xd3/0x180 [ 1353.840723] ? lock_downgrade+0x6d0/0x6d0 [ 1353.841603] do_recvmmsg+0x24c/0x6d0 [ 1353.842402] ? ___sys_recvmsg+0x200/0x200 [ 1353.843280] ? lock_downgrade+0x6d0/0x6d0 [ 1353.844159] ? ksys_write+0x12d/0x260 [ 1353.844997] ? wait_for_completion_io+0x270/0x270 [ 1353.846015] ? rcu_read_lock_any_held+0x75/0xa0 [ 1353.847001] ? vfs_write+0x354/0xb10 [ 1353.847796] __x64_sys_recvmmsg+0x20f/0x260 [ 1353.848735] ? ksys_write+0x1a9/0x260 [ 1353.849554] ? __do_sys_socketcall+0x600/0x600 [ 1353.850515] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1353.851634] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1353.852750] do_syscall_64+0x33/0x40 [ 1353.853543] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1353.854755] RIP: 0033:0x7f67c49b5b19 [ 1353.855556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1353.859547] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1353.861203] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1353.862750] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1353.864280] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1353.865837] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1353.867358] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:16:50 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 37) 17:16:50 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000280)) [ 1353.939504] FAULT_INJECTION: forcing a failure. [ 1353.939504] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1353.942162] CPU: 1 PID: 8021 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1353.943480] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1353.945149] Call Trace: [ 1353.945683] dump_stack+0x107/0x167 [ 1353.946386] should_fail.cold+0x5/0xa [ 1353.947123] _copy_from_user+0x2e/0x1b0 [ 1353.947918] __copy_msghdr_from_user+0x91/0x4b0 [ 1353.949011] ? __ia32_sys_shutdown+0x80/0x80 [ 1353.949901] ? __lock_acquire+0x1657/0x5b00 [ 1353.950780] ___sys_recvmsg+0xd5/0x200 [ 1353.951567] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1353.952564] ? __fget_files+0x2cf/0x520 [ 1353.953367] ? lock_acquire+0x197/0x470 [ 1353.954171] ? find_held_lock+0x2c/0x110 [ 1353.954993] ? __might_fault+0xd3/0x180 [ 1353.955760] ? lock_downgrade+0x6d0/0x6d0 [ 1353.956608] do_recvmmsg+0x24c/0x6d0 [ 1353.957366] ? ___sys_recvmsg+0x200/0x200 [ 1353.958201] ? lock_downgrade+0x6d0/0x6d0 [ 1353.959040] ? ksys_write+0x12d/0x260 [ 1353.959822] ? wait_for_completion_io+0x270/0x270 [ 1353.960809] ? rcu_read_lock_any_held+0x75/0xa0 [ 1353.961734] ? vfs_write+0x354/0xb10 [ 1353.962484] __x64_sys_recvmmsg+0x20f/0x260 [ 1353.963359] ? ksys_write+0x1a9/0x260 [ 1353.964108] ? __do_sys_socketcall+0x600/0x600 [ 1353.965010] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1353.966041] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1353.967032] do_syscall_64+0x33/0x40 [ 1353.967769] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1353.968796] RIP: 0033:0x7f60a47afb19 [ 1353.969509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1353.973126] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1353.974638] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1353.976011] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1353.977383] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1353.978754] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1353.980188] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1353.990413] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:16:50 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcon']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:16:50 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 16) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1354.068519] FAULT_INJECTION: forcing a failure. [ 1354.068519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1354.070805] CPU: 1 PID: 8029 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1354.072094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1354.073663] Call Trace: [ 1354.074154] dump_stack+0x107/0x167 [ 1354.074828] should_fail.cold+0x5/0xa [ 1354.075560] _copy_from_user+0x2e/0x1b0 [ 1354.076306] __copy_msghdr_from_user+0x91/0x4b0 [ 1354.077169] ? __ia32_sys_shutdown+0x80/0x80 [ 1354.078005] ? __lock_acquire+0x1657/0x5b00 [ 1354.078810] ___sys_recvmsg+0xd5/0x200 [ 1354.079541] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1354.080443] ? __fget_files+0x2cf/0x520 [ 1354.081185] ? secondary_startup_64_no_verify+0xab/0xcb [ 1354.082163] ? lock_acquire+0x197/0x470 [ 1354.082912] ? find_held_lock+0x2c/0x110 [ 1354.083668] ? __might_fault+0xd3/0x180 [ 1354.084423] ? lock_downgrade+0x6d0/0x6d0 [ 1354.085202] do_recvmmsg+0x24c/0x6d0 [ 1354.085916] ? ___sys_recvmsg+0x200/0x200 [ 1354.086705] ? lock_downgrade+0x6d0/0x6d0 [ 1354.087485] ? ksys_write+0x12d/0x260 [ 1354.088187] ? wait_for_completion_io+0x270/0x270 [ 1354.089127] ? rcu_read_lock_any_held+0x75/0xa0 [ 1354.089992] ? vfs_write+0x354/0xb10 [ 1354.090699] __x64_sys_recvmmsg+0x20f/0x260 [ 1354.091499] ? ksys_write+0x1a9/0x260 [ 1354.092181] ? __do_sys_socketcall+0x600/0x600 [ 1354.093033] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1354.094009] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1354.094947] do_syscall_64+0x33/0x40 [ 1354.095634] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1354.096576] RIP: 0033:0x7f11b74b4b19 [ 1354.097295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1354.100625] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1354.102026] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1354.103348] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1354.104684] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1354.106013] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1354.107315] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:17:05 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x8, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r1 = perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x4) dup3(0xffffffffffffffff, r1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000240)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}, 0x404c008) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) close(r1) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x20, 0x2000, 0x7ff, 0x3ff, 0x1196, 0x4}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r3 = creat(&(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x0) open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000200000008000000000000000000fffbffff00000000c64c000000007418bcb53f54cf856fcc1c693a5eb0452c3257fac49ac4ce4d76"], 0x307182) getsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r4, @ANYBLOB="00042bbd7000fcdbdf252e00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000300000048000000040046000400d0000600fb00d90000004e00fa0001ba0f7ebcf16a8a1b8fb68d7f855bf88f10ee002650ff0d24d0bc20a287684145cb5b8446a84e997a7275f28e00eba78ab4d9e4768911fca068f8099d27ea859a6a4dddc276ea089d8900000d00f900a88748809db64a5a620000004c00fa00345db12fac99bbaa40b6a9d5c21208a13cc8b6e191a1acb26a49adca44aaf8508ffc0ab1b46e2daefc435740d62087c731b4a9d2b3c2fa40aeec485a8292091dd757643f6a87b4ac"], 0xe4}, 0x1, 0x0, 0x0, 0x4}, 0x8010) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x2c, r2, 0xc0b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x2c}}, 0x0) 17:17:05 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000280)) 17:17:05 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 38) 17:17:05 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 15) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1369.610512] FAULT_INJECTION: forcing a failure. [ 1369.610512] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1369.613590] CPU: 1 PID: 8043 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1369.615050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1369.616834] Call Trace: [ 1369.617411] dump_stack+0x107/0x167 [ 1369.618184] should_fail.cold+0x5/0xa [ 1369.619015] _copy_from_user+0x2e/0x1b0 [ 1369.619868] __copy_msghdr_from_user+0x91/0x4b0 [ 1369.620867] ? __ia32_sys_shutdown+0x80/0x80 [ 1369.621789] ? __lock_acquire+0x1657/0x5b00 [ 1369.622706] ___sys_recvmsg+0xd5/0x200 [ 1369.623534] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1369.624595] ? __fget_files+0x2cf/0x520 [ 1369.625435] ? lock_acquire+0x197/0x470 [ 1369.626272] ? find_held_lock+0x2c/0x110 [ 1369.627142] ? __might_fault+0xd3/0x180 [ 1369.627979] ? lock_downgrade+0x6d0/0x6d0 [ 1369.628873] do_recvmmsg+0x24c/0x6d0 [ 1369.629673] ? ___sys_recvmsg+0x200/0x200 [ 1369.630552] ? lock_downgrade+0x6d0/0x6d0 [ 1369.631440] ? ksys_write+0x12d/0x260 [ 1369.632253] ? wait_for_completion_io+0x270/0x270 [ 1369.633273] ? rcu_read_lock_any_held+0x75/0xa0 [ 1369.634242] ? vfs_write+0x354/0xb10 [ 1369.635021] __x64_sys_recvmmsg+0x20f/0x260 [ 1369.635924] ? ksys_write+0x1a9/0x260 [ 1369.636724] ? __do_sys_socketcall+0x600/0x600 [ 1369.637685] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1369.638776] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1369.639873] do_syscall_64+0x33/0x40 [ 1369.640666] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1369.641811] RIP: 0033:0x7f67c49b5b19 [ 1369.642590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1369.646464] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1369.648055] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1369.649575] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1369.651075] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1369.652586] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1369.654091] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1369.663523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:17:05 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 17) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:05 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x0, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:05 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=us']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:17:05 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x3}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1369.673152] FAULT_INJECTION: forcing a failure. [ 1369.673152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1369.675811] CPU: 0 PID: 8054 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1369.677323] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1369.679065] Call Trace: [ 1369.679628] dump_stack+0x107/0x167 [ 1369.680406] should_fail.cold+0x5/0xa [ 1369.681318] _copy_from_user+0x2e/0x1b0 [ 1369.682322] __copy_msghdr_from_user+0x91/0x4b0 [ 1369.683489] ? __ia32_sys_shutdown+0x80/0x80 [ 1369.684586] ? __lock_acquire+0x1657/0x5b00 [ 1369.685636] ___sys_recvmsg+0xd5/0x200 [ 1369.686458] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1369.687501] ? __fget_files+0x2cf/0x520 [ 1369.688342] ? lock_acquire+0x197/0x470 [ 1369.689229] ? find_held_lock+0x2c/0x110 [ 1369.690094] ? __might_fault+0xd3/0x180 [ 1369.690934] ? lock_downgrade+0x6d0/0x6d0 [ 1369.691809] do_recvmmsg+0x24c/0x6d0 [ 1369.692618] ? ___sys_recvmsg+0x200/0x200 [ 1369.693520] ? lock_downgrade+0x6d0/0x6d0 [ 1369.694400] ? ksys_write+0x12d/0x260 [ 1369.695238] ? wait_for_completion_io+0x270/0x270 [ 1369.696246] ? rcu_read_lock_any_held+0x75/0xa0 [ 1369.697280] ? vfs_write+0x354/0xb10 [ 1369.698077] __x64_sys_recvmmsg+0x20f/0x260 [ 1369.698984] ? ksys_write+0x1a9/0x260 [ 1369.699796] ? __do_sys_socketcall+0x600/0x600 [ 1369.700810] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1369.701940] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1369.703034] do_syscall_64+0x33/0x40 [ 1369.703809] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1369.704935] RIP: 0033:0x7f11b74b4b19 [ 1369.705726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1369.709646] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1369.711266] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1369.712811] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1369.714347] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1369.715851] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1369.717384] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1369.754144] FAULT_INJECTION: forcing a failure. [ 1369.754144] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1369.756707] CPU: 0 PID: 8044 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1369.758217] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1369.759989] Call Trace: [ 1369.760581] dump_stack+0x107/0x167 [ 1369.761369] should_fail.cold+0x5/0xa [ 1369.762190] _copy_from_user+0x2e/0x1b0 [ 1369.763046] __copy_msghdr_from_user+0x91/0x4b0 [ 1369.764050] ? __ia32_sys_shutdown+0x80/0x80 [ 1369.765010] ? __lock_acquire+0x1657/0x5b00 [ 1369.765951] ___sys_recvmsg+0xd5/0x200 [ 1369.766787] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1369.767840] ? trace_hardirqs_on+0x5b/0x180 [ 1369.768777] ? lock_acquire+0x197/0x470 [ 1369.769629] ? find_held_lock+0x2c/0x110 [ 1369.770514] ? __might_fault+0xd3/0x180 [ 1369.771359] ? lock_downgrade+0x6d0/0x6d0 [ 1369.772265] do_recvmmsg+0x24c/0x6d0 [ 1369.773085] ? ___sys_recvmsg+0x200/0x200 [ 1369.773977] ? lock_downgrade+0x6d0/0x6d0 [ 1369.774863] ? ksys_write+0x12d/0x260 [ 1369.775703] ? wait_for_completion_io+0x270/0x270 [ 1369.776745] ? rcu_read_lock_any_held+0x75/0xa0 [ 1369.777754] ? vfs_write+0x354/0xb10 [ 1369.778562] __x64_sys_recvmmsg+0x20f/0x260 [ 1369.779485] ? ksys_write+0x1a9/0x260 [ 1369.780301] ? __do_sys_socketcall+0x600/0x600 [ 1369.781271] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1369.782388] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1369.783504] do_syscall_64+0x33/0x40 [ 1369.784288] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1369.785402] RIP: 0033:0x7f60a47afb19 [ 1369.786204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1369.790091] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1369.791718] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1369.793235] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1369.794749] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1369.796302] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1369.797869] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:17:06 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, 0x0) 17:17:06 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 18) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:06 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 16) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1369.896401] FAULT_INJECTION: forcing a failure. [ 1369.896401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1369.899020] CPU: 0 PID: 8062 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1369.900471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1369.902303] Call Trace: [ 1369.902874] dump_stack+0x107/0x167 [ 1369.903650] should_fail.cold+0x5/0xa [ 1369.904478] _copy_from_user+0x2e/0x1b0 [ 1369.905348] __copy_msghdr_from_user+0x91/0x4b0 [ 1369.906381] ? __ia32_sys_shutdown+0x80/0x80 [ 1369.907373] ? __lock_acquire+0x1657/0x5b00 [ 1369.908317] ___sys_recvmsg+0xd5/0x200 [ 1369.909161] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1369.910216] ? __fget_files+0x2cf/0x520 [ 1369.911073] ? lock_acquire+0x197/0x470 [ 1369.911939] ? find_held_lock+0x2c/0x110 [ 1369.912835] ? __might_fault+0xd3/0x180 [ 1369.913693] ? lock_downgrade+0x6d0/0x6d0 [ 1369.914598] do_recvmmsg+0x24c/0x6d0 [ 1369.915403] ? ___sys_recvmsg+0x200/0x200 [ 1369.916278] ? lock_downgrade+0x6d0/0x6d0 [ 1369.917199] ? ksys_write+0x12d/0x260 [ 1369.918035] ? wait_for_completion_io+0x270/0x270 [ 1369.919075] ? rcu_read_lock_any_held+0x75/0xa0 [ 1369.920181] ? vfs_write+0x354/0xb10 [ 1369.921014] __x64_sys_recvmmsg+0x20f/0x260 [ 1369.921947] ? ksys_write+0x1a9/0x260 [ 1369.922773] ? __do_sys_socketcall+0x600/0x600 [ 1369.923767] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1369.924900] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1369.926038] do_syscall_64+0x33/0x40 [ 1369.926942] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1369.928070] RIP: 0033:0x7f11b74b4b19 [ 1369.928910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1369.932876] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1369.934737] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1369.936272] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1369.937841] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1369.939375] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1369.940974] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:17:06 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x0, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:06 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=us']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1370.000944] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1370.019574] FAULT_INJECTION: forcing a failure. [ 1370.019574] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1370.022236] CPU: 1 PID: 8067 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1370.023706] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1370.025499] Call Trace: [ 1370.026076] dump_stack+0x107/0x167 [ 1370.026873] should_fail.cold+0x5/0xa [ 1370.027706] _copy_from_user+0x2e/0x1b0 [ 1370.028579] __copy_msghdr_from_user+0x91/0x4b0 [ 1370.029592] ? __ia32_sys_shutdown+0x80/0x80 [ 1370.030533] ? __lock_acquire+0x1657/0x5b00 [ 1370.031469] ___sys_recvmsg+0xd5/0x200 [ 1370.032315] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1370.033366] ? __fget_files+0x2cf/0x520 [ 1370.034200] ? lock_acquire+0x197/0x470 [ 1370.035034] ? find_held_lock+0x2c/0x110 [ 1370.035916] ? __might_fault+0xd3/0x180 [ 1370.036755] ? lock_downgrade+0x6d0/0x6d0 [ 1370.037688] do_recvmmsg+0x24c/0x6d0 [ 1370.038633] ? ___sys_recvmsg+0x200/0x200 [ 1370.039687] ? lock_downgrade+0x6d0/0x6d0 [ 1370.040801] ? ksys_write+0x12d/0x260 [ 1370.041801] ? wait_for_completion_io+0x270/0x270 [ 1370.043032] ? rcu_read_lock_any_held+0x75/0xa0 [ 1370.044218] ? vfs_write+0x354/0xb10 [ 1370.045183] __x64_sys_recvmmsg+0x20f/0x260 [ 1370.046277] ? ksys_write+0x1a9/0x260 [ 1370.047077] ? __do_sys_socketcall+0x600/0x600 [ 1370.048051] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1370.049175] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1370.050290] do_syscall_64+0x33/0x40 [ 1370.051085] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1370.052194] RIP: 0033:0x7f67c49b5b19 [ 1370.053012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1370.057001] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1370.058627] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1370.060136] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1370.061602] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1370.063090] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1370.064558] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:17:06 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 19) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:06 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 39) 17:17:06 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, 0x0) 17:17:06 executing program 6: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1370.203518] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1370.209697] FAULT_INJECTION: forcing a failure. [ 1370.209697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1370.212813] CPU: 0 PID: 8078 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1370.214405] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1370.216353] Call Trace: [ 1370.217010] dump_stack+0x107/0x167 [ 1370.217861] should_fail.cold+0x5/0xa [ 1370.218803] _copy_from_user+0x2e/0x1b0 [ 1370.219810] __copy_msghdr_from_user+0x91/0x4b0 [ 1370.221041] ? __ia32_sys_shutdown+0x80/0x80 [ 1370.222209] ? __lock_acquire+0x1657/0x5b00 [ 1370.223328] ___sys_recvmsg+0xd5/0x200 [ 1370.224301] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1370.225531] ? trace_hardirqs_on+0x5b/0x180 [ 1370.226620] ? lock_acquire+0x197/0x470 [ 1370.227611] ? find_held_lock+0x2c/0x110 [ 1370.228715] ? __might_fault+0xd3/0x180 [ 1370.229546] ? lock_downgrade+0x6d0/0x6d0 [ 1370.230429] do_recvmmsg+0x24c/0x6d0 [ 1370.231204] ? ___sys_recvmsg+0x200/0x200 [ 1370.232074] ? lock_downgrade+0x6d0/0x6d0 [ 1370.232949] ? ksys_write+0x12d/0x260 [ 1370.233742] ? wait_for_completion_io+0x270/0x270 [ 1370.234734] ? rcu_read_lock_any_held+0x75/0xa0 [ 1370.235690] ? vfs_write+0x354/0xb10 [ 1370.236454] __x64_sys_recvmmsg+0x20f/0x260 [ 1370.237336] ? ksys_write+0x1a9/0x260 [ 1370.238123] ? __do_sys_socketcall+0x600/0x600 [ 1370.239085] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1370.240164] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1370.241221] do_syscall_64+0x33/0x40 [ 1370.241991] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1370.243037] RIP: 0033:0x7f11b74b4b19 [ 1370.243801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1370.247602] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1370.249196] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1370.250683] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1370.252160] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1370.253671] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1370.255144] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1370.258087] FAULT_INJECTION: forcing a failure. [ 1370.258087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1370.260523] CPU: 1 PID: 8076 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1370.261939] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1370.263613] Call Trace: [ 1370.264161] dump_stack+0x107/0x167 [ 1370.264921] should_fail.cold+0x5/0xa [ 1370.265713] _copy_from_user+0x2e/0x1b0 [ 1370.266550] __copy_msghdr_from_user+0x91/0x4b0 [ 1370.267514] ? __ia32_sys_shutdown+0x80/0x80 [ 1370.268410] ? __lock_acquire+0x1657/0x5b00 [ 1370.269339] ___sys_recvmsg+0xd5/0x200 [ 1370.270143] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1370.271132] ? __fget_files+0x2cf/0x520 [ 1370.271965] ? lock_acquire+0x197/0x470 [ 1370.272786] ? find_held_lock+0x2c/0x110 [ 1370.273665] ? __might_fault+0xd3/0x180 [ 1370.274488] ? lock_downgrade+0x6d0/0x6d0 [ 1370.275364] do_recvmmsg+0x24c/0x6d0 [ 1370.276136] ? ___sys_recvmsg+0x200/0x200 [ 1370.277015] ? lock_downgrade+0x6d0/0x6d0 [ 1370.277878] ? ksys_write+0x12d/0x260 [ 1370.278670] ? wait_for_completion_io+0x270/0x270 [ 1370.279678] ? rcu_read_lock_any_held+0x75/0xa0 [ 1370.280648] ? vfs_write+0x354/0xb10 [ 1370.281422] __x64_sys_recvmmsg+0x20f/0x260 [ 1370.282318] ? ksys_write+0x1a9/0x260 [ 1370.283106] ? __do_sys_socketcall+0x600/0x600 [ 1370.284043] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1370.285154] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1370.286220] do_syscall_64+0x33/0x40 [ 1370.286989] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1370.288058] RIP: 0033:0x7f60a47afb19 [ 1370.288835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1370.292637] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1370.294219] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1370.295848] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1370.297592] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1370.299242] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1370.301076] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:17:22 executing program 6: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:17:22 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 40) 17:17:22 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, 0x0) 17:17:22 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x4}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:17:22 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 20) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:22 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:22 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=us']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:17:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 17) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1386.450527] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1386.458857] FAULT_INJECTION: forcing a failure. [ 1386.458857] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1386.460331] CPU: 1 PID: 8095 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1386.461127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.462073] Call Trace: [ 1386.462385] dump_stack+0x107/0x167 [ 1386.462802] should_fail.cold+0x5/0xa [ 1386.463240] _copy_from_user+0x2e/0x1b0 [ 1386.463695] __copy_msghdr_from_user+0x91/0x4b0 [ 1386.464232] ? __ia32_sys_shutdown+0x80/0x80 [ 1386.464439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1386.464733] ? __lock_acquire+0x1657/0x5b00 [ 1386.464762] ___sys_recvmsg+0xd5/0x200 [ 1386.464784] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1386.468253] ? __fget_files+0x2cf/0x520 [ 1386.468843] ? lock_acquire+0x197/0x470 [ 1386.469377] ? find_held_lock+0x2c/0x110 [ 1386.469918] ? __might_fault+0xd3/0x180 [ 1386.470425] ? lock_downgrade+0x6d0/0x6d0 [ 1386.470964] do_recvmmsg+0x24c/0x6d0 [ 1386.471428] ? ___sys_recvmsg+0x200/0x200 [ 1386.471915] ? lock_downgrade+0x6d0/0x6d0 [ 1386.472400] ? ksys_write+0x12d/0x260 [ 1386.472864] ? wait_for_completion_io+0x270/0x270 [ 1386.473429] ? rcu_read_lock_any_held+0x75/0xa0 [ 1386.473988] ? vfs_write+0x354/0xb10 [ 1386.474433] __x64_sys_recvmmsg+0x20f/0x260 [ 1386.474944] ? ksys_write+0x1a9/0x260 [ 1386.475385] ? __do_sys_socketcall+0x600/0x600 [ 1386.475908] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.476516] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.476735] FAULT_INJECTION: forcing a failure. [ 1386.476735] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1386.477168] do_syscall_64+0x33/0x40 [ 1386.480383] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.481077] RIP: 0033:0x7f60a47afb19 [ 1386.481511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.483695] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1386.484571] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1386.485434] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1386.486251] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.487074] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1386.487889] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1386.488759] CPU: 0 PID: 8102 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1386.490256] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.492011] Call Trace: [ 1386.492589] dump_stack+0x107/0x167 [ 1386.493370] should_fail.cold+0x5/0xa [ 1386.494172] _copy_from_user+0x2e/0x1b0 [ 1386.495046] __copy_msghdr_from_user+0x91/0x4b0 [ 1386.496046] ? __ia32_sys_shutdown+0x80/0x80 [ 1386.496988] ? __lock_acquire+0x1657/0x5b00 [ 1386.497908] ___sys_recvmsg+0xd5/0x200 [ 1386.498743] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1386.499790] ? __fget_files+0x2cf/0x520 [ 1386.500653] ? lock_acquire+0x197/0x470 [ 1386.501510] ? find_held_lock+0x2c/0x110 [ 1386.502386] ? __might_fault+0xd3/0x180 [ 1386.503232] ? lock_downgrade+0x6d0/0x6d0 [ 1386.504124] do_recvmmsg+0x24c/0x6d0 [ 1386.504940] ? ___sys_recvmsg+0x200/0x200 [ 1386.505168] FAULT_INJECTION: forcing a failure. [ 1386.505168] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1386.505809] ? lock_downgrade+0x6d0/0x6d0 [ 1386.505836] ? ksys_write+0x12d/0x260 [ 1386.505866] ? wait_for_completion_io+0x270/0x270 [ 1386.509801] ? rcu_read_lock_any_held+0x75/0xa0 [ 1386.510765] ? vfs_write+0x354/0xb10 [ 1386.511554] __x64_sys_recvmmsg+0x20f/0x260 [ 1386.512464] ? ksys_write+0x1a9/0x260 [ 1386.513283] ? __do_sys_socketcall+0x600/0x600 [ 1386.514259] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.515353] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.516422] do_syscall_64+0x33/0x40 [ 1386.517206] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.518294] RIP: 0033:0x7f11b74b4b19 [ 1386.519076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.522955] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1386.524530] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1386.526019] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1386.527507] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.529019] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1386.530531] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1386.532047] CPU: 1 PID: 8099 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1386.532859] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.533800] Call Trace: [ 1386.534102] dump_stack+0x107/0x167 [ 1386.534521] should_fail.cold+0x5/0xa [ 1386.534967] _copy_from_user+0x2e/0x1b0 [ 1386.535436] __copy_msghdr_from_user+0x91/0x4b0 [ 1386.535983] ? __ia32_sys_shutdown+0x80/0x80 [ 1386.536497] ? __lock_acquire+0x1657/0x5b00 [ 1386.537010] ___sys_recvmsg+0xd5/0x200 [ 1386.537460] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1386.538025] ? __fget_files+0x2cf/0x520 [ 1386.538478] ? lock_acquire+0x197/0x470 [ 1386.538930] ? find_held_lock+0x2c/0x110 [ 1386.539413] ? __might_fault+0xd3/0x180 [ 1386.539876] ? lock_downgrade+0x6d0/0x6d0 [ 1386.540352] do_recvmmsg+0x24c/0x6d0 [ 1386.540793] ? ___sys_recvmsg+0x200/0x200 [ 1386.541279] ? lock_downgrade+0x6d0/0x6d0 [ 1386.541764] ? ksys_write+0x12d/0x260 [ 1386.542201] ? wait_for_completion_io+0x270/0x270 [ 1386.542760] ? rcu_read_lock_any_held+0x75/0xa0 [ 1386.543298] ? vfs_write+0x354/0xb10 [ 1386.543757] __x64_sys_recvmmsg+0x20f/0x260 [ 1386.544253] ? ksys_write+0x1a9/0x260 [ 1386.544698] ? __do_sys_socketcall+0x600/0x600 [ 1386.545234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.545843] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.546455] do_syscall_64+0x33/0x40 [ 1386.546890] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.547483] RIP: 0033:0x7f67c49b5b19 [ 1386.547912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.550065] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1386.550936] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1386.551769] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1386.552587] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.553419] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1386.554247] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:17:22 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 21) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:22 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:22 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 41) 17:17:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 18) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1386.631505] FAULT_INJECTION: forcing a failure. [ 1386.631505] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1386.632928] CPU: 1 PID: 8107 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1386.633714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.634658] Call Trace: [ 1386.634963] dump_stack+0x107/0x167 [ 1386.635380] should_fail.cold+0x5/0xa [ 1386.635821] _copy_from_user+0x2e/0x1b0 [ 1386.636287] __copy_msghdr_from_user+0x91/0x4b0 [ 1386.636848] ? __ia32_sys_shutdown+0x80/0x80 [ 1386.637365] ? __lock_acquire+0x1657/0x5b00 [ 1386.637869] ___sys_recvmsg+0xd5/0x200 [ 1386.638313] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1386.638882] ? __fget_files+0x2cf/0x520 [ 1386.639335] ? lock_acquire+0x197/0x470 [ 1386.639794] ? find_held_lock+0x2c/0x110 [ 1386.640272] ? __might_fault+0xd3/0x180 [ 1386.640732] ? lock_downgrade+0x6d0/0x6d0 [ 1386.641227] do_recvmmsg+0x24c/0x6d0 [ 1386.641653] ? ___sys_recvmsg+0x200/0x200 [ 1386.642128] ? lock_downgrade+0x6d0/0x6d0 [ 1386.642606] ? ksys_write+0x12d/0x260 [ 1386.643047] ? wait_for_completion_io+0x270/0x270 [ 1386.643607] ? rcu_read_lock_any_held+0x75/0xa0 [ 1386.644137] ? vfs_write+0x354/0xb10 [ 1386.644561] __x64_sys_recvmmsg+0x20f/0x260 [ 1386.645064] ? ksys_write+0x1a9/0x260 [ 1386.645500] ? __do_sys_socketcall+0x600/0x600 [ 1386.646020] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.646623] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.647225] do_syscall_64+0x33/0x40 [ 1386.647658] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.648242] RIP: 0033:0x7f11b74b4b19 [ 1386.648669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.650806] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1386.651675] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1386.652485] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1386.653340] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.654169] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1386.655008] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:17:23 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1386.720280] FAULT_INJECTION: forcing a failure. [ 1386.720280] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1386.721923] CPU: 1 PID: 8117 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1386.722714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.723659] Call Trace: [ 1386.723960] dump_stack+0x107/0x167 [ 1386.724383] should_fail.cold+0x5/0xa [ 1386.724842] _copy_from_user+0x2e/0x1b0 [ 1386.725327] __copy_msghdr_from_user+0x91/0x4b0 [ 1386.725881] ? __ia32_sys_shutdown+0x80/0x80 [ 1386.726422] ? __lock_acquire+0x1657/0x5b00 [ 1386.726922] ___sys_recvmsg+0xd5/0x200 [ 1386.727379] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1386.727953] ? __fget_files+0x2cf/0x520 [ 1386.728414] ? lock_acquire+0x197/0x470 [ 1386.728891] ? find_held_lock+0x2c/0x110 [ 1386.729382] ? __might_fault+0xd3/0x180 [ 1386.729524] FAULT_INJECTION: forcing a failure. [ 1386.729524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1386.729836] ? lock_downgrade+0x6d0/0x6d0 [ 1386.729856] do_recvmmsg+0x24c/0x6d0 [ 1386.729870] ? ___sys_recvmsg+0x200/0x200 [ 1386.729880] ? lock_downgrade+0x6d0/0x6d0 [ 1386.729900] ? ksys_write+0x12d/0x260 [ 1386.734683] ? wait_for_completion_io+0x270/0x270 [ 1386.735244] ? rcu_read_lock_any_held+0x75/0xa0 [ 1386.735783] ? vfs_write+0x354/0xb10 [ 1386.736208] __x64_sys_recvmmsg+0x20f/0x260 [ 1386.736706] ? ksys_write+0x1a9/0x260 [ 1386.737163] ? __do_sys_socketcall+0x600/0x600 [ 1386.737695] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.738299] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.738894] do_syscall_64+0x33/0x40 [ 1386.739320] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.739911] RIP: 0033:0x7f67c49b5b19 [ 1386.740347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.742480] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1386.743351] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1386.744180] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1386.745012] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.745835] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1386.746670] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:17:23 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 22) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1386.747519] CPU: 0 PID: 8112 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1386.749136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.750939] Call Trace: [ 1386.751496] dump_stack+0x107/0x167 [ 1386.752266] should_fail.cold+0x5/0xa [ 1386.753183] _copy_from_user+0x2e/0x1b0 [ 1386.754185] __copy_msghdr_from_user+0x91/0x4b0 [ 1386.755298] ? __ia32_sys_shutdown+0x80/0x80 [ 1386.756402] ? __lock_acquire+0x1657/0x5b00 [ 1386.757471] ___sys_recvmsg+0xd5/0x200 [ 1386.758357] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1386.759609] ? __fget_files+0x2cf/0x520 [ 1386.760558] ? lock_acquire+0x197/0x470 [ 1386.761434] ? find_held_lock+0x2c/0x110 [ 1386.762300] ? __might_fault+0xd3/0x180 [ 1386.763141] ? lock_downgrade+0x6d0/0x6d0 [ 1386.764042] do_recvmmsg+0x24c/0x6d0 [ 1386.764884] ? ___sys_recvmsg+0x200/0x200 [ 1386.765837] ? lock_downgrade+0x6d0/0x6d0 [ 1386.766834] ? ksys_write+0x12d/0x260 [ 1386.767751] ? wait_for_completion_io+0x270/0x270 [ 1386.768930] ? rcu_read_lock_any_held+0x75/0xa0 [ 1386.770018] ? vfs_write+0x354/0xb10 [ 1386.770912] __x64_sys_recvmmsg+0x20f/0x260 [ 1386.771864] ? ksys_write+0x1a9/0x260 [ 1386.772673] ? __do_sys_socketcall+0x600/0x600 [ 1386.773661] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.774767] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.775857] do_syscall_64+0x33/0x40 [ 1386.776654] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.777742] RIP: 0033:0x7f60a47afb19 [ 1386.778580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.782993] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1386.784601] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1386.786079] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1386.787566] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.789070] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1386.790564] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1386.796189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1386.808319] FAULT_INJECTION: forcing a failure. [ 1386.808319] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1386.809776] CPU: 1 PID: 8120 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1386.810561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.811516] Call Trace: [ 1386.811826] dump_stack+0x107/0x167 [ 1386.812242] should_fail.cold+0x5/0xa [ 1386.812681] _copy_from_user+0x2e/0x1b0 [ 1386.813164] __copy_msghdr_from_user+0x91/0x4b0 [ 1386.813702] ? __ia32_sys_shutdown+0x80/0x80 [ 1386.814210] ? __lock_acquire+0x1657/0x5b00 [ 1386.814727] ___sys_recvmsg+0xd5/0x200 [ 1386.815181] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1386.815751] ? __fget_files+0x2cf/0x520 [ 1386.816203] ? lock_acquire+0x197/0x470 [ 1386.816665] ? find_held_lock+0x2c/0x110 [ 1386.817153] ? __might_fault+0xd3/0x180 [ 1386.817609] ? lock_downgrade+0x6d0/0x6d0 [ 1386.818092] do_recvmmsg+0x24c/0x6d0 [ 1386.818517] ? ___sys_recvmsg+0x200/0x200 [ 1386.818993] ? lock_downgrade+0x6d0/0x6d0 [ 1386.819478] ? ksys_write+0x12d/0x260 [ 1386.819929] ? wait_for_completion_io+0x270/0x270 [ 1386.820478] ? rcu_read_lock_any_held+0x75/0xa0 [ 1386.821025] ? vfs_write+0x354/0xb10 [ 1386.821470] __x64_sys_recvmmsg+0x20f/0x260 [ 1386.821967] ? ksys_write+0x1a9/0x260 [ 1386.822397] ? __do_sys_socketcall+0x600/0x600 [ 1386.822927] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.823555] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.824140] do_syscall_64+0x33/0x40 [ 1386.824564] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.825169] RIP: 0033:0x7f11b74b4b19 [ 1386.825598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.827717] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1386.828605] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1386.829421] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1386.830256] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.831072] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1386.831900] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:17:23 executing program 6: syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1386.857990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1400.217812] Bluetooth: hci1: command 0x0406 tx timeout [ 1403.070499] FAULT_INJECTION: forcing a failure. [ 1403.070499] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1403.073302] CPU: 0 PID: 8134 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1403.074750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1403.076518] Call Trace: [ 1403.077097] dump_stack+0x107/0x167 [ 1403.077868] should_fail.cold+0x5/0xa [ 1403.078674] _copy_from_user+0x2e/0x1b0 [ 1403.079525] __copy_msghdr_from_user+0x91/0x4b0 [ 1403.080519] ? __ia32_sys_shutdown+0x80/0x80 [ 1403.081455] ? __lock_acquire+0x1657/0x5b00 [ 1403.082603] ___sys_recvmsg+0xd5/0x200 [ 1403.083486] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1403.084529] ? __fget_files+0x2cf/0x520 [ 1403.085409] ? lock_acquire+0x197/0x470 [ 1403.086245] ? find_held_lock+0x2c/0x110 [ 1403.087123] ? __might_fault+0xd3/0x180 [ 1403.087971] ? lock_downgrade+0x6d0/0x6d0 [ 1403.088921] do_recvmmsg+0x24c/0x6d0 [ 1403.089749] ? ___sys_recvmsg+0x200/0x200 [ 1403.090649] ? lock_downgrade+0x6d0/0x6d0 [ 1403.091575] ? ksys_write+0x12d/0x260 [ 1403.092433] ? wait_for_completion_io+0x270/0x270 [ 1403.093493] ? rcu_read_lock_any_held+0x75/0xa0 [ 1403.094498] ? vfs_write+0x354/0xb10 [ 1403.095306] __x64_sys_recvmmsg+0x20f/0x260 [ 1403.096239] ? ksys_write+0x1a9/0x260 [ 1403.097073] ? __do_sys_socketcall+0x600/0x600 [ 1403.098090] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1403.099226] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1403.100357] do_syscall_64+0x33/0x40 [ 1403.100801] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1403.101164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1403.101178] RIP: 0033:0x7f67c49b5b19 [ 1403.101207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.109048] FAULT_INJECTION: forcing a failure. [ 1403.109048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1403.109213] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1403.109234] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1403.109245] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1403.109264] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.117959] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1403.119494] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1403.121080] CPU: 1 PID: 8143 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1403.122591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 17:17:39 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x5}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:17:39 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:17:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:39 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 1) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:39 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 23) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:39 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 42) 17:17:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 19) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:39 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) fallocate(r0, 0x0, 0x0, 0x5) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) accept4$inet6(r1, &(0x7f00000005c0)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000600)=0x1c, 0x800) fallocate(0xffffffffffffffff, 0xe, 0x2000000000005e, 0x5) socket$nl_audit(0x10, 0x3, 0x9) r2 = creat(&(0x7f0000000100)='./file0/file0\x00', 0x0) fstat(r1, &(0x7f0000000280)) renameat(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x14000, 0x21) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r3, 0x89f4, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0x3, 0xe5, 0x4, 0x8, @private2, @mcast1, 0x8000, 0x10, 0x1f, 0x1}}) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)=0x0) r6 = semget(0x2, 0x0, 0x20b) r7 = getuid() stat(&(0x7f0000000240)='./file0/file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(r6, 0x0, 0x1, &(0x7f00000002c0)={{0x1, r7, r5, r8, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) fchownat(r2, &(0x7f0000000580)='./file1\x00', 0x0, r5, 0x1000) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000440)={'syztnl1\x00', &(0x7f00000003c0)={'sit0\x00', r4, 0x2f, 0x0, 0x20, 0x6, 0x62, @local, @loopback, 0x8, 0x10, 0x5f, 0x80000000}}) syz_emit_ethernet(0x3a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800460000180000000000339078ac1414000a0101008303000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="000000001b17cb00f466e2ea65dde7514343d8cdd233573d8773cf4bf1366955318603758f4ca1350876129d88d368420c2ff38ed8157b61454fd0bb823bced8694a97543847c9c1f0e9eef1543c5c92159585ad12da33a9c144886c8f23ff55206b5841f109eefe27765d2277511c6fd19c1a15399d2f1ff4582eb28b9894c25adeeeebffb012bf125da8dbbda23f1ccb38ed0d97b6efa74284256a271660403ae26b14dbfdf23e427e4650df619331b78d7fff93584e240e9ecefd7878aff84e3400"/220], 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="010026bd7000fbdbdf25010000000c0004000000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x4) [ 1403.124523] Call Trace: [ 1403.125256] dump_stack+0x107/0x167 [ 1403.126041] should_fail.cold+0x5/0xa [ 1403.126860] _copy_from_user+0x2e/0x1b0 [ 1403.127723] __copy_msghdr_from_user+0x91/0x4b0 [ 1403.128825] ? __ia32_sys_shutdown+0x80/0x80 [ 1403.129773] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1403.130904] ? mark_lock+0xf5/0x2df0 [ 1403.131690] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1403.132027] FAULT_INJECTION: forcing a failure. [ 1403.132027] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1403.132813] ? __lock_acquire+0x1657/0x5b00 [ 1403.132840] ___sys_recvmsg+0xd5/0x200 [ 1403.132867] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1403.138041] ? __fget_files+0x2cf/0x520 [ 1403.138886] ? lock_downgrade+0x6d0/0x6d0 [ 1403.139790] ? lock_downgrade+0x6d0/0x6d0 [ 1403.140692] ? __fget_files+0x2f8/0x520 [ 1403.141568] ? __fget_light+0xea/0x290 [ 1403.142416] do_recvmmsg+0x24c/0x6d0 [ 1403.143223] ? ___sys_recvmsg+0x200/0x200 [ 1403.144120] ? lock_downgrade+0x6d0/0x6d0 [ 1403.145040] ? ksys_write+0x12d/0x260 [ 1403.145869] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1403.146895] ? wait_for_completion_io+0x270/0x270 [ 1403.147937] ? rcu_read_lock_any_held+0x75/0xa0 [ 1403.148946] ? vfs_write+0x354/0xb10 [ 1403.149753] __x64_sys_recvmmsg+0x20f/0x260 [ 1403.150682] ? ksys_write+0x1a9/0x260 [ 1403.151503] ? __do_sys_socketcall+0x600/0x600 [ 1403.152489] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1403.153629] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1403.154742] do_syscall_64+0x33/0x40 [ 1403.155547] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1403.156655] RIP: 0033:0x7f033573cb19 [ 1403.157460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.161681] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1403.163434] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1403.165158] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1403.167034] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.168896] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1403.170790] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1403.172701] CPU: 0 PID: 8145 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1403.174362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1403.176117] Call Trace: [ 1403.176685] dump_stack+0x107/0x167 [ 1403.177470] should_fail.cold+0x5/0xa [ 1403.178300] _copy_from_user+0x2e/0x1b0 [ 1403.179188] __copy_msghdr_from_user+0x91/0x4b0 [ 1403.180208] ? __ia32_sys_shutdown+0x80/0x80 [ 1403.181171] ? __lock_acquire+0x1657/0x5b00 [ 1403.182138] ___sys_recvmsg+0xd5/0x200 [ 1403.182976] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1403.184058] ? __fget_files+0x2cf/0x520 [ 1403.184960] ? lock_acquire+0x197/0x470 [ 1403.185845] ? find_held_lock+0x2c/0x110 [ 1403.186723] ? __might_fault+0xd3/0x180 [ 1403.187612] ? lock_downgrade+0x6d0/0x6d0 [ 1403.188517] do_recvmmsg+0x24c/0x6d0 [ 1403.189367] ? ___sys_recvmsg+0x200/0x200 [ 1403.190274] ? lock_downgrade+0x6d0/0x6d0 [ 1403.191164] ? ksys_write+0x12d/0x260 [ 1403.192025] ? wait_for_completion_io+0x270/0x270 [ 1403.193071] ? rcu_read_lock_any_held+0x75/0xa0 [ 1403.194093] ? vfs_write+0x354/0xb10 [ 1403.194886] __x64_sys_recvmmsg+0x20f/0x260 [ 1403.195839] ? ksys_write+0x1a9/0x260 [ 1403.196655] ? __do_sys_socketcall+0x600/0x600 [ 1403.197681] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1403.198851] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1403.199943] do_syscall_64+0x33/0x40 [ 1403.200780] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1403.201877] RIP: 0033:0x7f11b74b4b19 [ 1403.202699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.206652] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1403.208320] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1403.209863] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1403.211446] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.213047] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1403.214627] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1403.361601] FAULT_INJECTION: forcing a failure. [ 1403.361601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1403.364229] CPU: 0 PID: 8142 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1403.365752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1403.367575] Call Trace: [ 1403.368156] dump_stack+0x107/0x167 [ 1403.368966] should_fail.cold+0x5/0xa [ 1403.369804] _copy_from_user+0x2e/0x1b0 [ 1403.370674] __copy_msghdr_from_user+0x91/0x4b0 [ 1403.371699] ? __ia32_sys_shutdown+0x80/0x80 [ 1403.372672] ? __lock_acquire+0x1657/0x5b00 [ 1403.373661] ___sys_recvmsg+0xd5/0x200 [ 1403.374494] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1403.375576] ? __fget_files+0x2cf/0x520 [ 1403.376456] ? lock_acquire+0x197/0x470 [ 1403.377333] ? find_held_lock+0x2c/0x110 [ 1403.378238] ? __might_fault+0xd3/0x180 [ 1403.379108] ? lock_downgrade+0x6d0/0x6d0 [ 1403.380026] do_recvmmsg+0x24c/0x6d0 [ 1403.380849] ? ___sys_recvmsg+0x200/0x200 [ 1403.381760] ? lock_downgrade+0x6d0/0x6d0 [ 1403.382670] ? ksys_write+0x12d/0x260 [ 1403.383508] ? wait_for_completion_io+0x270/0x270 [ 1403.384564] ? rcu_read_lock_any_held+0x75/0xa0 [ 1403.385587] ? vfs_write+0x354/0xb10 [ 1403.386402] __x64_sys_recvmmsg+0x20f/0x260 [ 1403.387336] ? ksys_write+0x1a9/0x260 [ 1403.388164] ? __do_sys_socketcall+0x600/0x600 [ 1403.389174] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1403.390319] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1403.391451] do_syscall_64+0x33/0x40 [ 1403.392262] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1403.393396] RIP: 0033:0x7f60a47afb19 [ 1403.394211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.398288] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1403.399968] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1403.401544] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1403.403100] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1403.404654] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1403.406222] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1403.483520] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:17:53 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x6}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:17:53 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 43) [ 1416.682936] FAULT_INJECTION: forcing a failure. [ 1416.682936] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1416.685481] CPU: 1 PID: 8161 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1416.686919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1416.688715] Call Trace: [ 1416.689489] dump_stack+0x107/0x167 [ 1416.690461] should_fail.cold+0x5/0xa [ 1416.691419] _copy_from_user+0x2e/0x1b0 [ 1416.692404] __copy_msghdr_from_user+0x91/0x4b0 [ 1416.693595] ? __ia32_sys_shutdown+0x80/0x80 [ 1416.694659] ? __lock_acquire+0x1657/0x5b00 [ 1416.695703] ___sys_recvmsg+0xd5/0x200 [ 1416.696665] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1416.697860] ? __fget_files+0x2cf/0x520 [ 1416.698844] ? lock_acquire+0x197/0x470 [ 1416.699810] ? find_held_lock+0x2c/0x110 [ 1416.700810] ? __might_fault+0xd3/0x180 [ 1416.701808] ? lock_downgrade+0x6d0/0x6d0 [ 1416.702725] do_recvmmsg+0x24c/0x6d0 [ 1416.703525] ? ___sys_recvmsg+0x200/0x200 [ 1416.704409] ? lock_downgrade+0x6d0/0x6d0 [ 1416.705323] ? ksys_write+0x12d/0x260 [ 1416.706147] ? wait_for_completion_io+0x270/0x270 [ 1416.707167] ? rcu_read_lock_any_held+0x75/0xa0 [ 1416.708151] ? vfs_write+0x354/0xb10 [ 1416.708942] __x64_sys_recvmmsg+0x20f/0x260 [ 1416.709862] ? ksys_write+0x1a9/0x260 [ 1416.710667] ? __do_sys_socketcall+0x600/0x600 [ 1416.711637] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1416.712742] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1416.713841] do_syscall_64+0x33/0x40 [ 1416.714631] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1416.715712] RIP: 0033:0x7f11b74b4b19 [ 1416.716501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1416.720406] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1416.722019] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1416.723523] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1416.725016] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1416.726517] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1416.728004] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:17:53 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:53 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 20) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:53 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 24) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:53 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:17:53 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 2) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:53 executing program 6: listen(0xffffffffffffffff, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4010}, 0x0) r0 = io_uring_setup(0x396d, &(0x7f0000000a40)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000c00), 0x1312) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) fallocate(r1, 0x0, 0x0, 0x5) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x3c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @broadcast}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x92}, @FOU_ATTR_AF={0x5, 0x2, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r3, @ANYBLOB="fd000000000000002e2f66696c653000ac834158a1b5184971d1d5a13ae7edf72e41d36a969e959ea94ff6604e6586c9b975b76e5dde93ffcae3940d62e9c970bb958e26b0320abe01bbb4f09d2f05ce92e8564da4b82c4efbbab59f31c7cd991362a99424e177a58914adef811e06b3cfa4475eeafd1c2683faa579f62f195c60e544d62fab4c06115fdbcbcec3dda329484f"]) pread64(r4, &(0x7f00000000c0)=""/77, 0x4d, 0x9) fcntl$setown(r2, 0x8, 0xffffffffffffffff) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)={0x48, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@nested={0x14, 0x11, 0x0, 0x1, [@generic="809801a7b0c7dba09475f251c743092f"]}, @nested={0x20, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @fd=r3}, @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@remote}]}]}, 0x48}}, 0x0) io_uring_setup(0x2dd, &(0x7f0000000300)={0x0, 0x628d, 0x2, 0x3, 0x32d, 0x0, r0}) [ 1416.759023] FAULT_INJECTION: forcing a failure. [ 1416.759023] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1416.759645] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1416.761569] CPU: 1 PID: 8169 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1416.764945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1416.766721] Call Trace: [ 1416.767291] dump_stack+0x107/0x167 [ 1416.768069] should_fail.cold+0x5/0xa [ 1416.768882] _copy_from_user+0x2e/0x1b0 [ 1416.769741] __copy_msghdr_from_user+0x91/0x4b0 [ 1416.770726] ? __ia32_sys_shutdown+0x80/0x80 [ 1416.771655] ? __lock_acquire+0x1657/0x5b00 [ 1416.772599] ___sys_recvmsg+0xd5/0x200 [ 1416.773441] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1416.774482] ? __fget_files+0x2cf/0x520 [ 1416.775327] ? lock_acquire+0x197/0x470 [ 1416.776175] ? find_held_lock+0x2c/0x110 [ 1416.777035] ? __might_fault+0xd3/0x180 [ 1416.777889] ? lock_downgrade+0x6d0/0x6d0 [ 1416.778778] do_recvmmsg+0x24c/0x6d0 [ 1416.779573] ? ___sys_recvmsg+0x200/0x200 [ 1416.780449] ? lock_downgrade+0x6d0/0x6d0 [ 1416.781348] ? ksys_write+0x12d/0x260 [ 1416.782166] ? wait_for_completion_io+0x270/0x270 [ 1416.783189] ? rcu_read_lock_any_held+0x75/0xa0 [ 1416.784176] ? vfs_write+0x354/0xb10 [ 1416.784969] __x64_sys_recvmmsg+0x20f/0x260 [ 1416.785893] ? ksys_write+0x1a9/0x260 [ 1416.786707] ? __do_sys_socketcall+0x600/0x600 [ 1416.787675] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1416.788793] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1416.789896] do_syscall_64+0x33/0x40 [ 1416.790673] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1416.791729] RIP: 0033:0x7f033573cb19 [ 1416.792507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1416.796354] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1416.797945] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1416.799427] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1416.800930] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1416.802473] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1416.804040] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1416.809685] FAULT_INJECTION: forcing a failure. [ 1416.809685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1416.812573] CPU: 0 PID: 8172 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1416.814157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1416.815997] Call Trace: [ 1416.816573] dump_stack+0x107/0x167 [ 1416.817427] should_fail.cold+0x5/0xa [ 1416.818283] _copy_from_user+0x2e/0x1b0 [ 1416.819176] __copy_msghdr_from_user+0x91/0x4b0 [ 1416.820201] ? __ia32_sys_shutdown+0x80/0x80 [ 1416.821222] ? __lock_acquire+0x1657/0x5b00 [ 1416.822207] ___sys_recvmsg+0xd5/0x200 [ 1416.823086] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1416.824179] ? __fget_files+0x2cf/0x520 [ 1416.825061] ? lock_acquire+0x197/0x470 [ 1416.825952] ? find_held_lock+0x2c/0x110 [ 1416.826866] ? __might_fault+0xd3/0x180 [ 1416.827728] ? lock_downgrade+0x6d0/0x6d0 [ 1416.828663] do_recvmmsg+0x24c/0x6d0 [ 1416.829513] ? ___sys_recvmsg+0x200/0x200 [ 1416.830431] ? lock_downgrade+0x6d0/0x6d0 [ 1416.831349] ? ksys_write+0x12d/0x260 [ 1416.832217] ? wait_for_completion_io+0x270/0x270 [ 1416.833284] ? rcu_read_lock_any_held+0x75/0xa0 [ 1416.834307] ? vfs_write+0x354/0xb10 [ 1416.835152] __x64_sys_recvmmsg+0x20f/0x260 [ 1416.836117] ? ksys_write+0x1a9/0x260 [ 1416.836954] ? __do_sys_socketcall+0x600/0x600 [ 1416.837989] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1416.839147] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1416.840289] do_syscall_64+0x33/0x40 [ 1416.841132] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1416.842248] RIP: 0033:0x7f67c49b5b19 [ 1416.843077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1416.844899] FAULT_INJECTION: forcing a failure. [ 1416.844899] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1416.847154] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1416.847177] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1416.847198] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1416.855767] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1416.857736] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1416.859684] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1416.861685] CPU: 1 PID: 8162 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1416.863147] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1416.864904] Call Trace: [ 1416.865489] dump_stack+0x107/0x167 [ 1416.866260] should_fail.cold+0x5/0xa [ 1416.867068] _copy_from_user+0x2e/0x1b0 [ 1416.867912] __copy_msghdr_from_user+0x91/0x4b0 [ 1416.868903] ? __ia32_sys_shutdown+0x80/0x80 [ 1416.869850] ? __lock_acquire+0x1657/0x5b00 [ 1416.870781] ___sys_recvmsg+0xd5/0x200 [ 1416.871618] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1416.872686] ? __fget_files+0x2cf/0x520 [ 1416.873553] ? lock_acquire+0x197/0x470 [ 1416.874382] ? find_held_lock+0x2c/0x110 [ 1416.875249] ? __might_fault+0xd3/0x180 [ 1416.876087] ? lock_downgrade+0x6d0/0x6d0 [ 1416.876976] do_recvmmsg+0x24c/0x6d0 [ 1416.877758] ? ___sys_recvmsg+0x200/0x200 [ 1416.878629] ? lock_downgrade+0x6d0/0x6d0 [ 1416.879522] ? ksys_write+0x12d/0x260 [ 1416.880333] ? wait_for_completion_io+0x270/0x270 [ 1416.881378] ? rcu_read_lock_any_held+0x75/0xa0 [ 1416.882351] ? vfs_write+0x354/0xb10 [ 1416.883147] __x64_sys_recvmmsg+0x20f/0x260 [ 1416.884059] ? ksys_write+0x1a9/0x260 [ 1416.884852] ? __do_sys_socketcall+0x600/0x600 [ 1416.885828] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1416.886939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1416.888020] do_syscall_64+0x33/0x40 [ 1416.888808] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1416.889894] RIP: 0033:0x7f60a47afb19 [ 1416.890672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1416.894583] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1416.896171] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1416.897680] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1416.899175] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1416.900687] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1416.902200] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:17:53 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 3) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:53 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 25) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:53 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 21) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:53 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1417.040455] sysfs: cannot create duplicate filename '/class/ieee80211/€˜§°ÇÛ ”uòQÇC !' [ 1417.042296] CPU: 1 PID: 8177 Comm: syz-executor.6 Not tainted 5.10.235 #1 [ 1417.043739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.045496] Call Trace: [ 1417.046058] dump_stack+0x107/0x167 [ 1417.046842] sysfs_warn_dup.cold+0x1c/0x29 [ 1417.047744] sysfs_do_create_link_sd+0x122/0x140 [ 1417.048751] sysfs_create_link+0x5f/0xc0 [ 1417.049630] device_add+0x703/0x1c50 [ 1417.050428] ? devlink_add_symlinks+0x970/0x970 [ 1417.051423] ? ieee80211_set_bitrate_flags+0x202/0x620 [ 1417.052550] wiphy_register+0x1da6/0x2850 [ 1417.053454] ? wiphy_unregister+0xb90/0xb90 [ 1417.054387] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1417.055535] ieee80211_register_hw+0x23c5/0x38b0 [ 1417.056565] ? ieee80211_ifa6_changed+0x4d0/0x4d0 [ 1417.057589] ? net_generic+0xdb/0x2b0 [ 1417.058410] ? lockdep_init_map_type+0x2c7/0x780 [ 1417.059423] ? memset+0x20/0x50 [ 1417.060136] ? __hrtimer_init+0x12c/0x270 [ 1417.061022] mac80211_hwsim_new_radio+0x1d04/0x4290 [ 1417.062106] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 1417.063088] ? hwsim_new_radio_nl+0x967/0x1080 [ 1417.064064] ? memcpy+0x39/0x60 [ 1417.064770] hwsim_new_radio_nl+0x991/0x1080 [ 1417.065733] ? mac80211_hwsim_new_radio+0x4290/0x4290 [ 1417.066844] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 1417.068250] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 1417.069643] genl_family_rcv_msg_doit+0x22d/0x330 [ 1417.070660] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 1417.072045] ? cap_capable+0x1cd/0x230 [ 1417.072883] ? ns_capable+0xe2/0x110 [ 1417.073683] genl_rcv_msg+0x36a/0x5a0 [ 1417.074197] FAULT_INJECTION: forcing a failure. [ 1417.074197] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1417.074493] ? genl_get_cmd+0x480/0x480 [ 1417.077775] ? mac80211_hwsim_new_radio+0x4290/0x4290 [ 1417.078862] ? lock_release+0x680/0x680 [ 1417.079697] ? netlink_deliver_tap+0xf4/0xcc0 [ 1417.080644] netlink_rcv_skb+0x14b/0x430 [ 1417.081504] ? genl_get_cmd+0x480/0x480 [ 1417.082339] ? netlink_ack+0xab0/0xab0 [ 1417.083163] ? netlink_deliver_tap+0x1c4/0xcc0 [ 1417.084126] ? is_vmalloc_addr+0x7b/0xb0 [ 1417.084984] genl_rcv+0x24/0x40 [ 1417.085686] netlink_unicast+0x54e/0x800 [ 1417.086542] ? netlink_attachskb+0x870/0x870 [ 1417.087479] netlink_sendmsg+0x90f/0xe00 [ 1417.088339] ? netlink_unicast+0x800/0x800 [ 1417.089253] ? netlink_unicast+0x800/0x800 [ 1417.090142] __sock_sendmsg+0x154/0x190 [ 1417.090979] ____sys_sendmsg+0x70d/0x870 [ 1417.091835] ? sock_write_iter+0x3d0/0x3d0 [ 1417.092723] ? do_recvmmsg+0x6d0/0x6d0 [ 1417.093567] ___sys_sendmsg+0xf3/0x170 [ 1417.094385] ? sendmsg_copy_msghdr+0x160/0x160 [ 1417.095349] ? __fget_files+0x2cf/0x520 [ 1417.096190] ? lock_downgrade+0x6d0/0x6d0 [ 1417.097087] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.098188] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1417.099317] ? trace_hardirqs_on+0x5b/0x180 [ 1417.100222] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1417.101377] __sys_sendmsg+0xe5/0x1b0 [ 1417.102168] ? __sys_sendmsg_sock+0x40/0x40 [ 1417.103064] ? trace_hardirqs_on+0x5b/0x180 [ 1417.103977] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.105045] ? syscall_enter_from_user_mode+0x27/0x50 [ 1417.106133] do_syscall_64+0x33/0x40 [ 1417.106905] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.107967] RIP: 0033:0x7fdc21025b19 [ 1417.108736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.112586] RSP: 002b:00007fdc1e57a188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1417.114180] RAX: ffffffffffffffda RBX: 00007fdc21139020 RCX: 00007fdc21025b19 [ 1417.115661] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1417.117150] RBP: 00007fdc2107ff6d R08: 0000000000000000 R09: 0000000000000000 [ 1417.118652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1417.120141] R13: 00007ffe80cb762f R14: 00007fdc1e57a300 R15: 0000000000022000 [ 1417.121672] CPU: 0 PID: 8186 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1417.123142] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.124875] Call Trace: [ 1417.125445] dump_stack+0x107/0x167 [ 1417.126205] should_fail.cold+0x5/0xa [ 1417.127017] __alloc_pages_nodemask+0x182/0x600 [ 1417.127991] ? lock_chain_count+0x20/0x20 [ 1417.128854] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1417.130130] alloc_pages_vma+0xbb/0x410 [ 1417.130960] wp_page_copy+0xee7/0x1f00 [ 1417.131779] ? print_bad_pte+0x5a0/0x5a0 [ 1417.132627] ? lock_downgrade+0x6d0/0x6d0 [ 1417.133491] ? vm_normal_page+0x162/0x2e0 [ 1417.134354] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1417.135449] do_wp_page+0x27b/0x1390 [ 1417.136236] handle_mm_fault+0x1cc7/0x3500 [ 1417.137132] ? __check_object_size+0x2f/0x440 [ 1417.138068] ? __pmd_alloc+0x5e0/0x5e0 [ 1417.138884] ? vmacache_find+0x55/0x2a0 [ 1417.139720] do_user_addr_fault+0x56e/0xc60 [ 1417.140626] exc_page_fault+0xa2/0x1a0 [ 1417.141450] asm_exc_page_fault+0x1e/0x30 [ 1417.142328] RIP: 0010:__put_user_nocheck_4+0x3/0x11 17:17:53 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1417.143368] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 61 ea 1c 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 42 ea 1c 02 66 90 48 bb f9 ef ff ff ff 7f [ 1417.147449] RSP: 0018:ffff8880470f79c8 EFLAGS: 00050202 [ 1417.148560] RAX: 0000000000000020 RBX: ffffffff837e6c40 RCX: 0000000020002030 [ 1417.150050] RDX: 1ffff11008e1efc3 RSI: ffffffff8310cbca RDI: 0000000000000005 [ 1417.151524] RBP: ffff8880470f7dc8 R08: 0000000000000001 R09: ffff88801847585f [ 1417.152999] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030 [ 1417.154494] R13: 0000000020002000 R14: 0000000000000022 R15: 0000000000000034 [ 1417.155991] ? packet_create+0xb00/0xb00 [ 1417.156840] ? ____sys_recvmsg+0x2aa/0x590 [ 1417.157727] ____sys_recvmsg+0x2dd/0x590 [ 1417.158599] ? kernel_recvmsg+0x80/0x80 [ 1417.159452] ? __import_iovec+0x458/0x590 [ 1417.160322] ? import_iovec+0x83/0xb0 [ 1417.161175] ___sys_recvmsg+0x127/0x200 [ 1417.162017] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.163037] ? __fget_files+0x2cf/0x520 [ 1417.163880] ? lock_acquire+0x197/0x470 [ 1417.164727] ? find_held_lock+0x2c/0x110 [ 1417.165585] ? __might_fault+0xd3/0x180 [ 1417.166412] ? lock_downgrade+0x6d0/0x6d0 [ 1417.167291] do_recvmmsg+0x24c/0x6d0 [ 1417.168081] ? ___sys_recvmsg+0x200/0x200 [ 1417.168947] ? lock_downgrade+0x6d0/0x6d0 [ 1417.169846] ? ksys_write+0x12d/0x260 [ 1417.170666] ? wait_for_completion_io+0x270/0x270 [ 1417.171675] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.172637] ? vfs_write+0x354/0xb10 [ 1417.173426] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.174312] ? ksys_write+0x1a9/0x260 [ 1417.175107] ? __do_sys_socketcall+0x600/0x600 [ 1417.176055] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.177153] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.178264] do_syscall_64+0x33/0x40 [ 1417.179053] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.180139] RIP: 0033:0x7f11b74b4b19 [ 1417.180930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.184821] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.186445] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1417.188135] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1417.189768] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.191303] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1417.192760] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1417.207569] FAULT_INJECTION: forcing a failure. [ 1417.207569] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.210065] CPU: 0 PID: 8187 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1417.211545] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.213287] Call Trace: [ 1417.213842] dump_stack+0x107/0x167 [ 1417.214605] should_fail.cold+0x5/0xa [ 1417.215412] _copy_from_user+0x2e/0x1b0 [ 1417.216258] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.217244] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.218169] ? __lock_acquire+0x1657/0x5b00 [ 1417.219089] ___sys_recvmsg+0xd5/0x200 [ 1417.219907] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.220935] ? __fget_files+0x2cf/0x520 [ 1417.221781] ? lock_acquire+0x197/0x470 [ 1417.222618] ? find_held_lock+0x2c/0x110 [ 1417.223471] ? __might_fault+0xd3/0x180 [ 1417.224309] ? lock_downgrade+0x6d0/0x6d0 [ 1417.225204] do_recvmmsg+0x24c/0x6d0 [ 1417.225995] ? ___sys_recvmsg+0x200/0x200 [ 1417.226856] ? lock_downgrade+0x6d0/0x6d0 [ 1417.227738] ? ksys_write+0x12d/0x260 [ 1417.228542] ? wait_for_completion_io+0x270/0x270 [ 1417.229565] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.230533] ? vfs_write+0x354/0xb10 [ 1417.231315] __x64_sys_recvmmsg+0x20f/0x260 17:17:53 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 44) [ 1417.232230] ? ksys_write+0x1a9/0x260 [ 1417.233172] ? __do_sys_socketcall+0x600/0x600 [ 1417.234121] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.235214] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.236290] do_syscall_64+0x33/0x40 [ 1417.237083] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.238151] RIP: 0033:0x7f033573cb19 [ 1417.238928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.242775] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.244347] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1417.245843] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1417.247346] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.248827] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1417.250316] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1417.261091] FAULT_INJECTION: forcing a failure. [ 1417.261091] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.263666] CPU: 0 PID: 8191 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1417.265105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.266867] Call Trace: [ 1417.267418] dump_stack+0x107/0x167 [ 1417.268183] should_fail.cold+0x5/0xa [ 1417.268991] _copy_from_user+0x2e/0x1b0 [ 1417.269854] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.270843] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.271766] ? __lock_acquire+0x1657/0x5b00 [ 1417.272685] ___sys_recvmsg+0xd5/0x200 [ 1417.273523] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.274550] ? __fget_files+0x2cf/0x520 [ 1417.275385] ? lock_acquire+0x197/0x470 [ 1417.276226] ? find_held_lock+0x2c/0x110 [ 1417.277093] ? __might_fault+0xd3/0x180 [ 1417.277956] ? lock_downgrade+0x6d0/0x6d0 [ 1417.278846] do_recvmmsg+0x24c/0x6d0 [ 1417.279639] ? ___sys_recvmsg+0x200/0x200 [ 1417.280524] ? lock_downgrade+0x6d0/0x6d0 [ 1417.281426] ? ksys_write+0x12d/0x260 [ 1417.282250] ? wait_for_completion_io+0x270/0x270 [ 1417.283257] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.284241] ? vfs_write+0x354/0xb10 [ 1417.285033] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.285950] ? ksys_write+0x1a9/0x260 [ 1417.286747] ? __do_sys_socketcall+0x600/0x600 [ 1417.287705] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.288813] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.289893] do_syscall_64+0x33/0x40 [ 1417.290667] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.291747] RIP: 0033:0x7f67c49b5b19 [ 1417.292521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.296367] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.297966] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1417.299457] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1417.300943] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.302439] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1417.303937] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1417.319729] FAULT_INJECTION: forcing a failure. [ 1417.319729] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.322347] CPU: 1 PID: 8196 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1417.323797] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.325550] Call Trace: [ 1417.326122] dump_stack+0x107/0x167 [ 1417.326904] should_fail.cold+0x5/0xa [ 1417.327722] _copy_from_user+0x2e/0x1b0 [ 1417.328573] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.329571] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.330526] ? __lock_acquire+0x1657/0x5b00 [ 1417.331458] ___sys_recvmsg+0xd5/0x200 [ 1417.332285] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.333342] ? __fget_files+0x2cf/0x520 [ 1417.334192] ? lock_acquire+0x197/0x470 [ 1417.335024] ? find_held_lock+0x2c/0x110 [ 1417.335884] ? __might_fault+0xd3/0x180 [ 1417.336721] ? lock_downgrade+0x6d0/0x6d0 [ 1417.337640] do_recvmmsg+0x24c/0x6d0 [ 1417.338436] ? ___sys_recvmsg+0x200/0x200 [ 1417.339321] ? lock_downgrade+0x6d0/0x6d0 [ 1417.340202] ? ksys_write+0x12d/0x260 [ 1417.341010] ? wait_for_completion_io+0x270/0x270 [ 1417.342051] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.343032] ? vfs_write+0x354/0xb10 [ 1417.343818] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.344730] ? ksys_write+0x1a9/0x260 [ 1417.345585] ? __do_sys_socketcall+0x600/0x600 [ 1417.346819] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.348106] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.349417] do_syscall_64+0x33/0x40 [ 1417.350313] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.351524] RIP: 0033:0x7f60a47afb19 [ 1417.352391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.356534] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.358139] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1417.359629] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1417.361128] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.362624] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1417.364124] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:17:53 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x7}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:17:53 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 22) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:53 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 4) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:53 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 26) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:17:53 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:53 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 45) 17:17:53 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[], 0x98a) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = getpgrp(0x0) pidfd_open(r2, 0x0) fcntl$lock(r1, 0x5, &(0x7f0000000000)={0x0, 0x4, 0x7, 0xff, r2}) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000080)={0x0, 0xfdfdffff, 0x102, 0x0, '\x00', [{}, {0x800, 0x0, 0x400000000000000}], ['\x00']}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'macsec0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="3c00000001000000030015c1e10000030000000220000001dee8fc131fc92b570000000100008068fb93f20624d998bb2382fbef2e605d20efd13ad8020454fe726d5ec46065bf6e5c2fd748b7382cb035aee7d07675"]}) r3 = clone3(&(0x7f0000000480)={0x2080, &(0x7f0000000180), &(0x7f00000002c0), &(0x7f0000000300), {0x2}, &(0x7f0000000380)=""/10, 0xa, &(0x7f0000000900)=""/4096, &(0x7f0000000380)}, 0x58) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup(0xffffffffffffffff) r5 = getpid() pidfd_open(r5, 0x0) perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x4, 0x3b, 0x3, 0x7, 0x0, 0x8, 0x80008, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9b, 0x4, @perf_bp={&(0x7f0000000200), 0x5}, 0x50909, 0x9, 0xffffffe1, 0x9, 0x8d, 0x6, 0x7f, 0x0, 0x9, 0x0, 0x1}, r5, 0xf, 0xffffffffffffffff, 0x9) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000500)=""/142, 0x8e}], 0x1}, 0x0) pidfd_open(r3, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x81) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) unshare(0x48020200) [ 1417.557123] FAULT_INJECTION: forcing a failure. [ 1417.557123] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.560179] CPU: 0 PID: 8205 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1417.561845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.563825] Call Trace: [ 1417.564491] dump_stack+0x107/0x167 [ 1417.565443] should_fail.cold+0x5/0xa [ 1417.566426] _copy_from_user+0x2e/0x1b0 [ 1417.567295] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.568287] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.569243] ? __lock_acquire+0x1657/0x5b00 [ 1417.570169] ___sys_recvmsg+0xd5/0x200 [ 1417.570989] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.572024] ? __fget_files+0x2cf/0x520 [ 1417.572865] ? lock_acquire+0x197/0x470 [ 1417.573756] ? find_held_lock+0x2c/0x110 [ 1417.574628] ? __might_fault+0xd3/0x180 [ 1417.575470] ? lock_downgrade+0x6d0/0x6d0 [ 1417.576389] do_recvmmsg+0x24c/0x6d0 [ 1417.577196] ? ___sys_recvmsg+0x200/0x200 [ 1417.578265] ? lock_downgrade+0x6d0/0x6d0 [ 1417.579399] ? ksys_write+0x12d/0x260 [ 1417.580276] ? wait_for_completion_io+0x270/0x270 [ 1417.581358] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.582335] ? vfs_write+0x354/0xb10 [ 1417.583129] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.584032] ? ksys_write+0x1a9/0x260 [ 1417.584881] ? __do_sys_socketcall+0x600/0x600 [ 1417.585866] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.586973] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.588058] do_syscall_64+0x33/0x40 [ 1417.588883] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.589976] RIP: 0033:0x7f11b74b4b19 [ 1417.590786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.594710] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.596331] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1417.597836] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1417.599366] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.600860] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1417.602372] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1417.611792] FAULT_INJECTION: forcing a failure. [ 1417.611792] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.613401] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1417.614278] CPU: 0 PID: 8204 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1417.614297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.619334] Call Trace: [ 1417.619888] dump_stack+0x107/0x167 [ 1417.620658] should_fail.cold+0x5/0xa [ 1417.621482] _copy_from_user+0x2e/0x1b0 [ 1417.622321] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.623295] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.624216] ? __lock_acquire+0x1657/0x5b00 [ 1417.625149] ___sys_recvmsg+0xd5/0x200 [ 1417.625966] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.626999] ? __fget_files+0x2cf/0x520 [ 1417.627841] ? lock_acquire+0x197/0x470 [ 1417.628677] ? find_held_lock+0x2c/0x110 [ 1417.629550] ? __might_fault+0xd3/0x180 [ 1417.630383] ? lock_downgrade+0x6d0/0x6d0 [ 1417.631279] do_recvmmsg+0x24c/0x6d0 [ 1417.632070] ? ___sys_recvmsg+0x200/0x200 [ 1417.632942] ? lock_downgrade+0x6d0/0x6d0 [ 1417.633842] ? ksys_write+0x12d/0x260 [ 1417.634656] ? wait_for_completion_io+0x270/0x270 [ 1417.635682] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.636681] ? vfs_write+0x354/0xb10 [ 1417.637483] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.638393] ? ksys_write+0x1a9/0x260 [ 1417.639196] ? __do_sys_socketcall+0x600/0x600 [ 1417.640166] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.641276] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.642366] do_syscall_64+0x33/0x40 [ 1417.643148] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.644220] RIP: 0033:0x7f033573cb19 [ 1417.645005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.648909] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.650524] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1417.652034] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1417.653545] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.655031] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1417.656517] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1417.671358] FAULT_INJECTION: forcing a failure. [ 1417.671358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.674063] CPU: 0 PID: 8206 Comm: syz-executor.1 Not tainted 5.10.235 #1 17:17:54 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1417.675518] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.677522] Call Trace: [ 1417.678181] dump_stack+0x107/0x167 [ 1417.678980] should_fail.cold+0x5/0xa [ 1417.679803] _copy_from_user+0x2e/0x1b0 [ 1417.680662] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.681652] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.682615] ? __lock_acquire+0x1657/0x5b00 [ 1417.682654] FAULT_INJECTION: forcing a failure. [ 1417.682654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.683537] ___sys_recvmsg+0xd5/0x200 [ 1417.683558] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.683578] ? __fget_files+0x2cf/0x520 [ 1417.683610] ? lock_acquire+0x197/0x470 [ 1417.690084] ? find_held_lock+0x2c/0x110 [ 1417.690959] ? __might_fault+0xd3/0x180 [ 1417.691802] ? lock_downgrade+0x6d0/0x6d0 [ 1417.692697] do_recvmmsg+0x24c/0x6d0 [ 1417.693496] ? ___sys_recvmsg+0x200/0x200 [ 1417.694386] ? lock_downgrade+0x6d0/0x6d0 [ 1417.695273] ? ksys_write+0x12d/0x260 [ 1417.696080] ? wait_for_completion_io+0x270/0x270 [ 1417.697122] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.698122] ? vfs_write+0x354/0xb10 [ 1417.698919] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.699840] ? ksys_write+0x1a9/0x260 [ 1417.700655] ? __do_sys_socketcall+0x600/0x600 [ 1417.701659] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.702781] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.703892] do_syscall_64+0x33/0x40 [ 1417.704688] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.705792] RIP: 0033:0x7f67c49b5b19 [ 1417.706586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.710531] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.712163] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1417.713694] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1417.715231] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.716748] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1417.718283] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1417.719846] CPU: 1 PID: 8212 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1417.721698] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.723790] Call Trace: [ 1417.724455] dump_stack+0x107/0x167 [ 1417.725382] should_fail.cold+0x5/0xa [ 1417.726344] _copy_from_user+0x2e/0x1b0 [ 1417.727352] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.728529] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.729679] ? __lock_acquire+0x1657/0x5b00 [ 1417.730790] ___sys_recvmsg+0xd5/0x200 [ 1417.731772] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.733023] ? trace_hardirqs_on+0x5b/0x180 [ 1417.734138] ? lock_acquire+0x197/0x470 [ 1417.735139] ? find_held_lock+0x2c/0x110 [ 1417.736184] ? __might_fault+0xd3/0x180 [ 1417.737223] ? lock_downgrade+0x6d0/0x6d0 [ 1417.738284] do_recvmmsg+0x24c/0x6d0 [ 1417.739228] ? ___sys_recvmsg+0x200/0x200 [ 1417.740274] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.741762] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1417.742879] ? trace_hardirqs_on+0x5b/0x180 [ 1417.743915] ? look_up_lock_class+0x52/0x110 [ 1417.745228] ? lock_acquire+0x276/0x470 [ 1417.746228] ? lock_release+0x1/0x680 [ 1417.747212] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.748314] ? nmi_handle+0x25d/0x360 [ 1417.749272] ? __do_sys_socketcall+0x600/0x600 [ 1417.750405] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.751696] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.752998] do_syscall_64+0x33/0x40 [ 1417.753934] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.755218] RIP: 0033:0x7f60a47afb19 [ 1417.756194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.760759] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.762660] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1417.764431] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1417.766226] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1417.767995] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1417.769766] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:17:54 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 5) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:17:54 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 27) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1417.957215] FAULT_INJECTION: forcing a failure. [ 1417.957215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.959864] CPU: 0 PID: 8225 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1417.961349] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1417.963146] Call Trace: [ 1417.963718] dump_stack+0x107/0x167 [ 1417.964508] should_fail.cold+0x5/0xa [ 1417.965333] _copy_from_user+0x2e/0x1b0 [ 1417.966201] __copy_msghdr_from_user+0x91/0x4b0 [ 1417.967222] ? __ia32_sys_shutdown+0x80/0x80 [ 1417.968176] ? __lock_acquire+0x1657/0x5b00 [ 1417.969121] ___sys_recvmsg+0xd5/0x200 [ 1417.969961] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1417.971016] ? __fget_files+0x2cf/0x520 [ 1417.971877] ? lock_acquire+0x197/0x470 [ 1417.972727] ? find_held_lock+0x2c/0x110 [ 1417.973611] ? __might_fault+0xd3/0x180 [ 1417.974452] ? lock_downgrade+0x6d0/0x6d0 [ 1417.975360] do_recvmmsg+0x24c/0x6d0 [ 1417.976153] ? ___sys_recvmsg+0x200/0x200 [ 1417.977046] ? lock_downgrade+0x6d0/0x6d0 [ 1417.977948] ? ksys_write+0x12d/0x260 [ 1417.978788] ? wait_for_completion_io+0x270/0x270 [ 1417.979820] ? rcu_read_lock_any_held+0x75/0xa0 [ 1417.980820] ? vfs_write+0x354/0xb10 [ 1417.981623] __x64_sys_recvmmsg+0x20f/0x260 [ 1417.982547] ? ksys_write+0x1a9/0x260 [ 1417.983358] ? __do_sys_socketcall+0x600/0x600 [ 1417.984350] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1417.984400] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1417.985489] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1417.985511] do_syscall_64+0x33/0x40 [ 1417.985538] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1417.990436] RIP: 0033:0x7f11b74b4b19 [ 1417.991246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.995238] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1417.996871] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1417.998399] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1417.999918] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1418.001451] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1418.002995] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1418.006124] FAULT_INJECTION: forcing a failure. [ 1418.006124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1418.008671] CPU: 0 PID: 8224 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1418.010158] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1418.011936] Call Trace: [ 1418.012496] dump_stack+0x107/0x167 [ 1418.013280] should_fail.cold+0x5/0xa [ 1418.014106] _copy_from_user+0x2e/0x1b0 [ 1418.014959] __copy_msghdr_from_user+0x91/0x4b0 [ 1418.016021] ? __ia32_sys_shutdown+0x80/0x80 [ 1418.017202] ? __lock_acquire+0x1657/0x5b00 [ 1418.018386] ___sys_recvmsg+0xd5/0x200 [ 1418.019416] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1418.020485] ? trace_hardirqs_on+0x5b/0x180 [ 1418.021479] ? lock_acquire+0x197/0x470 [ 1418.022376] ? find_held_lock+0x2c/0x110 [ 1418.023311] ? __might_fault+0xd3/0x180 [ 1418.024359] ? lock_downgrade+0x6d0/0x6d0 [ 1418.025323] do_recvmmsg+0x24c/0x6d0 [ 1418.026173] ? ___sys_recvmsg+0x200/0x200 [ 1418.027162] ? lock_downgrade+0x6d0/0x6d0 [ 1418.028104] ? ksys_write+0x12d/0x260 [ 1418.028946] ? wait_for_completion_io+0x270/0x270 [ 1418.030022] ? rcu_read_lock_any_held+0x75/0xa0 [ 1418.031052] ? vfs_write+0x354/0xb10 [ 1418.031899] __x64_sys_recvmmsg+0x20f/0x260 [ 1418.032843] ? ksys_write+0x1a9/0x260 [ 1418.033659] ? __do_sys_socketcall+0x600/0x600 [ 1418.034640] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1418.035745] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1418.036841] do_syscall_64+0x33/0x40 [ 1418.037642] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1418.038729] RIP: 0033:0x7f033573cb19 [ 1418.039517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1418.044261] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1418.046266] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1418.048149] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1418.050038] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1418.051925] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1418.053808] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 17:18:09 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 23) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:09 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 6) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:18:09 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 28) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:09 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x5520, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f80)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000080)="d0cb1fdf290f789fb66e5b254cb0a4662556eb0283fa", 0x16}, {&(0x7f00000000c0)="92b717dc5a52c590520e0722f7fae677741fc061a4dcd3d893f230d29bc06c960ebf66ce212af876a1236f09783597661b66e6fa1b7ea324b4dcfe95c679437934bbd574cb52cb1fcc235a2aea35195e908f68bc8f77f3bc8010a0342f3f73f2925aa52508e05ce70e505b1286b934c89dd143b187891da7321c5d8f99c83da4c7bc2a8e022c5474e548b6789ee2d2fca879b03e9fcca585df5c60070394946b56b83f9eecb13bac2723d2f0599e5ed4c6", 0xb1}, {&(0x7f0000000180)="bcfddcc4ec06020c0e8d8b162323b3396fc73d09d03c2d120f0e4417baf55f6e5123c9ac7f089e923a8d63657256c6d6d226a7bee378a709031ed23c82426fd4c557b7344c7795282a85149a26ed95b0a5fa1cd45e9f585aabbe262ed3617941f47718f9b462a3b5d1d3ba2d0d222e234625790e40b9cd8d6d0079d4f139938f222c151153b49b34594a30c4bd2596db5bc69eb86664a90099dc9b5eedf27076eff9f04e4575", 0xa6}, {&(0x7f0000000240)="0c17618f032c33f56ec9c4e82a2d571b0cd867d522e764126be94dcbd146d44e4746453119927625f63d1a57de079e84b64ad003d4b7f28379d3484632dc22367f4383139fb801c45c2078d73938339fea2a20a4636de639d8f592908def4a5a127377a574a84340e3ade737e6452f8d52b9729515d09addf4aa71ae8c7cc2e22a98f9b345eed7c25bd32d465e2c3a3a26d10200ade3938cac08457d2da5d70e7bcde44dbd0b6ee1d0a7d7d80558cff7c7bd9591a17eeca02e01366157309d36a76c3ced7b45ca7c37952ccb82efd7b8feb44042b4dcf93be96fa696e1a7115b4a19ab5b825c1b7639fde13032deabacf8019f20e27247", 0xf7}, {&(0x7f0000000340)="f5a469e7a3c2f98d2d1504cfcac8b589435c4d9861e1de848b814f64d10fc9475db619fdc81887a2e6273bf0098e0be18b703bdbbf09e6ad61ac1713aef5c91bf2f75573cd17c82f7e8bd84882444f989f6ba05cc6574fded3137b5c4779b719a089776e677213dcbc7b498976c795bf04e2eca075048fdb1048e92530cc5e8ae0049475dff7cbf6802ebfa4d2c732688fb965041aa5b527417363838da367e1b38aa7652fcecf9127ba404cd044c7593068501dfe756c50937cc864c86bbe9593deda11675d83dde1b845daedb3de37d2738e6940ac7abe26324dea97ed45e31535691429641c632696098b", 0xec}], 0x5}}, {{&(0x7f00000004c0)={0xa, 0x4e24, 0x2, @mcast1, 0x800}, 0x1c, &(0x7f0000000740)=[{&(0x7f0000000500)="278cb59317419c974b94fcc39362e927608f8f46c341e1af3ea6000369349c0b91adb072aaf788d7871684a66ac9925c9420baca1336a41c34400c6f340a3aab6b8743f26f7593828256a0560ca9b2271d71fb4f377c359dde15d58754d36eb16dd640ae52b6437b02cbb6cf89744a7ab1df63ae9be1b0e38ad629c0efbc4ad50c2adb5f4b260a78e1be0b33fa95429bf955e5", 0x93}, {&(0x7f00000005c0)="9a7aaec195873a9ae9383ae12c6448eac3e0b8edc2da051af9f0358b282685a83a5ae9be579a7811e9e4f508250ba5ab19a5cd7a240a9eb916f573f689dfb8e25d4fe55eef504c6b457471", 0x4b}, {&(0x7f0000000640)="adf2c173297361a44f50361e63d47a9c175b27272580c515f926fd11d45af93a38f21b05", 0x24}, {&(0x7f0000000680)="9652cfee5725c80aa2334643d2f8a2c59af93ace2515dcd45ac2fad70e7ac195d8bb67e9dc4e468aa9ad93662f6e69be9601b5e23db7177cd6404c33854d661eb71c2d0bd9cc4df98a7231618826eb3e44180637e03d2240c617ed0678f92cae37693257fa33bc3a11be1bfda0321bc87fe8111631a1edcf6c3da6c33c54c6b1e9cad66aac82233d89541542fc703732d84ac3c5c127d29d67f777e43ae64f1d5cde8a79bc4cb53d73deff03646a305b2a", 0xb1}], 0x4, &(0x7f0000000780)=[@hopopts={{0x1020, 0x29, 0x36, {0x6, 0x200, '\x00', [@generic={0x3, 0x1000, "07ecfa2dde2e56d80335f9a961f003016ab09724339b5ba6ea4bed084b630af6019286e7d4f0aec714d475fdd1d991721ee15dd9a4204be1dfb4588f759ec38b6676918e9cbec1a5f688aee4206019f4d6adcf106aa3f856117d1645860b054774f9f55762c66c4708deec43e4d5bf3cd8ca0f7357d139c8903ab94fac5568c52e3b7f2c836e9e496eba7dde14c127e8dec0336581e011cc0fc8ac1d23aed1a7022e986fcc680407f99c441ffa30176b063de9a7e32fe40946f385b7b7c133487a6daa515bb7e2a3e1c3f77c6136e6f40482d534c516acfee897c552108d3f82fdeae2322221d5e32c14c350bcd771304d3ce6938c648f2a217b052f2000e59e9893a995ce2eb0819efef31567964e89e9ddf824083e797ce37b16b7b494ea994405a9ed09e5c3a74164faae9ed29ea5df3acd67133938988bf58c62bfabdeab6b0f17e901caa6f41c399e16e70f16d5754b6c9ab4a8636dbf9b5529082affd30bcc20c699495cdab360637435d758708ce86b627787735f097b0860a588250f72f62ee4eef3e994f0b7603914c14e8fc34010d926bda691647300cc8faa13f7d735e5fc7024145810e1c14fe2bda80c7527437444262affde071606b4d2eb7f54e38b2f318cdd78707661ef754dc3e82bb825c1ce32f82fd766105d9a19521300dd4e232e5089de6070bdb09055a645b9dd270473e839c2e9a50eeffef340a4874770a3ce9e22ab28c2ad20f79fe8f6b4c93596653b6b5644da53b9c7506124f4965f1c6292928ebfdfeb4eea8ddfad5e052c7b8a70dc3a8c7c4b49ccfbb1291e9c8682a58717379cef5fbdbeeaf9f7a2227a97fda1b8c15c5b767375b4ae1ec16f784bc80a8166a2b845b7190c2c6983a3f05361f5f04625a169aed83fcd590313cf3f52254e88337e79d93937fb44f1d0cfd20539d5c9494847d5d8d84cb50554cead98e7639c1a1357212da89eeaa4a6464f9f687a25d52627475be8051c056b7fa63bb06e33ddcb4bfbdc740fc34a6456e3016b546db329c50d44dd13f224aae4a82f6d7b66ea5444241ec10131d33343cf03401d98a70d8ee05f62fca874524df46c77f0325e2ec4091f165f46e170ef53d3b2a7699fae7964e22be762645f1b914d48df4c1a3b56b4efad4565a6caca24330e917a268432fcdb290fdc9841374f9d5f54094e4fcc07203e2bff66052f13e735b139b2a21f80bea388918a4cb749c5ad2257c05070dd0ac33e98fbba948189428664e2b970f94c03a5706f2c90f939249c32ab204f088176e4ac94d07be3798abeda7ec0e1388517e2665308b9d19dab2df102e75e2ee4eeadc10072ee8255fc552238703c604c2d7ba9b6c56cdf99fb432e86399a5c1eb359920470cef62daf0f77afe52bf083018382ba794945d7ebff45251363d9cf936dd63234840a65d6fee0daea21d4cf32b9d867b92fb3f418982d7a685c719e076e72cfb8c7911b9777cf3a753479db0b95b4296d9f21e0b02a18df019deeb2a513131a8921eac34677b6b32a99f1ce42c04543f4edf975bcecf1ebe335c252816fc9babf45ab38d6223eae5d3fcbfa61e2b246d6a8fdb20ae0dafb60c31620a69a3d5bc0e21c85300467311309372e6be7322e5bd7f7141cd14643ce075a872cb104769ba81a6a155f29aef6691b03329f03481b53206b91c25acade7d9f227e0e8588cda0b772566d8a4c785bd4e3930d6f3179beb78cd763f7da7d28556c7996ff4ca718ced48a4269cff0e7739beb0d5ca5d4b0201c7c3742f628be64277e457453894b4e7facb4498d6ce83bb11b48732b01e11cf2c87319f3310c4e7c6e1d5d7fad09cf1c6e3d6e53a1afb85aa32374de4e5e024289cb549a857011edebcfe0188051a18c351edd41a50fe2ccc59837bdff3250573fac610af74fb8b3d073947887c4f139925593ff7ac494254f2ae31c07b3b2232809806c73665fe159a7c423352a7cb05974808874c5a5410809ff9d76512f64647d1ea288c8f9e473d18efcf97f0a05a597f7ca76cbe28496094945aeea457abe1fad787afe8a5a2f310508782e3a551ccb74fce95e3c43ab1099d14017656595ad2ddabd566697212b092ac6fa47f9133b45b04b77745911ea062cdda052f371bcee891ef868e98098a12d21b82aabda57b602d761437c0ae5987d0d5ae9faac9db630ec9bcd2a5fdd48e51a84371947ebab892f91597cf817d322ec8ca3cb5f9cc4a7eefdce6bb33528e4ad458cb151017a39c676f412706e8a5962c6288c8c7a43f0a47ede75399bcb6c41099727561f864c2ccb1fea6ca8db4da83bb809d1c0d0fc5ceb629b93c2f99ce399cf4a9af743f6a1ec426b770dd132c3560b2ddb7153812663774b551b2488be611476dc1a30493c79963ba5b91582eaf2f5c7f29783db00381e64f360c3098b59221c9cfdce0ab845f9eb3ce278dcb175e04536f7c6d5c0ff7ee2dee96b59b45c9c9669fcdf40e3f585d17f545a6401bd0e64cb5a7f14b8a6fea10a1560a1d4f70b68529a6be5f33afc9b8983e1bc804123bc6d352194807784c28a906e661dc4cd3f6737ea2f8cc07f6037cf0ec2a3d1100f7c3ec529b185fdd213f8647a3bbb602d0dc96bb48f6199b97910dbfc95cd6208e994f8a3f82b9e7358e5c113a5b145d440d508b0d9df30f9bdacc6cc4e5efc609a6f12b8587b488d07c9288856775726473f1371ab144505bf07a148fbe5db5815ee92c966b2da2d3a5726528364e3404bb8b3f890082f3ce48cd823bb0fb854223e252899f42c66af39329c47db2b881c8696fd9f945e6e8ed77ccbbc3e7d4b261d6a4171172753920005ae062d253ab9b67f3b9a664186ecdd86e2aae4c10014889f6709dddaf8a30d5153e40cc2b4fbc225f5e09b2a95aa545b0e8c1a72ca870013e5e37d942bcd8e8c59ebbb974087e1320af2bcba2fd22362ae7d832963ed9411a786f258a08c41f9d5bcebcb244bc2ef11a026de0fbc1924411b8eaed2eafc538aacf74b19521a3dfcb4c0783c60a097cf043ba7a958f163ce6e8eabf272f606f44ca60990d70692e0508578434b45f8424ab1f741a4dbec1515f942b7c30be7016f7980f93be7ec4e8e87972d5a9028593f5bc54b9bc4b18918abf06fbb8fa957776e7d69d8aff91a2d52360e73a98a51f3b8df980f8a87dad800e4fd48ec82f3e90130f13088745f648b88174369130b2eb3829e616432c905115a00ac0d37a69e12b196a110664543bf5a9e1a44d2dbe09f187fb1b9903b45dad3b54b7e9e252efeff1ef66e5de667af370fc7550bcb2bdd68d10d456a3dcecc00ce374db7f20a719f99193d7d160b1a1a935fccd5f59d0bc4d7f4e7a5fb92cb4f967fcad7a7b79fc7e9251cbaf83927f6016c55e146c5a993d49d33d7bd3ed77ce5728134184688fd323ac75881933cce12295c2692b5cb07415fe6c836b26194f482116faac748840a39095628d0752750812fbf76630833f90917e4821cf09081c152332084dece1e305dd8563a5d7f3144c3408337a8683b159f7b477929b3d17d8562e3cd3c45e7623712dd522f272b3d5b5e2d082f07eff9d2d16f453fe49e06d6337abe08e0bdf688b6b62de851a6b96006c7aece4f95237a332154fb137ddc406c6bd00c06c7b9e456d8167162f03be27c3db98d6c8ef672391a24e4fb5d2c31967ce35330fbd113f3716af307ba84b78952584cf78b76a01f27facd1a2e1cff34ded2770367e5463a8a07557f4b59a4c0b743e134723d802a4713acf17d027f3bc5c35ad46062298cc378d61703c7a48b27d401b8d0559c75d505bd9fbba73b04ac840d6b938258bb85217d86dfb672230fd0a65740235d4b72b77f48124cd4b96c6eae22851447139942942df0215822385c2b87270f942c47e4e550f2274ab88c2941383f42a880cccdf16cff1776c7ac95c47eeac34f4d27d794e7ea36245dcda7882843d7e62060f7dd6c3f2e2e2f73d684537c82a711cf611e570d3563b87d362c3728451d9560748b0a862666926024afa5155240be2ed8fa6faaddbdd5653fea7e9d176ad29da6adfc3ec7403dc53065f1915f04dcf982c5f4b3c7bc5d28640ae3999cdde563e7556b3573eedb147eebf6b52175818064da0acacaf7c9efb642002ae09b6792f64abbb8d30d4b67a22b2be2a6cd665a8f79a44f517f969698749ad10dd2b381ef1f51ff887d31a1b748e5607a28534d50711405aa8d1adaae988f7c5dde568599ad80b4672e1a7f150182c0b8ec045270be7a9f72567069c0595dc1ee6716bf83b3f8794e4edc6e58308297250ade322d62e5ef1186208ff419cfb7f419781d9dffe56819f69ac1d6da82325abb683c51875e2e92624eb351a4a284da5afe4b2de14f9cd076e6ef269e674dc7c0640e89285c870c894a5f9c6997074d651e105eff26ac063cebdd9547da786fe8d918dd8a4b0214fabbfccd1023e81916ba0ae1d46bae13cd840bf6b4a00613cfff3a5efbd24775df5aab2184b3af99774e97f2c6cb46ad4635837c23d1f69d19b58b77f1a8e8ea6a8a2ebad326fdf59a3ed14e96332906dad1eee28f0011712dfaae4e0a4e6dfebc5c0318bbb0caa7b5b25aa3d0bd6ea96b455dbce30acdfd88256a318a2b8234a3f4ddd9ea62e5e944af7d2888c14244fd7d456a782ab35e643d1b7d236ea0b553fa607bc4c405f0e09000b0b4429c613495f0364c5af2153f8c2f9ce611313cd363086ff96097796e55aad17e788087b49aaadfd9cbb21806a1e2317dd377e6890210315edeaaf5478d3100f62873fdd435df241a545a579a8df6a545e95dd0630a9266be8ab15e9049d0f54aca7931436e9180208da5902ae51c2839e1a111cc4bba382edce524a83074c56882f9ae083f7e5bc69a05ef58a526926170a80382ac756dfbc0e8606fb75b3873306f28282fba94ac648502d293c196434afae5630336f8c5299cef5690e203ba3fc15bd9d1daef0f71d14028351735ad9b8766735bfba0bc0deb69641a1cb5ed43fe907f0a970805cc08b3509f3ff6ccd712c1da9315ba054a378611e52d3bce22f71de6f5b1a960253e2d442ee172c5b9ed2a7b0f4489c6c8b7d16cc525dc1d9a796056527809f2b918837ec0c5684c1eead6f71d5a043d9bba1a2fc525952af622c5c3f75b40b4f603b4d47abb94e6e539f91e642af8f3d24873cfb82bf58aae03536a25e06de8f0e46dc6cd9a5854785cdb80f7bf3523a568008e7612fe77d5b217f8bb7159a07ba3a688b7ba9c21f08e82f867dce8f2cee76b0d680326b80d77e4ee6041bc487330d13a8895e68376446ae324fdcbb7947e9cbddc759602f15ec86a6ffaea99cc3c6bee91efddd501b5a1b585f25fa2bf0a488ebf28dd01f348ce9bf7d81e71b2aa041ef0910e5dd52e691baec46a2f03c1a2f222edd62af5deed92c975a5ba16bb6581c034378a3b21b37aea0d6d592accf4e09fd1b12f3363586fd8cc279393c63ff7d6f6b0089fcf1c54342b636cd7a35d33fbe84e2a8e62e8543d88d32ef1f91e574a424804caac76bf23731f04b9e7e445d42b6fd682476e8f0e9a7653e6e888fffe541107bbead6b77394dacd806a52c2709f19d0d5ff11762bd79901d6be6ea271a790d2eebb3c1a08ecd0374a70eb33bab7b1c595ee63b8d78bf73c4c2582f8040e490f15dedaee81c6ff46fad2c11a0a7edfb0fda888d875a51d595d25a882da04ae77a3022a1325a728c77ef0e59c62565860ceb0bde034e0b9f9a8ae63eeb451894eaaf7ca7a1164d3de5a131abc7a28053eccfd5698d64270cfb5059336b3"}, @pad1]}}}, @dstopts_2292={{0x48, 0x29, 0x4, {0x6c, 0x5, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @empty}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x9}, @enc_lim={0x4, 0x1, 0x40}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x4}}, @dstopts_2292={{0x330, 0x29, 0x4, {0x2e, 0x62, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x3f, 0xe3, "f406304f27ec3c312f748bf3fd73f2b5263d503d7c69f78d1d66770b038586116bfbe8926b71cdd34443e72b122646f029c3adc37ed498603f0ab7544d25db71ab801c4128307d8793e603e91288d9eb37bbacf72fd0301434bbf0ed34c807d286f4b47f337548a0c73bff4466ee4f9d97fe8f0cc7e2d07eca85c0f53a23f998f7136949ffcfeeaff02a67988fb463d2570dd9288098aac9c3c15db31f95d87b842abafbe6857e47a36b24799c57ff7849ef51a825bd1cd288e113bcccf2da0a97c58fe52abccdad470f2b4da35160ac7c8336e17a95a1fa054d51c370ab49bb2280ed"}, @calipso={0x7, 0x18, {0x3, 0x4, 0x80, 0x0, [0x4c41, 0xfffffffffffffffb]}}, @ra={0x5, 0x2, 0xde3f}, @generic={0x9, 0xe8, "b922704cfdec566b34f1177d16eb491cab042ae206f20fb1a3d9ccf9cb37bc114c8caf627c79df26fe1037c8cae4d876248c1c1c9c4afb2bf4054aae2b44d6e3117b9d71755493e95f364437e4fbd7047a9aa30034b7a45f062dd9483876100b9c336a73a3a6944d5aae1f4419915e2520de6d1e1b61592465b20ec0f38f340054e2e921bc94a9bb2f5b7d2a092ecd34a8571e4f545831ac9f812f0024c625aa6a4066d503d355b691135658345308c40d37520980b1b5591fae630cc0da3bea2075a07e66f1bc13a71ad14658213111aa240c0f5620b3fb572af6d39d745ac15f24aa016a59137a"}, @pad1, @enc_lim={0x4, 0x1, 0x9}, @hao={0xc9, 0x10, @mcast1}, @generic={0x7, 0xae, "248b4c60ad05db24806a5fff46326067444ffb409543f260b5b6790822405c262039854d31cf1c6a4186451babc82dde08a9ecc25c8f25345ce48734b75596bd50690462c09f63242dbd63d08615d331aaf030a5c2b628caea42cac45db285c25dea2a41aad7b1fd41cad7206a2c45c1c57e38ddcdbe887b0785c5d6e5707ad89141d9326a608287e8cda1ebf2b3c1992f1c065be6ce00e08170231251391b3da233448fb3e31a05ef544e4e2084"}, @calipso={0x7, 0x58, {0x2, 0x14, 0x5, 0x4, [0x40, 0x3, 0x9, 0x0, 0x20, 0x66e6, 0x7, 0x7, 0x101, 0x4]}}]}}}], 0x13b0}}, {{&(0x7f0000001b40)={0xa, 0x4e24, 0x5, @empty, 0x401}, 0x1c, &(0x7f0000001fc0)=[{&(0x7f0000001b80)="8791b948108b9d33b98f38481853881072ea0f508abb14dfa8776f9c9e92f5ef6ee3ec98f49ec43b627372fdf5f97b8b3eeb2fccf7065e2434e9ca9d90a89e281562493108ab6cd172a6c362b8b49675d7b9b1f3305c0fff0f112e0c4a91e39fe1ed5a8ec7b0b41eb9b47567412cf3f45c01", 0x72}, {&(0x7f0000001c00)="1279dee99b9277041489d0d508b7e8414fc49679e8c90aa31642d6a61304e93d36eedfb59f79cb32a0bcb1125b1ee19967e4227a74e66a298b8ae7949f93548305c4e3739341d7a6dad93735df0a926240df9acecb11d5724fa5a8107d31bb5f7b45769531eca0962d63bbc716e7ab7a35f710d008bb39bc8ec9ef9bdf3dd3a1e4d8ad88f7ecb603db8d205a1e53ef2364dca033ca3c57a4dfbd1b80bee3c3c9c240f65367f34408f38f7330e88b8eb77b772787c248b6f5bfc3079a93f0fbef1452bf928c69469a69543dea639530375019d9fd2cda29f48ae64091b5", 0xdd}, {&(0x7f0000001d00)="68dc1af6fdf22310bd90bbf54119b13a63bd77445e0c6fa18d834455986662b0080dda3ff339c39910495e35e3468758a63f58e6928754d4933abe2cb990eba097e582e6e3ed2bca427a67036476d57052091f8aa6cf1f8de9c8869b5425e33f4beca780659e2814003c87285f77b3beaf4b86a9f1cc1ea46562553fbba4e078d2bbb72b10a44440d2d12d91de1f1dad123ddfa5b1384886652e443c373afafcb45035b3034c4beca0a8cedff02e8bf32552", 0xb2}, {&(0x7f0000001dc0)="66507e2f7439bf79dded396fd9f992c423f99e27d05dde1c", 0x18}, {&(0x7f0000001e00)="1bf2c0d5330b9274c365c271baa62cdc0c1c24659675a8b1b1b34c251ee07ca2f1fdc87c486a7eae105a3329048327b621f1d0bffc9c66de4afc6ed14afe5ea3509c96aa2f450b7799ce03a60592a36c4e4365eeb4fbab01977df22841305a0175436f4eb1f02fbd149c874964af3e8eb7ca7441b03017fc72bc502076ea98970c685828a946a5df60b75121b558a73180521830b9b21ab07188a973f5e3ed94f369a65bf5cddf5407f49988940c54", 0xaf}, {&(0x7f0000001ec0)="34213b68d0332e35375df7a3e52f3d6834a0f41a475a83a9784195c75d539cf1f27e1f7c6ae94216409f5b19d361e0d7cba9996d76d677873d6e7344b191b809c5d157f00c2b5867aa18c90c402e1809a8c4a399954944d0e1db10d86178f59187f2c2d4a1bfd87e2dd859652161d31ded2c21d031367aa04f2c63f182617a9f86c069ff6e5a3c30b4517cf3a68c", 0x8e}, {&(0x7f0000001f80)="9afb5341469c657d2db50dc820e446effe9e744efe060cfeeb3193491fe476ca27376af0", 0x24}], 0x7, &(0x7f0000002040)=[@tclass={{0x14, 0x29, 0x43, 0x9}}, @dstopts={{0x58, 0x29, 0x37, {0x2, 0x7, '\x00', [@ra, @ra={0x5, 0x2, 0x9}, @generic={0x3, 0x24, "a1e3b34d066e8e9d0174275f551bcd57636f1cad933a66930aeff796773d2854a834b5de"}, @pad1, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x5c, 0x0, '\x00', [@pad1]}}}], 0x90}}, {{&(0x7f0000002100)={0xa, 0x4e21, 0xfffffff8, @private2, 0x8}, 0x1c, &(0x7f0000003380)=[{&(0x7f0000002140)="acdcb86a38b05dbb7c994e3e0a53b1c9b295c53f591f4e88573147c1827613feb09ce5270361dc3eb2b69e7694728eada665bdaa8412e9d035b968e8d9671a7161bffa2d8574b5d436392b0a5b07ee1cbb65125361d5b209d0f1796cbcd1df48803f5aeee5a8b3b9b59e27b97e9dcf76ef2e2f6a2d16658c53e8bdf5f26916f944992fb2bde412a41b230930e81264c87db8915d6f563c08dc609ddf1ba11e11c4366795de116d1cb11f6736a69bf2447b8b6e064b087f784fc53d82b86e9e51849804cc31ed9d0bd28e9b2644f03172c2b325ddd3e14e54e64a72e82aeb2527dd1f72355a0939111c5a8a", 0xeb}, {&(0x7f0000002240)="8c25b08f2d0dab1bc67ad225f7bf8daf21be0ed9db857a50e56de8f85e33ff4641260c6235609cb80276ec354c68ee7bdc5b3da878b3d34c89f5e34dfe27168a6bad8745a83aed3bef115fee1f6ea9c3a8c60a9e09a2dac17a1e712ad3b0425d1092b3f78757802266a85355b695f49d1d2fbb177ee6b542ac7eb2", 0x7b}, {&(0x7f00000022c0)="4334591cb7f4840c809db1798b0c8e34e5d6047a8fb93a6f9846200e50f782523e363af8d55472912ab2759997ddf7aaf0c09091a1d61eb3bf43742935fd30ce1695426d3e2728e9f759b0f3dd1b1ed591e3cba796f87f1593dec9a3134b187fc955d41c7e3aa6cded15348d097103ea254afc305ef3466ffdb758187c1eb46353ef893eadf55b92a4ad3e100ed452155d87cc14118f24149b53ac8e1aeeff1b6170636fc47c677986ef7845c303c6b5966f62efba46c8c86b8bb099ed295da0102330ba9d17010da9751a328f78066518b4f0952a56620c35f4cb64d9087e5cd317b10ab7f8814d1fef81ca36ff4ab9391848bd6f6b62bf08dedde242a194c0e9a567d0c48156d70504ca04affa2be166573209b99c1c876d5ddc6430298323a67383abdf4c64be82811656c7b9df5bba59a89bb8cf81f705e087acd3c2e852b2dfdc4cf6b42a8088714c441aaf69eda0f6dec3ad99160d91ab13659104d59c726059bbd6c562ac2cf96b1d8cd0400be8e04f19b6aeec64b100ba4fb012a2ebfc8a137ae8ef51b6c539c0347919fdd00571014e74148a3aa411c9f02f750af8b050cc489f7f96701c1bccfc535870b88a00c2e707c949986624fa4bd45f2a0ba6c8e224a2df249ba9b9e096e36012878c364a0eda0f4d5b16e287378c1a3c7de0a5daa02557640d28fb6e9d8ad0c80b0cf4d5bfe3937efc9e055d69c2953349ff7b3f541fa4cbfe780a54ca178e09833bc601a4783d342a248ef9ae52ae22426bd204ba4f61d70ac35d6e3b534f982de74e3a8e49e9ef3e80fda088809b6922b9cbec5c923f27021a6b89da028958ddf0cf0e9863759adfc235efffaf7a9fad21fa1395b731a597ab43249e722038ba7377dae8751035faf24c07bc140e237f4122d8246d284017162799512da8bd92ab8d1bb55007a210fa3963f632a9e8146547df3f759cfe82945405a60b4d4b9bdc7cf762411e95294ee6bfdf486cd7390e5f1c4121ae9636ae9ab104bcd7495056a2f84018e94e225302d15cb498c366771674f80435a2f20855f2960bdf2f9a04adb9eb30496cff61d58a888b8aec297c6f639a3b4b0c05eb174a206d894bc9b9616af99be86c378a28a441f4752f19a66c819ebc7a4adda03fc0882659133af75b682f10b16e0dfe8ec24743d1ac6b449859f186ca360e2d02c7d688ca54a33a01895cc7f5ff30e1f74ecb7b9649428357a0d219b94d9fe48d3a9ff9db5b06045404cc32d4b913f488a854c7f544de2ef623ba35d9cfb77c09a2ce75f46aded9eabe90f4ef2045f89ed36d1316fa6f7287d912697b872b81477e7ea69c97890b440b8cd88caa902da7ba97abe0eabefc3537ce28a3cbc123ba034bb08977bf195d78d2ef0e12483668ea62165ec246da691de13069a0145c13364b76b268c8d77864e90d8f704603d245220c16d7e0ead1f5586bc6b9891b2dd2dee0fc43772a3e576b6385e37329e6621e7f9894f1929b850cd9bf8416f06abf87a106fdbb4ff17a5bae09d561c027764da263d6f3dfd1fc8d8774bf97096c2c4d180bddb8601a573d8504c6d5138a6b8a6cbb14531e7a56a90093f4773a35c266598419850884fc19104de4722edd3b8d4d1b1dc6d8090e532d09de7c7162c3fba45f222b2d68856ca4241750b51c92236adf1623aac54651cf1cf23ab18178d5f66bf3ea3f80203d87045b4a6171462df84549b9831ed9c3be7e2356d351452cb7e39b5d35d71eacde5e9ebe0e2a76185ad408b9e2f281e6fa2f25296fd0b9180ad3f16dd4f61f6ee8d37a9a4ebf0a68f45ec7ce10b6b8da860b11049b0979516f57b2b45de233367701f0086fdb0d1a4bb83651d64780791afabc920edbea1ef5c9e8ea948adc9df528e2d718c2c77420656c74d1c4ea7f9150fbddb6b2bd822cd2fddba198bd2cd6f374206c93f5b8d805355a27c3b493889109b2ec5eabd913b785cdb58973f1916dca7e9fdf76b6db889ebff18923b8935a2a84b1ee6561e66055142240381f049b16dc0b34aa07cc50cb67c487590b37db3345527cf31aedbe82512533210e46ce4cd332004cf36b3fad7642df5339f7d4a33fd79b103f08544c4d0e87ea0b97779117de7ba60d22fcc2c95458925385ae161bc7b1f9ec0dc4b2e1a3a18276d61a751dc7433dcd2f054363f5ae0888e970fffce1cc3eb0048ce7d2121b439166309b3eab56a024315a16aee994b05cda43c213c27326bda3c37850ae4f1a70872d42f3faf83d017db710c354b16b0c07953c3eeb4f0d3d26892d44ed36adf70e0197ffb0fcd5ca9804b3e8ac96f129f3907c904e3f72d6b51c7d60997e2f18186c0533984e7c2b72a7a817693a954db11684bbe95e6718bdd944eeb16ce5d1c268bceaac283b08c5bd5435e61fcebf94c4331f483881c313aa082b821bc4de10feb047d0be065fd50112a1cc7bdc22a13a468708f466a67885c4b6fb3ef96386db46d21c13285d5b261b25571cda181575f4037aa2764a6c4428f031dac536789dfecb385ad463cc24e85ca7eaf35292c855279e4019343923f082e316eb8f8c44ba606d28fa37f64e456af1ebde010f8a876f90f0835807ccb84c8608418fba7901d13e398c8191ac7c5b42303515a0ad57b2c3b41148d46e25e4b9731f54e082308afdf6b8029cee573dfba61033021f053308294d45214ab810cae0cd692ae399eb6b5b59bd8eeb6d54a719f74912d4fe130e836d72f55a923ca145d88b7593ee9d7db1d3877d294d16b29beb7622be46739d69ab67dac399f5cea34ba5b208e49fb33ef05ac8490430ef37ae4d701ab09ca57b9719165acec72a3f6d6e906cb9e5667faa412f1644b6401ef78cbeb15ff8c082740fbeb03a3d668f3cdfb42c51ff3725aa439a38acec778be6fd11abe250472b74c1224f760d8fc9f83921de9c8727eb338573e79a3262364fe264308392fb7e67028b429c53f1dbf77579a1a165ea36fda554ca960da5185cc73dd094c98238269946438e20fcc5a60b3015cb1ef60181414d17d21b92c1fc08c5df7e12563ca6bd8e84c169583f3776649e5eb089a84d7f9f37f9a2a47a3ca8adedf75b5f9218fc80063b1ca3c1897f7755c7f80c4c84ea2a051ee6ee0d51e021b1d1d9ed8aeff910ab6e3b4c6092fa77babdf66f7233436b8dab458cc0cd3f352f9932de2514a57646aa9dae1e4fc7b9764d49eb21a709c1bf723702c08d1f841528a344cd98671a7305f62225f0baf57a9c0b21fc8a3acc12e6205c344fd0a3e74b9a37b9e8beeea3632e073b69f6fbc1f2b30e4e8b49c334f042896cec9a746765a57b8d91ac0a389d95715b9ad6beab029fa524dcc228a667f370ccf40deb6da41c0861806aea7cbac7e76a4ed4643b9ccd23579cf2bd2ea0350aef1839d4853d6a5f0f36bb643d9ab6317d51894d803fec3a51739c0bd4efb25537414700eb0deea10c00554c58837faae609f721aebe3695eb13aaa9fd617e4dd9d6292cce078bad1d9559594fe9d75a0d623262513ccfd0a58d8be868e86ae15c94951a7dedc61fbdb8558e249e75265a2af822ce1b048d38e3a291e49a51b6a668629cb7895ccd59939c6453fb137dda4b02b272b2a554175416916889b7910e9c12783bed3975cc6465fd6507b4c4a8d902d98887ffd82813b108f2d35265b688da11ab5e982ea667a2a492fc1b82f7da7c072e4dcb2425cfc1c34fefdeb469e858871da4c3221a339a7363e4cd83acaba9393d6ddb41b3a51ba296683152cd675f80478ce4f99718be41333c30ff02293917700c64559295aaa2fe70fced8160b6b9d0123b6aa253ffdfa828e18e4dadbae9a251f8249fb2551fe265289707ad47c8b678416fbb8559ee371d5e43f4e5063ff7edfe8d2f5fe2712c6b7c9956162711e163920c76631b10a9d241a919d3f833782e776f6d3c578d88c642f06302d7e51a2a7a96a63564a9cc013d134025dfb763b095a95144bda2833aea21cfbb6db3844c9f30431165c1ffa4d618240813cd36325daca910d0f3a9ab947492e70f3172ba6625ecce8af7b2908271b57e42505ff54ab9d6b0296116cafedc0f165e912fd19198bd8dea35c8451104a423ddd32329c5c0ac55ffac59844102d27d4f9085d7a4952a7193be06c4706dbcc3622173fa9a3284e1dcf33275c69ceb9c9ea17d1587f2e73f9fe24094e15787571e61bc70b85f47657ca5479b98ad825b98288dbf5a59a50a9cd1d9aa4c93e6dc128264849c980bae42888e6d274d5b2db98c7c614c0ec3eac3200be29dfaeadf64a750ce9ee480136ef0ff5b2878ea61d4e44066cf8470c288af10077028fa5b2486a351bf66aa50de610a4a4e16ea6a52aebfef5db33eab9e0d8b5a95f884011dbeef541c45bdcff9cea96a8632acb92291bbfd511a64ff9ef4911ed2ee9e8a0add4c76489e098f5f6f91034728da171af9dabbc2a44d72147d5d2a47d82711c9d044d525a9edd31e53bf80d720a0b79c19c15d9e9224125265b40e49eadbd456d71885b0cda9dc798592592a27f697d50e800b29419a27866eef4ef7bd7668a3ccef493aadc2a802eed21f484b3fe0de3c068092d292e1d8e08a151f45592b94d69569010dfec0ac333a0afc19fa465c590f487d33b1caf076c4be6c2a7795452a98e1b7dfa36d8cc29007cf1e5aa09934ba8b3940377ff21718e0e97626a54a7736388b6f36c5e16b15399f77d64123dbfee5c07beb033f167f688e43fcf1a9499bbd7c8d12201cca7908f3ec0eac12ff22826092a8d9dfa3a0eb139f05a4ed9bbf326cbf56bc8c26bad40f35f0766f2508c70cefd36d392c70cf17874ebace7daa706414e80b1497b7474c169395c44d1ce40569bb53941ef79598fc28b484d24b1e0948a2f505fc104882dbd1ea06c8927eaa9d9b34d32b1614cadfa538e73403cac5fff1c3889d38ee2a07d3d4f9d29e81e2f83aacddcb34e323ed6f1cb30265cb403f27928e3264cb17f1c3a9bc1aad3aff2b7e917fb3f8aa78b8dd5d68d054a97b02158dbe22ec8b5a58c61536c24020d49e1e4250cd56725f5776790256a572ea80a5b42539b2b18e6cd1bfcdd83690923079d396ba1561cc8653e8c4885f9a7dcc2a2e8bcd83a6b6e970b57d26abe8cb4077d64127ad1702decc735363cdc166e0a517c9dffec964fd01da892d028eb7dc81df6c9d2e2bfd099015fc1376c82db63fb2ce4376bfe601f1a0688d6d0823a2bf8619a0f24d3fd117b153b4a23929c338b4213e887dc745b64b453fcf9d386e4740e9971ae3362165dcc8533fda1cb32dfaa3652f5d3da4f7bf32c2f0c66f13720640e6c87fc652189da53ea8c32acfcb59ff9d4b0c03c4a40b36745f045d65517af74340adb5f2c61980d49f5e07a807f817110c22d16e4fb26ce8db7deb15299cfbae70e448d1c06ae2250c7ace9647213122ec9fbd9e3755b508d638457d617e94af4ed2f7e79766956241379e90f02606d1c5117bc7ccb042d3d1ddce2e961aa4508cf0d12e7fb5e0150862c76eae0498d12f7d365d7e65a70eee06019e60982ee2c0e83f8aa24b51bf668dfeeea1624b81d6cea3d34bb4f0fbf8374418ba7fc84eac0402e2f39bea044bea9536c3db5193a8e6394e7d2ab1763703cbd19d1858c1299b1dcdeaa3e604723c5c8f2ad367a46b2a182798d501d01a4bc9f0206626143446e48b5ec53ddd3254da571f879ef82d14965ae7ddebc122ae2de5226077f732e4082c7828de8193694cff5a5776088bc38887ddcde2125249fba2dcdb232d25d60276a737e770b3a17cdcd9b139339c9beb", 0x1000}, {&(0x7f00000032c0)="3d80a6ee72094325ec65060f8c2cbbeb571bd417786d10efb0f97b65c4ba915480439d40631d226fd9fe7b3eca58253480967d4cdfe4bb553c90dce7489744b5782036dc01e5b0ffd1ef448ed4acd681bb4d81d986a75385d1e1934e54104970238750f8be77c2381d60e2a354f7bb103c509676036e46464c4cf463ee739870c196ec162b0d0d0402ffababc405c1d18d7e379ee471e867f7578b8d991ea773d0e8932a18dd6f977095cf6834a93c94e87899470209a2efaa", 0xb9}], 0x4, &(0x7f00000033c0)=[@hopopts={{0xb8, 0x29, 0x36, {0x3b, 0x13, '\x00', [@hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0x1a}}, @jumbo={0xc2, 0x4, 0x7}, @ra={0x5, 0x2, 0x400}, @jumbo={0xc2, 0x4, 0x40}, @hao={0xc9, 0x10, @mcast1}, @enc_lim={0x4, 0x1, 0x66}, @hao={0xc9, 0x10, @private1}, @calipso={0x7, 0x50, {0x2, 0x12, 0x6, 0x3, [0xd2da, 0x2, 0xe50, 0x3, 0x2, 0x7, 0x3, 0x1, 0x7]}}]}}}], 0xb8}}, {{&(0x7f0000003480)={0xa, 0x4e20, 0x4, @empty, 0x4}, 0x1c, &(0x7f0000003600)=[{&(0x7f00000034c0)="7424b8080226db859b04734907e222be8e022d0c018c8a9285c657e726e83520b38a36ec77dfd265bfef89af9dc809e2725e6b20a7fde30e2d65a49a88eb97d93cc5916d297886caf9b385d911a5d6327ce108436a69df7c84393c440a1749b83fca173c6af83337759118ba3fba184763723b7f5e2d90e1b0dd60bd886b3d57a2d6fd3b7117cb9e947b8cbb7430ccd0777fbc62d8bdb1c990c61c0f7ef206c89b92c714615dc2daea7a5b0266", 0xad}, {&(0x7f0000003580)="bc04ea7dc366773a6db6601e8fc394759a6feed9bf73b72b2c117ad4768113c5164abed4e1a40c1a9372b7e09eda3af41d7a364c591673f3206b32d7215f10beb42fb93658b5247b699d47c5453967a6bc24c45452f302d0fe90", 0x5a}], 0x2, &(0x7f0000003640)=[@dstopts_2292={{0x158, 0x29, 0x4, {0x3a, 0x27, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x8}, @hao={0xc9, 0x10, @empty}, @generic={0x2, 0xf8, "59a75ea9fe3467d7d7e1b0867744c741f72270a5220cab1f77c785213db790552893615a0c4a60efc47b73c0855dd523a299bca7fb9935d9e3941ac0518edfc526b760560ae090c9dbf8dd0694db61ac8d80842f3409daf25d1afbeab869f7909b7d2757b44ba604d5b732ba914996ab33adb7b5c08999c0772f787c3b847d34663ce86775380577764a915535b16f87324656050358ca99d73eb8c2f0ae2712abdf10816fc0030e39616890e2461aa0131e9d8124aa580d9e115933fcf8ca0f7332076505d751253ddaafee4739ae0ac2c591bff8fe721c10f1fc81991d1ddd78d611eb66c6e445868df209371efa2f4ccb39f3b37f2755"}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @remote}, @ra={0x5, 0x2, 0x4}, @jumbo={0xc2, 0x4, 0x6}, @pad1, @pad1]}}}], 0x158}}, {{&(0x7f00000037c0)={0xa, 0x4e21, 0x3f, @remote}, 0x1c, &(0x7f0000003840)=[{&(0x7f0000003800)="c4148f8c22e5a05ce8d2ce58c3227285a7cabc15cb17f3", 0x17}], 0x1, 0xfffffffffffffffd}}, {{0x0, 0x0, &(0x7f0000004e40)=[{&(0x7f0000003880)="34c11a44a018fba2221ced5e906c4fb93d27adf20678fffcab673d8152407ff23f73b8e3a7a3fc", 0x27}, {&(0x7f00000038c0)="55d911f573a9aa8dfc4fd3919baef4f84cfe720e32fda76a3a999a3f96a9ab59857fefe713e2c022a4b9421cc12e895b6d711b67bb6abce81dbd9885b21ea22bfe6f0c54a28d8fede22d496e4b90033f8d1eb7316bb2b3190e", 0x59}, {&(0x7f0000003940)="da6e89d8ef5fd088c13cc3cd821556442b057641b65b9b0ccd9daf0c1bfb651b056aad016b16e08354b343c84c8455a8dafb2761f711de6de678f74a6d87f5a96918d3e8c10a44a0b4d4b95e0b12eb4b34254a356aefa57e4e4c3032c2fee97b7fc97cb69b155acdfde581615b54d25c4c46190c9622aab6254383370ff8cf870293ba50dad650a0", 0x88}, {&(0x7f0000003a00)="42cfd1b2946025703d4bd656e914ad623b5b15cadd59af8223ac04c24a63ef98618064021f6a8161ca10e62f3a89d503b7d75d3f980d0f6f7956222215a7eea5a20470737ed3b169fde86444169e7438cb0334831e159e341e37cf1ea8e74099f0f2f8b0f5a0ad085a95f6ffa7d2cae4443888311e267e4b948923caebdf236773a2a89f96b852ebc55c6d9337c4aaa43806888dcc8ebc5bacf3", 0x9a}, {&(0x7f0000003ac0)="5223a2b365e6953c59bd2d9daf93288c626435b3884f938e0a428c0aa811b1f18c84fa1bf4c59593bbc24bcfe18c1ab8d3bb3abf365d372926e314916e19f96743df0b2831351afa6d7c4a16d4b8f2d3a40ed1e827409a59e93e4f502a9151f6815e3636b6374e2244a196f1b4d57f0bc591d6cb8f40cbe3c11a581389b3b1aef9db3d89037884d4a6e1926126c4de2c62280427eea349a27b53542f22d309a2bf319fc0cca374320afea8e707b61f213cdcb0bfe6a5886e21f6ce575b78d193cfdb9be6be0aac821ac106729f", 0xcd}, {&(0x7f0000003bc0)="9b27b352d3999bad352d075e33a6ec73507c57e1930c1acdcd1a779793fc32fce9868ea20c3de7364064ac70444c54a61985cc49f148a54efa1818c81d0e8d9f370e0bc070fd6b475bfbe92c0dbce7cb19f25217e1d2bede1f0d81192860431da33f9d08fb144e6f02449a3b2eb214dbf49689bdd48ca1622e9c25caed0925c604f3ec2724965020651a7db62cb43c4686e8d71d6d7de9745410a04761", 0x9d}, {&(0x7f0000003c80)="6f79a9a4beace0b73b178a58fbf97633df7eefe1de7b8cff090c4fc3022e31fffa2a0d0087edf3049d23972d778092db11e3895f7cc1ff95", 0x38}, {&(0x7f0000003cc0)="eb52cd8a2ee54368aeb89c2b77c5c54e82be5756c3a3d61f8091993ae8949234192eb162e5413217f7fb88e806329de4b27761d4738d348834b6d5b8062f97f8174462e1764954342f3ed2a428dc3c93cebab511daeb8e2892127fbcbbe8aa", 0x5f}, {&(0x7f0000003d40)="8962f31a5250cf7d7567baec2f364f983cb775dfd1fffdb821f30cf563567e230d63b995fe368ba012f1e45d6aa20a3df34b22410bb23fb19baa07c2ed09f7a8c1e9d98699cf8f456159301e8a4818f0d1d778eaa6a6520eb9d3a9de93b72d4955409fabbc9b606d000bf3b6e01a485813fa8bbc69959e6a53409b7987e76be416b149ef1a3e263f15a4b2e21e9ebdddfc9675df06533e35a2e76180e8396ce6695436eae3cbb1a0161ae8d439e58a7ca4c40c8d1c7a1fe606bf6f185cb603583d621c547aa2aec05c7dfc03eca5bdcde0605bc07f", 0xd5}, {&(0x7f0000003e40)="805d8ee7c4fe0a76558e369b915b76d70078345983c61aeb4d04a1a7e91401d3b304ae2685249b84d9d74db79b4e0f389aeeddb2b601bc0ca61d32cfb6390ed92af7827bf2a1d6d9a8da529c9224d29754ce2939fcc289250f81b436eddfc997bae0befed502360670ef35a9cfadbf7c99d2ea6b6e5e4e44fd68025e52e2c1d8eab05348365366277d700f87f666174f7a002ea5c7bfc5e931205a91fed37c322bdf2a0138fa43a89c319eca597291b2b8c342df14c2161df9f2a6df79d713b3e077d34f08e98bc702c39a69cc2e77d586c24c7bfe9e662022b0db1ec101382e8a8a6ff9748047927cdc338536c039ccc6bdfa87a3b4b2fdce71429b445c802a4c5b860853b0a7ecfedf5a86ce7f43076284fbb17ef2758b0831a01925f1d837d79561c9b96f19e7757ceae51097cd9dfe2aca747507e3f2db9d7b23d61bdfa87283826fe6cf306e6e8c5e64e6ad3497c130291f60a41938ad1c678624c7dba8505afdc0311306ec0686ca086b1d1e9c3be2bdfb92a3bcec174bdbc3d262bf3f3854ba94cc0233d7a6f08355af2160363fa59d837f86eba3def24fe086f41f384286f592fb45e3d24ceab658c889738f230f3c94a4433836f4bf72a97c99232c5cc08530e90c6bd707d27840af091c740c11965d9820d95c9e7bad410f1e3c30a830a0df332be8bb61c25c97ba226e383a7d415014bdd95b8d07999c1ad42a8c0c6137816e0f98c8af17615dd96b9b96cfff3ea5a6118da48274bf61d90cb5e5eec305e3ebebd8dfe03e1b83e4d792ee52bf699aaf43ecbdac8209065f307ed45d6e43272a785f2055f7f2f5c685dc3b256e876f14a39d10ceca4cdd1f001cb4f45017ed1e6a1b6ec6e3b8f9e29b9fdb2185b480874cff54f1a72eb31d6cf1d1a1ea0942202d2896c365027612e19a5a2e16067096890fd9f5d8bf398ebdfb8a2dc2208f24555f937d318ee205598c73066cbff154856af3540021a43892202e70e20e1297da4aa926296842573c16bcff472bf48e375068400a30ca2270e107255f59cdb0ff4756cdad02a4a8276eb631d6d5679ff81419dcbb545a6b37549a17657e7a4b5766758d2bd1f30eab87e3504f414c43842d91ba55f7da34ec1e7c0ea24e468e31d890671ddd8b8f51e13ba83b3f0382510bfb90bb5ddd841d061c79c1b9de1bf7d6689adf0740c798fc449257f5e7dbdc762d929893365147af2997ab76da20bc909bef29501a5d63087f38f00196e094f6239f66fcddeabad37671824e6df0a03475d0db8c3e4bea0af0fc6b5e7e49032003333f89d992f1890cdeb185ec40c6f77d65533da6e6c355bdba57e180343d8d0cafe4b8b3a9e002dcce032cf1055a7171791e098cc1572e5c112ddea0b553c662f501ed3aa4177b4f11b9dcf8f6c10ff659c35fe0ec82a621acc2e2d9539ba226491c8e8998c85fb13d2669d1ad82cb610492141ce3dec778a954f923be848e5a3400d54e8c32d8e4a3d67f2a58ae5c34643395a6e451612a8da400e667678e770c155fedaacc818a6c481b722e6b0d6cbdec5318fff3564199bb11cd9cf453636f337b2215f12508a6c9d863f674a52545f3f56ca1eddd7f28d5511cebae611210af8a2a271248f7433ed4ec81b874d662bbe9e1b57ca92536db1dfeb0dc5de0f7dae2ec6ec9bf675e409388f7a92376fb25344f5e6f2dae7a66209a90ddd6c648b2315da703774a0dd24500eb50ac53ef67dd9b4e49bc23618384b33e05af6319a7d227f8b328cf461a70fecdddea8ac7f778ff1c3e72a965182a7382059b04cf18fcee9ee80dd3e3cc52072eb22f1f58d7fe93e3243b651dfd18bd5617751f6225364caf040c375ab86691fd082db4839d422c8aa2eed72bcfca0e62a8179c3e95fdb816c658868ae772b1e5afbe5b240fb908141883b26042b0bb6b4284e9281147be4f538d6da618355c250269e08e41278ace9cd57657e8151ce82306607a3cce2a59c069eb21771cdf4ec43fc830ed3b1a7b094ef0328241573e8db30491c0986effbc9822e6f0ba38f68744f7bffe1baa856a0e51be53276f656dd6b50e8e5c86970e99c45af14041572079c6ef99cd8ec0af82b03a0e682594e1734bb9ec45c85622c02ea6b0f07453727a7f3fa6e61e1102a3253ba498b902eee11dc950d10af0a54b515aeb046a397a8301580cbfe3b1f3a5c82bc54d8745bcbfde04108ba874e6010a6949ee1e18c889ef3e6bb1f8a3de601e6539581ce5c46b22b571d8e64305f1009108c8c0d0719f70609e75ea3abce804496dc0c54d88d50778b29852d074c9c0d9ca135d3d36a4887b3c2e2a9d17cc37c2a03bf3e0b45c9ee0638fb3bca681794cd7126dcb45576b9310e2b27bbbeaf690225e8347dd3b4bdd8fdae5e7fd93ba394ef56fc24bfa71f1e5d8976155fd32def8be562d49eab42b3b21319cab73b51a97b71de30a921ba904fbfe73748dc299ab0e2cefb83389757ac3f4a108a6c5ee0efbeadd08b7d606a3cefb45ff47f609c4afa150b152725a219254e8d06a0165cf2d90632664dd43fea02f7a1d54c6b77b8595481040cbb4896966e7293db29a70c639d7f20faf45e2abd9f1310a628eedfd2c24c72ca2971092aaabccada638d53726facf4e321a2e70f425b5af5718bb7b4ac66b766f895d8c13d24790cbd19b75ee787ca72ddf76467c770cdae7bdf2876a75b35606adb289dd2faa4e26ef293139fc0e69e03c23901956ab7ead4816e57516e2e2960091c8f978d34175dd02d4443206395f5a9797effe6aaff4fce90960b24634228338a328ebefc3a34a1355e358972a79f552c6efce7121cb9d30b3a040ea6a0d58772e55bedc60af39b58b5cf02f816377b0953ffeeff9d94830653977910d49969f11cdb7dd222ee6c3fda52995a9127175cc18bff62228558c3e93fd3adb736c9f85373e13e1afb7f7bdddb6c1d62f648118291669da78c103955a1a4b3dc99c8baa01fbb15fb1137e61519f9e476b487d2ea4ad4ef2e94bd18f3915dbec1883eb39609a700609421d25b5c44a6dce7b48413d06780fbc911f22bbab385bab3e6a1fbb6278164331ac11a033fea394715fab2dbb8fc8b35f484616fd67311f51140ad31f48ab0fb511d7b6e7b6534234757b03b660d88be29ec822cc080eb112f3e96863c82b89be1046479756cfb05fb163403fb727854386073598b5350bdd840682964feb6ea2b09e7fe59855fe1d3a2aaa10a9d3f0d29839d23a2b7a5ef352967c3c91aa33273e9f28847103fe2e6f377323b5100026a41a2aee1449d44e92a768c333ac3cc00caa219d90568578689df8acccd57b5ac524ad95e94b4caa2876b932bd2fc987bded7363d222446c6a86ef0143a86975c220b202f210a18ddbd21775175058b87961f25f79b92f16241bb37eee36be85c8b26dc604152158e5af2867442aaa2c5758faadbae7a18dea4411ec6ddba4302ed935675fa03aa4040957f969360089976f40e54c9a4c4dc2092f89ce9fc4cb315b9d225d25dc9fc0894e4b462ca926588d419e7336ed28597060743dafe97c467abbfaed5d7d63e88f92ea8ede17af74bf03440195712e6e9e5c2e14fc34848825b461c72e558fe633a37d521fb1f3a6dc6bd8748bd5f68b4194e7ec85a61c319e526fb9948636d2972263e6585b147b8872c1198d3f27148175d9e5fe496d73adea0c089daefda6bd5cd50d7c0f31e62214dc174dc2fd3f6774a82c9678f9ecf66504711cb8e47e383dcd24718f2d73674947ab05811759f4910d9740a5e4f70c5f2c3bed25cf9b5c5ac7609deeb642a5692f9d347aa3700fc59241bcecadc1b27345ea83832c38ec40c34b1eee23927f79d4afcae9b7d3a9b7a5ec5382d218d1851cd1641d378623a3a090d7e2e1f0e720e78f2ca125e0fe90c65b03bec949133879fa1f74584814d3d98b80e0968de6adba9e82cedc0e154b21b2413e60f58bbd6b7520e7863841bda5da24b2455c3e0c6bb50a62cb0aeaea0355dd014fbcc8a873e7269ec8dff3a55c127644b7637836a93e69f3389912d6da8a6c9ce11cb12127f7246bc42d9718c4c453a1f90bf292826106bbe92750ce06a9fe4ea76ab85d405676401593bba406525fbeb699157bd7076f4a281bf15cf2dd249834479d565d917f5314bec1b8c4b9d400b28f18aaef82c1658d6c9408279ddcf8b3daef3b527be9dea319294282c20a43a99b341645672ff0eeb227ed836bb493b14444816be55057c58aeb1fcef6440cfb340a30fed5017b42533aa192d74e5daa945ead24fdb18586d40965d4f1052f162143c0f2619bad5f9d590040b530b10e6fc34e0d5ad827d3e6650fb458b3cbd6cf36700905c16ea99068cb8b459eefe3a0f9606a9091a9235559363130ff035adcfd671caad44ef7384067e30cfcf28a311f732306bbccdbc82cfd64b9a11b11a120f522bd6952d9628ac52dc0f8d82a1fc0545ab1b795a21dcace20255af1f584d691d1cc2b6ccc5728a3908bf97cf055eb84346b8ea61dbf3e54424b383913bcba5f6febd1a66796339b9dc3034174607924b38c31be0b4ac96a16a3ac0dded6efcb52a03de71e0b8ed26e193a0330a00139876120136e27f0f412f5fae107198e8c2c706768b0b91bf8b70f9c29030893376cebfbd0169eae010230c5049f50fd8e4a597854f5959a9ba691ddb3f1c89488ab76e5c7e54bdd1c4c5ea453448ee897fdd74490fa7d9d0bfb08da86e3a75553426d23f9f4cc33095c63277fe0cbc0e1f09631b78a21e51f9134efc84d6d1476623c1e2d970c0b1af264ec928070dfd911a5d598dbf0134eb0a6f801119c5e8b6b43a4f08b1b1f2f9f52733e34682b2b09641383a08c07ce24fe27a9adbe2d4a78f76bf44cbffc85b506d0b1df688b95c29e5ec640309619dfafe81955c5dee157945795d4ffaef860f164fd4d67f2fc86b9481ae55c18cf1314f2547897333022c9e1537bd9af9425ced8f19c451bd841f6ac482f6083e3d1368d2e29a56fec1eacc47b277271e0b28b0f4fb81cb382ba2d51883daba7d59ede2979df8e8b4f0934381c6e1fd71d5db1d4874f26dfdaf0db66d37a0c39618800f255988910547c4e2f0a1ae59c6c023f14d6baeed8542843e8654d2e6ec6e1aac0d2133f79e5dfa11bb78c9487ba10976305ea902d07d7fde97dcaf00c4bcf2215fb0143bfec34eacca97f41ffc8a66471cfd1480d67902db14d80f4e7ab753d4157de2ec996bb9b0d36d8f9c238fe24018186ab264af44d46632d8d27df92b2f95ae3fedbaf9b7e6a398e6c2dfbd380cbf9bb75bb019ec0e631f75ec4dbb959c98f1c0dbb4cad3e4fea37af2b39f46d05e8d84f2905fd4e35adaaa37d40201f4ac84688ca5043cf9dc9086db4c62e0a70a0ebe304dfd8ef532c115b0d0fa4b6cd83af3241660febeb5dd30715bd794bec0850ce5adef0471b5627fdf1463798b40527515f663b10efd5fb6a014b5682e2f96e26163dc4e3b6e0c336de547c9e6818df4e2545402414ff04fb3070f7a7af5f2210cec43e58f6114d262f2d4bee4b54ce7e18d87dbcc5cec9a80d58aa74765a8aeadbbcc4797bc7261d4cfbd081ea5576269b4fd4b327a61ab4fd430f9cbd22229f10ba2cec529858be19546ceeed4eee9a218986137bdd6f38a719437e4479cbc2d8ed557117462aa2badea2cb82dc961900264443b0724d178e642d2c97fdf84839c5b0c1c1ef763e7d4f371b17b3a6059aa2fc6842816da6293346f0d02931d11d8deea296ddfa9f8694751724c665cac55b733084282bbf536d0009b31a", 0x1000}], 0xa, &(0x7f0000004f00)=[@rthdr_2292={{0x48, 0x29, 0x39, {0x33, 0x6, 0x1, 0xf8, 0x0, [@mcast2, @local, @ipv4={'\x00', '\xff\xff', @private=0xa010101}]}}}, @hopopts={{0x20, 0x29, 0x36, {0x0, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x80}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x9b}}], 0x80}}], 0x7, 0x4000001) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000005140), 0x40) fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000005180), &(0x7f00000051c0)={'U+', 0x7ff}, 0x16, 0x2) recvfrom(r0, &(0x7f0000005200)=""/219, 0xdb, 0x2042, &(0x7f0000005300)=@ieee802154={0x24, @none={0x0, 0xffff}}, 0x80) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8982, &(0x7f0000005380)={0x8, 'sit0\x00', {'ip6gre0\x00'}, 0xf1a2}) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000053c0)={{0x3, 0x1, 0x7, 0x2, 0xffff}}) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000fed000/0x13000)=nil, 0x13000, 0x200000d, 0x810, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r2, 0x0, &(0x7f0000005400)=@IORING_OP_WRITE_FIXED={0x5, 0x2, 0x2007, @fd_index=0x3, 0x2, 0x1, 0x3, 0x1d, 0x1, {0x2}}, 0x0) recvmmsg(r0, &(0x7f0000006640)=[{{&(0x7f0000005440)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000005600)=[{&(0x7f00000054c0)=""/69, 0x45}, {&(0x7f0000005540)=""/173, 0xad}], 0x2, &(0x7f0000005640)=""/4096, 0x1000}, 0x81}], 0x1, 0x20, 0x0) r3 = dup3(r0, r1, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000006680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000066c0)=0x14) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000006780)={'syztnl0\x00', &(0x7f0000006700)={'syztnl2\x00', r4, 0x29, 0xfe, 0x1f, 0x5, 0x40, @empty, @mcast2, 0xf880, 0xd1b2aa1fb645acc6, 0x291, 0x10000}}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000067c0)={0xfff, 0x5, 0x7fffffff, 0x4, 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000006800)={{0x1, 0x1, 0x18, r0, {0xfffffffa}}, './file0\x00'}) ioctl$FS_IOC_GETFSLABEL(r5, 0x81009431, &(0x7f0000006840)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000006940)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x3, 0x0, @fd_index=0x2, 0x100, 0x0, 0x5, 0x5}, 0x6) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) sendmmsg$inet6(r5, &(0x7f00000092c0)=[{{&(0x7f0000006980)={0xa, 0x4e20, 0xc5c0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xa00000}, 0x1c, &(0x7f0000006cc0)=[{&(0x7f00000069c0)="abfc73f33a808aaee470df167c727d73c1ee0cf9afd043ca483416482ec18b9b9f277ce41ef791dac432cac449074c94fa67c842d44793a72c1e414207583bbdb78a1749e9ece38dd29f6faf00a804478d1a5cf9712ecbb5c1979f6ff1516809e898053d23601f3bd3ad60f58487125df072345f4366a20f30f4419a2bd8538693832fd12c78b35e3867a7da7add4633b2efb72d2eea24b56f77a1260ed1f946b9273131654952c0eb434b79ce9c0639fe34e45718f538bdd4", 0xb9}, {&(0x7f0000006a80)="56ce5d966248f1f27ba996834beac8cddd5dc92f7e6e80711fc59eedbab11623b0aedcec2d21d49d6c93fda5e0f50b32181b8d7d25eccfcb9a94105ecaf0a12d5f43877a0caf8d91fb7e13093153937e579112a0fde6a98aa671de637ebd857384ed6d2fd54dd852768cc3c86738d8d53452ff400bd987c2a166a4a17717a7c3a514653a145427328cee81bc188867cf92266d085919ad83c40e7f092abf7a84441a4bbdd439f6aa59896b61eef79077722d133c50b5241c4310031d73c617f5b06d2fcf7a61772cd1ca04d2a21225a15f742bad7898df3d9544afd7208f5f9cfa312a858ea1cb8c5d1a9dd8baa010e89a9424e4886d", 0xf6}, {&(0x7f0000006b80)="4976bcd166033fce1217a3e4e3995c29b854cb63e92fce013882b4e6bb4a7ed5e60a1f0f846b1ea380c9e96b27252f3b59ee580431b211fadbd17cf3f526dadc922a1b4cd9325342c0e95a2cb9012294d4f2d7efe2520eccfd0be63388aec3efe22c9f04afa20004bba0728d", 0x6c}, {&(0x7f0000006c00)="e84878666c1fb428f694f545dcd860560f0a8e7cb2cfedd7074ffc65203b66550866616c9bb69ae5dcdee494e28084106e42a820860de42e04b4df1904cd0de7034ebd64790ad5f6f6c18d0dace032a67b9d53b4960540bf39fec8b263cd9a4314d5ebc84f3e8b60fcfc022a3743a34b74647130f0e3542dfa9a31e23790e1c92979d18277903e6045", 0x89}], 0x4}}, {{&(0x7f0000006d00)={0xa, 0x4e24, 0x7, @local, 0x1}, 0x1c, &(0x7f0000007f40)=[{&(0x7f0000006d40)="4a6a325c88c6e16f07151943ddc3ccc885bfa5845ba754bf1537168d76f788444386b65ee5fce9b47bd922555419600e5ed0a557c0e3f3228ba324278c232e52165f985200ef48f9e78e11111918cd91c6cb41d8a9dc29946e2e247a296c86667889cc7c805dceeb1ee00e5a694e87363318834265d7d2802267b076cce90caf6e71bd02", 0x84}, {&(0x7f0000006e00)="cc2251f00601ea18c52c5d3de3f9296359f1446f127f8e824cd974198c3bc01755ddffae57b358e1b13b22ff7d59e364f1635a8433a8333e65bbec6eda7411383ed38ceb8f3ba9b87662e0f70131756136167e5e753039f52189b958b2e75368a28bfce513a5d7a982fb41f114837a90bc4df19696f4c5278abe5701d1812f4d3eeec2a1aaee2ebaa9f81181280df6f5b1ea698c4615a7c89e6a97e447e3cfd20138ad175322baa76065d2e6525917276e421da4afb26fb738c8fee18ef15507d7aaf89f7b93d59aeb247c63d7201206ecdecb286e3ad26d98f4b0fb10d9e25edd7b2a79a34f0f77a575fcf5eb1f0027b85646063d96c33ddf3b64ca953c41a94e73188d8a525f1428fc48a31044c6dceff9db52129bd5ddf0b40eb04baff7354a8c7af2330162bb215089161a91f66089e2c6493840fcd1481e5ad62874eed8a9cd3bbadb42b2c1bb178ad946e1c30d9d5f0ff24097a20a2512197adddd0f59f61997026ee472e116a7979e86b79b3381a6580acd16f4940dfc0616e80b45089e682e233c119119db21c497c00a7ff800a2bb5ce4bec31a83f8369ce22409f81fe82d0cd8ba7a18f98e4eec11417d01b539c88fe17d9c8c29d7f51146975790e00e2db7e06bdb3f17a9220de3c8f3f3145437a3be321f59e45557d9ec9e02820e01f70e0531069bf2579a3556b82ea1741591b7ef9ad854bb2c2c5bdae709b5a291799c5a56f6d19bb0e1bc8a78306334f2983f19ae80b12a87949aa3ff8dbfc47d0aed6c2b6866a4bbf6e75928d98ba379b1f41b9f87c833ab1c0597785fe17f6af020b386c7330460a29d3cff466efb117eb287c54f612f2cd58ddf3975902fef4f16f32baf67378350fd740641694b3a89aa82fd66bebb8ac123d947cff1118055b0bd25f8a6d030fc8470cb6f366cf8ed61cc6f4ff6d5c88f9e0bd243becb8c8d4b978d77397d63f038cd5786400f9e47a33c11af9ba1b3e700d365a9208cb11fdb35b8271f886ac90a94c12814ddd1a4c3aca69265fe6eaaf48e131632e1d6f5e191ededc952f5d67fe6e294b36d778e3d23acfaa5058a3ce119268a2fd9212de5daaa4138b98e127eb4f20f77f7bf35294ec90e2f9a99916fade07f080d2d9213d3ef486cd6a7eb6cbbb606799d8fa678283f98005b55b707c13b86b606cdf254442a172d3e30a00725989f1738c6702db676c3a76e692b37da7da895e2139e0904e6d9785e78d0e6d2a615648a0b4262b1c8089f1c45349bad6b3b8bf5c52cbcace4b9870f44a1dbb5cfa759d4d7ca8df0baf741c42a0625f85ea41904a8b2c9a47f310b0e60a2d57fcfdfe11ddb7fcee239989d4c96decd16ddb17c5aa7a0b687aff3c64238516eb86f992ac7e5bbecf2294d351c8e81b115d9c9c67c0bf5e1d53dc06e86c2056afe0d0b17d49d32d99f540770c28892b8a4f0dab49b9a8366f89dc4f33353764e2397283f69a1b10e6376376a0fae9f59160c82ef85257716942a0925d8bda67538a1d3935c45d05045f2492dc12e80d70abd39147b959dabaa2eda8b58f58a0ebfefddfacc9885e2ee1c7ed2596a8c7bef2e4d42a8b162ca84ac485f584f25b6af0ae1dd887a53b8b785980400f21273e55f65d9e295f9ae8d1a2fac5b122d8dc386f7df05a6ba475c34aced332b4a395414b127c3c5f77d14b8edfba167c843243ecda02a825a398ef4e16137e4ed820ff55f0fd06df173f992a0cf209c9452d35746fcb6e35122b4ed6eae50045c2ab58760aaab1c957912eacf1d651812f17d851035bf6a6dc251253495361661103c42ccd6a362e9c967178e84d4b2c160102a31ea52e23dc078a73965a71b544ab4ccb7b4f1887de6c78a95bfd5d8b8341a3f2060c12ae924bd278f079382b135884ed3b56a5127623e32bc9b2398ad66b99f70a68c0ad3c157a5d3e01695d7a3344a1fb61cf97e5f8c2f5438606ce9406dfea64502dedab19493dce2f8e9bfd3962f13ef0a1a8d26a700f16eabeb5fcd2aecd90369890d21ed261a8b01121aeec94a3dfeacf7fafe727361ea1ed3336fd1f32ce9ed34f3adf3d8605c64cc9fa2c0cdd4afb4c88c5e20686d3fd907cabf28245aea1b12cfa33b0132bc15543841bd0fe33cc2e39ffd076d757df3f2e011fa5de0358176aa8534092b94486c3e0a50219e14de71331241823042f5d8ece1df1c23e9b22330cb03ffb4db1bb280d73ec1a78b91f298c56f6c6d7c9ef8890db94df77e99ad746f0f15bfb14e5689ce0de4069d6cb60bbe617e9516ca98edb0439365a8529c2bc6b745a27e24b551515794530b401071cb5f1b9907348de4fa3b5c8a8857ce08e1d5c39a63e600c5ff4df0ee2b6b7af56fdb9db8b59f9f5ff77469c36f34db6bd318f12eb29c2cc26a8a630155990734b84fc8b273818c20dadda6450a9632d9e91af146bb55aa4e229e1f35d59a4fff785a3c37b8ac8a824fada2ab5c2a078144e3b86d6d31eb7bb01f8dfe3d7f14c15dbd6bad8ecf42e2fcc8b5eee8e37c2afb31b35ba8a93e2b3426ab84a4fa78f3be3e2205cdfb10af63491dc2c89738abc20622e36727e25afbd63f2cf457a396295ea4cfd478af04542f85be5d6ee2154cb2dd1bbe80fa223f9419f8a39b2f278659df3225ca604806531e1ac507d9795ce39513cc2d2ba929f20f6a090a3b6692de46ca7731e515617c887ea5ee7ed0e9739881402388d798c7f2117c11d5b4cf6b6b836f3c9f34df3f6e50af56549eb3966ba44c3850d4e746481e2dc15b3ea905d58c514a4a927c09fb098d5f6cc88b5e23a8c808582f5524fc5d6203149166196e29a7273eebbc21446437b37500930b371e2fa26c5d197ec091b677b82d2945d427185991b8a59cf89168c68d35af84d8f6afa0e931ac4706b39be0dd7b9d6f939e797bdcadfd28529571d8ed26e7969e7f699a9bb370301ecd76912497cb2b7362bc6ff1a28220312a47062647d22a9061e529b0f1c26312c181400ee01cba275a0eb1610c1d9d754e791945b45c9085737b91086b9828f132f8373becbade13d809a51a0c894616f91c2d3a0769929221e529b1bd53222313109786433f56e1152038ad9690e6be71ab2a8544c4e42b1dd1c6c56d42c3450cbc666113ff312c826fe52501177aacf071c9ec22f5efa854b1079c9ce9105c064a9dd03727a7f72bdc56ec526bb2af85b5300bf6672ab3d210a7ed3d38ac0f70cfb1a9e4db30c4ecbecf0163d1824130c592e28b461a7387c4441cfb43099d4d2a6ffa468577364b773bc1c30e538c1049cdbac7958eb64ef323caff4c1c5d2730c1d7658123ce562bf41dea6012dc7bf87d12687a8498e194a7eba2c1101f6fa95cc884053dd81e30280cadba7752fba4fe6b0a12d015cf034ddd9532c9211949f20d04f27e95526f8c406bb5b6eabaca30e2fdf2ddc17bffec0015e3c9720a50c0c363660e62679a942d06ecd8e18182f3add3f61d719f961b5bec2aaade620cda510c9da31750e8320eccc060dd0a1496dfbef79545f9af9b8f4ff326e5b6faad307f003cb91f85961cfd19728f01f5c86dbaaac028374f652d851a5dc32b968ae5db61d2ad230eafdccd7da7fcbfc624505c7b47d510240fa3e8aa1aa16ef221d08c911ba6c5d20fd798043e132bad963786a4a91fff54d06b17e80bb0ef145e5f20e004b85d76320e8720908195dba5c26b71b842fef89751366921a392f2b0aa3cae4fabb13b2560913eb9a1873636927708dd3488bf1a59b9f4c02aeedc8279097aa56f8e4be0fbdabd845e93f23719f49a91fdffec0a3fb09cd384604befc7ae29663f7eebf18e833515f3ba117608968ef76f47914a85f069ff9a62c290d3c98e1d778051f727788a9ff9587b518fae9c231793e1f19ea7f5b293d6414f829a9d0b6d4f9ec9a81895091f02e335b49a11925e9e48375370203c859f997b0cad108bd54870fcfbbd6bd9cf6f561bcea9bf8df07fe9d41d1e90c2b3b92527384f8ea8c944f54a10ba63570a1238de43c67b396f57cc6eabc1a960455dc87ece5f2d9bd5fc554122d6c99890651f2054c64a93d6c805637047332f005147848a9e9b35a500cdf9fb23b9aa516824d53cf05622d770f65720a49adc07ccf6307c18ee3f29acc381de670c80d174bc96490e9730f462b216df47f71bac8e55ca9c9a1869e729f30af5a0c2784e7cde5e574233c148d325d6934f9354849d16d9fb0dd36715a06f9df73f67bcfb3e602d9be69aa4ed7bcd2e8c5a41abb9424a8855822c3275861f225d545ddf6c5e06244d75775f866d3b9edf8ce208146fc2a7991ba873faf832763e404901bd0892464f02ca812b6c64cce92667493bdb49a8286c4dd6ded8b2f7a1dd7f6ecdc74f05e52fe4d3a178e0849903e1490e05bf685e44023459f5eee96cc43338623a263638782056d3246183c63d348cc426f005fbb699f8b6e578e130edee30efc67597e106e57045c91070e2a63e5a19448af461cd0cfde7a97fcdf025e2ad07b5622eb721c10e3e7e7c2f98c773bd6fe5d21bb62912508e6a95c09dffd778b1873417350d535a67e0c045405ec1660b412d889a0592df7283f88667d20935dcbad4a95003eb08efd5bac957eb0092abd7c1d936158b0932395cc8094adea03fab79637df0132a3162915fd3f928e240b74dced376dcb7dd715eca2115a1d6c225e6cb3d271217bb8b43b866a83fe36380996610de2042027d638b4473c561a1b72dd856c58f646ac0ca509f969012440f17d29f823a52223f42889d2f0d014bf23b74026fd760d2a22d42598c01b9d8fbb632e44904f69e44215d40311603fb1a42beafbb438a78a0ba9500c1b0a1e914edade76faeaeb53b14202b46fd486d5122cebadc077b55b4182b8f9986280ad033308ee4bc970a94bf9f05615f03238f0626e201bde91893ce0507d12fd8c9f90bbeb5d043f85b34dabc69f90913cf2f166979f127694f68da192a01ae1101d2eb51c13f4214b4b2579931636cd107676d0be8ce45806ce44f3b0f01658a2e947516fe9559fb53256c86ff9672765e1f16a5100638248a0348f21ab56a2673d9fee1d8118e28b72b283af8ce643a22c3ad344caa820dbecfabefe5861f7fa3ec40835b83f705eb89e227a4fd76fc714b33644716e1c1c05ede22147f3721710e99d490aae3d15805186b82a28dbfc16b420635afcb306202100a83a87b51df45c26a2bfc9222632a975b727f307d693919d3dccc43502795c0ad240d8f0c4e2dba8012bd116171449d84f0c3d2e86231076ca9ae3a90bc6c1785dc3aee2329139401dd7cfa74ce9075fff2f5011e9e3f91edc49a4188c26ba4bd62a75422575924773785ee0f13ce36ca3f0dafb6c76400a272834e819331e1ef60a421dcb7d9832435fb1ed4eb01a5ed3be779171262abaa2451f0c0dc146aace5c1fc7eb88ba7b0aaa2e5aaa88389afc424eb46e048824fe5c3197dfd72f48026f9610f12e39de44ad8b3b5461a97b539c4275e2a1d50bd746fad29677de8b520ccdfb7b4be1907db24cdbf321e280037b556fa4758d9d7fca2c29e5c9cbe7f13c286f03f5ad252e455f1cdadc58e557e49091d080c1e1830ba61fce22d7b37f20292758c800bb856171e6690691d5ddd320edafe89a2bdf0ea1ee3039f87f710f17caae41963ebb6aea5d9d4ddc958b7f23eea3d6bd143bd20067214882575c0a297eb338cec785c7348f6c4d68cd00360f0c1747a27df543e0144c32bf9c564c535ba87fb958f872f1a591652d0e751bfa7446bbd006626f2e43767b906acbe6abf43101e21", 0x1000}, {&(0x7f0000007e00)="4a4bf5b6d0d4a6eed4cbaecef521a1d20b3513839db3b17335ed18cc99448f27d8ce30540b25e393cb68777fef85b3905820999656a7b69f4f55f2a0334e53cd6a014ed404e84c93433dd6ca632a0d134858c27b1142b5a1dbcad3453ab1e88bca7ac985d6b64e", 0x67}, {&(0x7f0000007e80)="b4ed8e1ffd6662b09d59b574dc9dc8ad0a498f799b28c04d85c454203468ff03c0c0e553cf38d8dec46e8b32dd145480e8985e3267d4bb76e81c0a0a9a9db13d16271f989a82de08dce4e84c0133431d30ffd6fc404f43699dace498f5f11f01254c60c944a0c3708c8484b1dd926c3eee2efb3a9d65a0728861b0e98936ae98eb8e683f3dc1bfd7c52ed8ad2240e3d05700bfdde22067b3c8dcb8f8a2c0895d82a10be6fbbcf00c", 0xa8}], 0x4, &(0x7f0000007f80)=[@flowinfo={{0x14, 0x29, 0xb, 0x3}}, @rthdrdstopts={{0x38, 0x29, 0x37, {0x3a, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0xff}, @pad1, @calipso={0x7, 0x10, {0x0, 0x2, 0x4b, 0x9, [0x4]}}, @pad1]}}}, @hopopts={{0xd8, 0x29, 0x36, {0x32, 0x17, '\x00', [@hao={0xc9, 0x10, @loopback}, @enc_lim={0x4, 0x1, 0xfd}, @generic={0x9, 0x81, "e9a94811fcc97e7a0eccf3bef1db4b2ad567a1e7bc1256951f740209c8ecbe05fdb0b0880f8c51d2d8f7b11ba9ca350eef3803fbf2ca5a0704e8495127ca6e7a74ed1320b3c1dac7c1779df70bfded6fc3e8330f9bd8c16f5ad42a721812a79c1ecc208ef198e87a04ed8c508bcd6b3a66950b514c2a4e1806b7a14b259618e3d6"}, @ra={0x5, 0x2, 0x100}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3a}}}, @enc_lim={0x4, 0x1, 0xfa}, @pad1, @ra={0x5, 0x2, 0x400}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}]}}}, @hopopts={{0x108, 0x29, 0x36, {0x73, 0x1e, '\x00', [@jumbo={0xc2, 0x4, 0x8001}, @generic={0x8, 0xe8, "937c3cee52799b3aacbcea6f1a685944b3b4e3436a77936bbc85a64cb29b6ba7d5a64bfd0fb2a1f71bb0f8e6a8f63be236bfbed0f9962c7049db404261ca176609cbfd27ec42fc4d73c77fd9ffc6bfea8f84fde68d27d87d14bfcbbe9f1ce1d828d17478ffdc499d8eff89ab9a25474dd1391df8e3e9907b19008e7bd7856850d1b54021dcc58f8759ee93fea95ad2534a9ffccf56c7083150f67d2504d5d4c0f5b9860e2f2564c4fde2e1127358e59fa43c9ee95eeb96c9c942de2607776a503cede483df16035db85b95bac8b32e77efd1eaea39173f9b8c266c6885d5efb941cac265dcbf7637"}]}}}, @dstopts={{0x1060, 0x29, 0x37, {0x84, 0x208, '\x00', [@enc_lim={0x4, 0x1, 0x8}, @calipso={0x7, 0x28, {0x1, 0x8, 0x80, 0x101, [0x5, 0x0, 0x7f, 0x1]}}, @padn={0x1, 0x1, [0x0]}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @multicast2}}, @generic={0x81, 0x1000, "a2864f000b1a5d07fbe798e94f90063f6025e6b8fbb9fcee967d1bd60f41a1db002043ea7e19d1a8b6208e0285aaf6698bbffa82b0f7461d71190822e9aa399211ea45adc3f72c1bc354c03d729adf19f8b76102f0b8d04b6164acee00fe5bfb32a05857cc94f3f4c4b26af646e9118cde57499e609a60597db8ff0f1a2d1975f833d0c893b2d104b1e497c64b8110387632e75aee6790faa3e70e9b1fd95594b1ffff2986fa0722f3721719ff5083b69dbeb1fc7f9fba40655f262b5f4e4d013429fd72e6c43fb73129c5f385d245177380987e33f845d95c3be613ed7edbe133d6d5a0f157b9e3b20271931530a7aa3819dd251866e8490df722d0d167be030e001ac20f708ee91acad733776b713ca08eaa0a4aae2c6d60bcc39ecbe24255b87f13c9538f6d8b75271d7c01307dca1f7d1f2c7dfb56bffb2fbcc9ae42946584f4193e3664da8988e9ad73df6e518545ad55ed826943292b76f6b8582392c6c1eef34439b076a145f7901d38db3f9e5dfdb7be6098911ae106aeb76a0e69eb8ca417332de59747e6a5907d24daf8d8141515a9f164274a048d2d34544b0abbd29b79352b288489de8d7889b41f67d16c36684ffa3b3a28feb9019f72ede4825ff79004471f9b89962c67577b55cc730509febd689f4b4ee7568d89f168b3588acb6637226f962e3747d2b0dc305d02e8ab4026dcde3c3dc2c906cf4c71c66173ec475515ea51d2822536be5cf8d42688e4efd403da32f4c6da410fa0cc6f9700f44f8a3d7c6e4887531b50e1c39c143dcc20dfb5cc080a67fdeb00f95d5090f1a34a617ead247746439a7704804cdf9fe2fd36f3759d427dcff3ad1d8a23f30c95ae6107e0713e11c45f46485e63f3eca7a7eefd369e0d1e61cea05fdab740bea0e735d83240483b6f0934626078f4ab8627c72a74030960eec879275d6d0ac25ac2d8a01d80ea9fc4cba0ce34640273349e6aedfc74e6ed8b7c78880f1a9a71c58d35e4ed30ffda68af4789837ac2daa896f19fa8781941963c828595cac4a7d5d2917039a4fc327e1cd90a01a12a8a7225559eb36a3a1645e3f18932c40e02e8d4c621e3002fafdae20520d027632024e8c7f4cf2ab632a850950caaf9094f8556d6984391641d8bcdc6e1e5e3e218987282838255ca846d6609cfbca4d0ea136c11366fafba0cd8910031a10788aacec963c766f6316e69146cdfc2835bdfb9a50ca7815fb80d54036a188fc7c382b6a0f80f334dd1fbd4622b298ab41b720071fa7d6bc114343bddd0d0dda4d6bddecd65312ff23b77f838b777f7c5fce9c4c55d2c05fd8bf20d62a7e879e3b2b718474542e446ab60957d23c461fb26f16778d81b649db9de7ea9b554c7ae77982883eecd7608110589201956f26f0766f1dcc4d636ef5fbed213605c7d6ddfd9bc7ec3f59784a88a60b2712414bd73c603a7517d233c49c88ecf9710f10331446a38cf025b0cffe8b17a55f30453865bb02930e79058c0e29a00ccebd81efe134d43be76e49179baaa15be2f953d6ead7ecf94f219b08c12561d42392cbf8d7c2a3a49ef72ac728413a7de71f7037a74f123de4d19387956a5277164b4e90c3fcf8da8e6da7526924e63a3378727c7b7d141dd747e7cd524172544efc59ff1e893df27c7857529121f3cd72d206d967a083f4b1355a6397f12703d38c3d665dfe6fab8d2c9487a5ae5bb80320b6cef4765794f25b3225870c0dcc5822755e8ce9855760eb972bc1bac1e088f0b076c187f5e5c210ebe44810ebe8379cee71a8e8eb80638d940504d864b3bbec98830399c951fe07681236d550181a5891731a8646e954df20a2ad4440757a72b8c75f6d2a01cbd335ae76898f903d96ec62d2ff1a1c8d860a999561e1c8561b69dc5d4e5deb3f81ae0c4f8d7831fc0d0bfc8e0d3d46e485d54c7d2f547a675fe3ac17550f15b2df0a25c4c6618c7af985a239f5db918ad77cf6b21a63a341c5dbe389195a626ec783e92b2601545891b6a3f5f2953c45fc94801428a20f4019496890555a4159776408201a3206d7935a91864436c07b1098715a2947e4f00bc1fb61e84f2a13a328255cf5e50d410f9cfefa6e85d898273851e2cd2eb05503643c7e83f93d3e1cfcea6f8f97cefe534e2c54ae6e48f8c134a363dbac6367a3fcad0de53ebe50c3664325eb02e34b4a17c3f4981e1d8032721e1b9ea79c6e3a1af0898213c89f9ebace8a97dfa5b1e55a2249e7ac16d92c544607088b14ff548752d1e0cb677ffc8bf676c6a7e7903cf95778253a9d44a7cc36b25ab48a8347d4486cc8724519284a61c55a18c5897782f7f2bad20f4b739ef8b0dc6bb0ccc021fb6d3c88ea1a80638b1052272260d3a5cd185d5541c0a7df2f83cc71e44dac78917be2ebe46de10565a5760cd5a20c02112b43f9e938843e8c495a98291657daf1e0a8821b920ea82debaca05e304e9c85e86ac2dd97caf5814a33302875b37c186c1e7c5d107ff48a9355116dacbef282b5ac7675a5957f8e0c634d0a90f53ca5cce8931f7e5324cca48adf8fff950a4a9b6d90cbeae54b0bf18193161402190c4a5c3d0078c267f91a195affbed388a7da0ee974a436ca7c795c886896726c2bba3fcd6e27c510ac66f2f0b2b1ddd6203bbd712ef503f190deeb8a63d428c00cf131873894acba030c0262cee314baeedea3a1d72449caf7b615cf9348324ee2552cbcadd271220572306c9947a92304fa875916702519f8fd021a8d4dcaa0030b664884d36eb42eacfc0e6de159a8f6aea929d06a333d7294f9f0742585b819763a69acc842a9f342bae71312ac0a04f7cc3a0cf31ef55a485f5fe2241c2225af42cd21951ba410a74b8798ba3c57720b014ac249b50008a345646186e62782d81ffddfed09ad9fa84e6a24adeb96b2ea03a91e3016d48ef5ec7fdf9bb1807c32da97b46f030a9801d69ed415a0f1037ac024c527a1144ac648d9b003231ff72bd34c1791a11139fc011b76bbd49eb0da1888c63f5c78747803565866be8ad4157a7bc1f25b57277be1dec5adebecb4950f5f077b16cad5a1b3aec0f8fe054460e27c3175df08459f95bb8188a25488ca013395da36c7291e0d555bfdcefc04e5b5eec902fc2b90cfa4f9aaca4722183835f39d3c9f956679618681b5c59215bf10ee42f8b49502dcbdcf79fbb88daad45849a510573b5acfbe7ba3d34497674170a6549d56aa15bc7f81b0b5d9d93a8304848dd9744b37ed293fc54522cdd364f6f5a8b34f2ab58eb02b066d890742c6c20936542b95f6fa4067807c78ed775b7c1f3b1ce844b02b964ab01e284778d6f5a82f7f649454cb41ff049781c95d11e71d45452c2bb7afd7b6866ef5a5d5a3a248e1bd013f1d9d491bbc7bf87a6b997d38072954291d0f478345fd71091641b64656b73d6748a91ef7e2c7c6f82700d20fc7d9d30fe4fefcb35da48195df534a572078305b71a217fe51f3e4de1ec8977f5b6aead32e1c1ec01739d3ff37b266e4e3dd048cfa8c4a08cdd38a442359bf7e9839f6a2a178ec3069a660a460b950f8028cb3bc4b289c4117ac3aaae2c790f61c26326cbd9b3c57b35d064991ee9a971679a75f9717c6fccf8b65dce4a0cb8957fc8d92f823fb87211efe196c7c9ed76febe0c1bfbf7f24508c25927d8d206ec1790e1ee8b1e1638a2c768dd5339589125a02329d0f8b786ecc405de6bb94273d4b13754ba042daa940ff03d46e6cb9570a5534df0d04493d7c86787de5918235fb5aa0e75c077dc9a812bb646f328b682dfde31f097f172ef78ded3bf0d96aa569c1c5691f37e30d93b8ca62f735a73778ee2dc62dd8bcb680b478c1a29f61f8c1896a5782cd9eba2692a5a827516daeb7d35f5b31726726d5b4a804a22e28d73f242c08dc5b0fa6a9c03ee922a8c6e9aef4dc445517bd3967abb5055335926de195094be0e42dc9b9f0b364e40b26d042ed5b8acaf0885582590b3f47dd639a1295481f3c0171b716bd7e152aa458c5f791f41c59ba7d4ce6b103c88d6ad1c01470f39e6d8ee9101919c066d5c6d58f18b468ee972d9546dec3dddf55e9fa1678f417ff0c814c3e48a58ad0eb3021f0b1964b5264d0181fdc0ec268db54156ca6251ab38f280aa6b673d94f4feec7d65181519b37c387ea32958a16e08e7d984072be1ea5542f35473ef6b4319908ea0a0e1680bb0e4c8a9f5d15ec5a048afc6394a5ddadd45f1bac268a2c73fb811efa00a70790ae7a0ab2a0fe3f255f589702e0f05ea2c4b86497dedaf9cae884d004966cd517d43dd76da1f74fcb327090bcbee9cb41087561bb0d7b085fba560a9e3d16ab63df3621be881f7c0c536691bb261b77998b07c2298180cd963cb1409eaf9fc45934cf45316ad0d7c4994c92bcaa336d088a1413bd8b21bd29757d6e83d0cc1c3aae96854ab3fc97f7dbe2fbb18562041aeee0e24d2855cc69ecf073cdd88b2fb60950c794259a3bac74982e8e548e7f4dfc01370de57b4ef7a2b3f15d67d4da22a38896cc58f1667fbea040e4606a037c9b5db460c07acdac6990d7aa831fbd9a2db2fb85a525a25868d6540d8f49c6d385b78d8993318459136b85419873a2d1e711cba214a47fcdf6217c799ae7f31f0e68221d6e056d71b0c78684e5f009ddc9e3bfe2851acbd3259deea1da0f8c1d0ad1d1803804ee856269e98eea750793fdbef61633cf2d97b1a3279408849968f2995cb4543036cd69f22e751a815cea00b1dd86d19632fbcf03e074caa87c1f68eb7905705403809b72eb9788ee9884c5c38bcf629074f2bbd35ef38d2cacf058784085fe28e0a32eac35e91d003cf4a344734b5857ada9dd87131905e7c73137b06775123ab4d0054a9fb07270d829cb38e7e811be08a9d962d87240f642590bb391a09ccfc73d453dc8f54d5f013111d22c783e9fc0a7a68019cbb2721c4ed66c0b91007610e28a5997ea58e1bea6eba5839c4c0c0cd87e7001aa6c4c02daec9dd84f8b53e45e95dc730ddb362fc696f8aab7a774f5ebff49080942f4a55e0cff3afed9394c64dc1fa7fcc85aba8a6985712ea6246ee3005ecd8e24b822ebf3195b2ca050431918d09d383b002547e30d4c0db293559625f0f50f75792421926559bc51cb512b70af1886d19fb0405d30591b0cc01f35f12c3f9a71542f90fa277e894a6af02f48c6718c0a38808c267a36d8957a253409c0675c0484a9c80c756df4dc15fdda5b1e25b2a8ca410bf07cf1c255e9ff5e2c97f739e3df79624deef67309dee78e2747e6a93e5d30f0ff910e45ad34b7931040ef4e674169f011f42f44de0b09ada81a4de256e238259fadf0213b3c12958aa8e7ec68d83fbaa812b379179b03af9c7fdd798f367eb653736a2130f1d3a30ed6b0e377deb2bb144b596b2275215f8cc6f39b19008ec310f874d0248b91a53b302d37468f3e4041f70f14502a8d724e85a065f1d79a19fdbecb7fd1102e393a955a28203e1f33b0152aba031015065dbc85eb0f7f46ee055257dec71d9e86c96f40e2866daccb222ec0912feb4571afeaab2a1f88f82d4ff04da25867f2a1c2705a7a00a3a17325833e9b08dc379f36283571dd517eaa79e9fc3f8b0f01ccee4b92e05b14e9a9e779826226596a9ad1083f80288c644f25c9ae59137ec1a361764b73c5eb5d89694016fc7e8dd7e63f463a0c5e94461d34854f77ac7ba4d734bb2353da2e136fd60723125bf01c17d01a595a5d41020af3900ac5372044dd1264e21e7fc19f7a69f52406e1083f18d0c7cc0e32790fc48d40c397faf31cc"}]}}}, @rthdr={{0xa8, 0x29, 0x39, {0x1d, 0x12, 0x1, 0xff, 0x0, [@mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, @loopback, @mcast2, @local, @mcast1, @loopback]}}}], 0x1338}}], 0x2, 0x4000000) 17:18:09 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:18:09 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x9}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:18:09 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 46) 17:18:09 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1433.254274] FAULT_INJECTION: forcing a failure. [ 1433.254274] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.256805] CPU: 0 PID: 8246 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1433.258292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.260059] Call Trace: [ 1433.260629] dump_stack+0x107/0x167 [ 1433.261423] should_fail.cold+0x5/0xa [ 1433.262248] _copy_from_user+0x2e/0x1b0 [ 1433.263100] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.264116] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.265063] ? __lock_acquire+0x1657/0x5b00 [ 1433.266039] ___sys_recvmsg+0xd5/0x200 [ 1433.266872] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.267924] ? __fget_files+0x2cf/0x520 [ 1433.268779] ? lock_acquire+0x197/0x470 [ 1433.269659] ? find_held_lock+0x2c/0x110 [ 1433.270527] ? __might_fault+0xd3/0x180 [ 1433.271390] ? lock_downgrade+0x6d0/0x6d0 [ 1433.272299] do_recvmmsg+0x24c/0x6d0 [ 1433.273005] FAULT_INJECTION: forcing a failure. [ 1433.273005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.273120] ? ___sys_recvmsg+0x200/0x200 [ 1433.276572] ? lock_downgrade+0x6d0/0x6d0 [ 1433.277470] ? ksys_write+0x12d/0x260 [ 1433.278300] ? wait_for_completion_io+0x270/0x270 [ 1433.279324] ? rcu_read_lock_any_held+0x75/0xa0 [ 1433.280326] ? vfs_write+0x354/0xb10 [ 1433.281121] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.282059] ? ksys_write+0x1a9/0x260 [ 1433.282868] ? __do_sys_socketcall+0x600/0x600 [ 1433.283860] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.284974] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1433.286110] do_syscall_64+0x33/0x40 [ 1433.286903] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1433.288024] RIP: 0033:0x7f033573cb19 [ 1433.289011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.293429] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1433.295218] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1433.296953] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1433.298678] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.300536] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1433.302218] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1433.304044] CPU: 1 PID: 8247 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1433.305594] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.307377] Call Trace: [ 1433.307942] dump_stack+0x107/0x167 [ 1433.308719] should_fail.cold+0x5/0xa [ 1433.309553] _copy_from_user+0x2e/0x1b0 [ 1433.310381] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.311383] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.312300] ? __lock_acquire+0x1657/0x5b00 [ 1433.313235] ___sys_recvmsg+0xd5/0x200 [ 1433.314052] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.315119] ? __fget_files+0x2cf/0x520 [ 1433.315944] ? lock_acquire+0x197/0x470 [ 1433.316797] ? find_held_lock+0x2c/0x110 [ 1433.317666] ? __might_fault+0xd3/0x180 [ 1433.318533] ? lock_downgrade+0x6d0/0x6d0 [ 1433.319428] do_recvmmsg+0x24c/0x6d0 [ 1433.320230] ? ___sys_recvmsg+0x200/0x200 [ 1433.321082] ? lock_downgrade+0x6d0/0x6d0 [ 1433.321973] ? ksys_write+0x12d/0x260 [ 1433.322778] ? wait_for_completion_io+0x270/0x270 [ 1433.323821] ? rcu_read_lock_any_held+0x75/0xa0 [ 1433.324788] ? vfs_write+0x354/0xb10 [ 1433.325603] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.326508] ? ksys_write+0x1a9/0x260 [ 1433.327342] ? __do_sys_socketcall+0x600/0x600 [ 1433.328302] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.329429] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1433.330499] do_syscall_64+0x33/0x40 [ 1433.331318] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1433.332395] RIP: 0033:0x7f11b74b4b19 [ 1433.333207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.337001] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1433.338649] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1433.340192] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1433.341707] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.343255] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1433.344759] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1433.357001] FAULT_INJECTION: forcing a failure. [ 1433.357001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.359535] CPU: 1 PID: 8251 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1433.361010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.362760] Call Trace: [ 1433.363336] dump_stack+0x107/0x167 [ 1433.364103] should_fail.cold+0x5/0xa [ 1433.364923] _copy_from_user+0x2e/0x1b0 [ 1433.365774] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.366784] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.367694] ? __lock_acquire+0x1657/0x5b00 [ 1433.368629] ___sys_recvmsg+0xd5/0x200 [ 1433.369455] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.370519] ? trace_hardirqs_on+0x5b/0x180 [ 1433.371428] ? lock_acquire+0x197/0x470 [ 1433.372281] ? find_held_lock+0x2c/0x110 [ 1433.373145] ? __might_fault+0xd3/0x180 [ 1433.374001] ? lock_downgrade+0x6d0/0x6d0 [ 1433.374881] do_recvmmsg+0x24c/0x6d0 [ 1433.375691] ? ___sys_recvmsg+0x200/0x200 [ 1433.376566] ? lock_downgrade+0x6d0/0x6d0 [ 1433.377500] ? ksys_write+0x12d/0x260 [ 1433.378316] ? wait_for_completion_io+0x270/0x270 [ 1433.379375] ? rcu_read_lock_any_held+0x75/0xa0 [ 1433.380352] ? vfs_write+0x354/0xb10 [ 1433.381162] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.382056] ? ksys_write+0x1a9/0x260 [ 1433.383070] ? __do_sys_socketcall+0x600/0x600 [ 1433.384256] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.385697] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1433.386781] do_syscall_64+0x33/0x40 [ 1433.387570] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1433.388624] RIP: 0033:0x7f67c49b5b19 [ 1433.389428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.393257] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1433.394872] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1433.396449] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1433.398089] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.399865] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1433.401603] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1433.411149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1433.481044] FAULT_INJECTION: forcing a failure. [ 1433.481044] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.483649] CPU: 1 PID: 8255 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1433.485062] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.486800] Call Trace: [ 1433.487347] dump_stack+0x107/0x167 [ 1433.488111] should_fail.cold+0x5/0xa [ 1433.488906] _copy_from_user+0x2e/0x1b0 [ 1433.489754] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.490720] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.491668] ? __lock_acquire+0x1657/0x5b00 [ 1433.492615] ___sys_recvmsg+0xd5/0x200 [ 1433.493463] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.494484] ? __fget_files+0x2cf/0x520 [ 1433.495326] ? lock_acquire+0x197/0x470 [ 1433.496147] ? find_held_lock+0x2c/0x110 [ 1433.497004] ? __might_fault+0xd3/0x180 [ 1433.497849] ? lock_downgrade+0x6d0/0x6d0 [ 1433.498738] do_recvmmsg+0x24c/0x6d0 [ 1433.499529] ? ___sys_recvmsg+0x200/0x200 [ 1433.500398] ? lock_downgrade+0x6d0/0x6d0 [ 1433.501281] ? ksys_write+0x12d/0x260 [ 1433.502094] ? wait_for_completion_io+0x270/0x270 [ 1433.503104] ? rcu_read_lock_any_held+0x75/0xa0 [ 1433.504078] ? vfs_write+0x354/0xb10 [ 1433.504864] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.505775] ? ksys_write+0x1a9/0x260 [ 1433.506571] ? __do_sys_socketcall+0x600/0x600 [ 1433.507534] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.508618] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1433.509712] do_syscall_64+0x33/0x40 [ 1433.510496] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1433.511573] RIP: 0033:0x7f60a47afb19 [ 1433.512350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.516207] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1433.517809] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1433.519303] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1433.520796] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.522300] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1433.523797] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:18:09 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 29) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:09 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:18:09 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 24) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:09 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 7) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1433.701361] FAULT_INJECTION: forcing a failure. [ 1433.701361] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.704168] CPU: 0 PID: 8269 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1433.705761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.707481] Call Trace: [ 1433.708042] dump_stack+0x107/0x167 [ 1433.708826] should_fail.cold+0x5/0xa [ 1433.709651] _copy_from_user+0x2e/0x1b0 [ 1433.710500] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.711501] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.712436] ? __lock_acquire+0x1657/0x5b00 [ 1433.713383] ___sys_recvmsg+0xd5/0x200 [ 1433.714215] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.715266] ? __fget_files+0x2cf/0x520 [ 1433.716124] ? lock_acquire+0x197/0x470 [ 1433.716989] ? find_held_lock+0x2c/0x110 [ 1433.717868] ? __might_fault+0xd3/0x180 [ 1433.718727] ? lock_downgrade+0x6d0/0x6d0 [ 1433.719627] do_recvmmsg+0x24c/0x6d0 [ 1433.720419] ? ___sys_recvmsg+0x200/0x200 [ 1433.721312] ? lock_downgrade+0x6d0/0x6d0 [ 1433.722210] ? ksys_write+0x12d/0x260 [ 1433.723024] ? wait_for_completion_io+0x270/0x270 [ 1433.724065] ? rcu_read_lock_any_held+0x75/0xa0 [ 1433.725057] ? vfs_write+0x354/0xb10 [ 1433.725869] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.726779] ? ksys_write+0x1a9/0x260 [ 1433.727589] ? __do_sys_socketcall+0x600/0x600 [ 1433.728572] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.729688] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1433.730794] do_syscall_64+0x33/0x40 [ 1433.731589] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1433.732673] RIP: 0033:0x7f11b74b4b19 [ 1433.733480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.737397] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1433.739009] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1433.740519] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1433.742042] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.743558] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1433.745073] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1433.754221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1433.787438] FAULT_INJECTION: forcing a failure. [ 1433.787438] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.790124] CPU: 0 PID: 8266 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1433.791582] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.793357] Call Trace: [ 1433.793909] dump_stack+0x107/0x167 [ 1433.794678] should_fail.cold+0x5/0xa [ 1433.795492] _copy_from_user+0x2e/0x1b0 [ 1433.796344] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.797341] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.798272] ? __lock_acquire+0x1657/0x5b00 [ 1433.799198] ___sys_recvmsg+0xd5/0x200 [ 1433.800022] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.801061] ? __fget_files+0x2cf/0x520 [ 1433.801912] ? lock_acquire+0x197/0x470 [ 1433.802754] ? find_held_lock+0x2c/0x110 [ 1433.803613] ? __might_fault+0xd3/0x180 [ 1433.804458] ? lock_downgrade+0x6d0/0x6d0 [ 1433.805360] do_recvmmsg+0x24c/0x6d0 [ 1433.806160] ? ___sys_recvmsg+0x200/0x200 [ 1433.807044] ? lock_downgrade+0x6d0/0x6d0 [ 1433.807930] ? ksys_write+0x12d/0x260 [ 1433.808757] ? wait_for_completion_io+0x270/0x270 [ 1433.809789] ? rcu_read_lock_any_held+0x75/0xa0 [ 1433.810794] ? vfs_write+0x354/0xb10 [ 1433.811586] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.812502] ? ksys_write+0x1a9/0x260 [ 1433.813326] ? __do_sys_socketcall+0x600/0x600 [ 1433.814294] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.815408] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1433.816499] do_syscall_64+0x33/0x40 [ 1433.817304] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1433.818383] RIP: 0033:0x7f67c49b5b19 [ 1433.819174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.823111] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1433.824721] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1433.826240] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1433.827754] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.829282] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1433.830801] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1433.834312] FAULT_INJECTION: forcing a failure. [ 1433.834312] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.836917] CPU: 0 PID: 8270 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1433.838377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.840138] Call Trace: [ 1433.840696] dump_stack+0x107/0x167 [ 1433.841467] should_fail.cold+0x5/0xa [ 1433.842291] _copy_from_user+0x2e/0x1b0 [ 1433.843140] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.844130] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.845066] ? __lock_acquire+0x1657/0x5b00 [ 1433.846002] ___sys_recvmsg+0xd5/0x200 [ 1433.846831] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.847881] ? __fget_files+0x2cf/0x520 [ 1433.848733] ? lock_acquire+0x197/0x470 [ 1433.849584] ? find_held_lock+0x2c/0x110 [ 1433.850450] ? __might_fault+0xd3/0x180 [ 1433.851300] ? lock_downgrade+0x6d0/0x6d0 [ 1433.852203] do_recvmmsg+0x24c/0x6d0 [ 1433.853006] ? ___sys_recvmsg+0x200/0x200 [ 1433.853904] ? lock_downgrade+0x6d0/0x6d0 [ 1433.854809] ? ksys_write+0x12d/0x260 [ 1433.855638] ? wait_for_completion_io+0x270/0x270 [ 1433.856668] ? rcu_read_lock_any_held+0x75/0xa0 [ 1433.857657] ? vfs_write+0x354/0xb10 [ 1433.858457] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.859387] ? ksys_write+0x1a9/0x260 [ 1433.860210] ? __do_sys_socketcall+0x600/0x600 [ 1433.861201] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.862337] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1433.863440] do_syscall_64+0x33/0x40 [ 1433.864231] entry_SYSCALL_64_after_hwframe+0x67/0xd1 17:18:10 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0xf}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1433.865348] RIP: 0033:0x7f033573cb19 [ 1433.866314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.870232] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1433.871903] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1433.873491] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1433.875065] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1433.876623] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1433.878214] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 17:18:10 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 47) [ 1433.913653] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1433.970439] FAULT_INJECTION: forcing a failure. [ 1433.970439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1433.973016] CPU: 0 PID: 8278 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1433.974528] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1433.976351] Call Trace: [ 1433.976932] dump_stack+0x107/0x167 [ 1433.977735] should_fail.cold+0x5/0xa [ 1433.978571] _copy_from_user+0x2e/0x1b0 [ 1433.979443] __copy_msghdr_from_user+0x91/0x4b0 [ 1433.980458] ? __ia32_sys_shutdown+0x80/0x80 [ 1433.981439] ? __lock_acquire+0x1657/0x5b00 [ 1433.982403] ___sys_recvmsg+0xd5/0x200 [ 1433.983256] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1433.984336] ? trace_hardirqs_on+0x5b/0x180 [ 1433.985297] ? lock_acquire+0x197/0x470 [ 1433.986274] ? find_held_lock+0x2c/0x110 [ 1433.987412] ? __might_fault+0xd3/0x180 [ 1433.988453] ? lock_downgrade+0x6d0/0x6d0 [ 1433.989577] do_recvmmsg+0x24c/0x6d0 [ 1433.990561] ? ___sys_recvmsg+0x200/0x200 [ 1433.991650] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1433.992797] ? _raw_spin_unlock_irq+0x27/0x30 [ 1433.993774] ? finish_task_switch+0x126/0x5d0 [ 1433.994744] ? finish_task_switch+0xef/0x5d0 [ 1433.995711] __x64_sys_recvmmsg+0x20f/0x260 [ 1433.996612] ? ksys_write+0x1a9/0x260 [ 1433.997426] ? __do_sys_socketcall+0x600/0x600 [ 1433.998387] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1433.999481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1434.000564] do_syscall_64+0x33/0x40 [ 1434.001355] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1434.002421] RIP: 0033:0x7f60a47afb19 [ 1434.003221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1434.007065] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1434.008664] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1434.010178] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1434.011673] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1434.013179] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1434.014685] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1434.225691] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:18:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 25) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:27 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x11}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:18:27 executing program 6: stat(&(0x7f0000000100)='./file1\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8541, 0x0) close(r2) eventfd(0x0) fchownat(r2, &(0x7f0000000040)='./file1\x00', r0, r1, 0x400) r3 = timerfd_create(0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wAdno=', @ANYRESHEX=r3, @ANYBLOB]) 17:18:27 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 8) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:18:27 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:18:27 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 48) [ 1450.905713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1450.918258] FAULT_INJECTION: forcing a failure. [ 1450.918258] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1450.921006] CPU: 1 PID: 8298 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1450.922458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1450.924161] Call Trace: [ 1450.924720] dump_stack+0x107/0x167 [ 1450.925502] should_fail.cold+0x5/0xa [ 1450.926302] __alloc_pages_nodemask+0x182/0x600 [ 1450.927276] ? lock_chain_count+0x20/0x20 [ 1450.928144] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1450.929431] alloc_pages_vma+0xbb/0x410 [ 1450.930289] wp_page_copy+0xee7/0x1f00 [ 1450.931123] ? print_bad_pte+0x5a0/0x5a0 [ 1450.931968] ? lock_downgrade+0x6d0/0x6d0 [ 1450.932842] ? vm_normal_page+0x162/0x2e0 [ 1450.933728] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1450.934867] do_wp_page+0x27b/0x1390 [ 1450.935654] handle_mm_fault+0x1cc7/0x3500 [ 1450.936557] ? __check_object_size+0x2f/0x440 [ 1450.937513] ? __pmd_alloc+0x5e0/0x5e0 [ 1450.938348] ? vmacache_find+0x55/0x2a0 [ 1450.939193] do_user_addr_fault+0x56e/0xc60 [ 1450.940107] exc_page_fault+0xa2/0x1a0 [ 1450.940924] asm_exc_page_fault+0x1e/0x30 [ 1450.941803] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 1450.942847] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 61 ea 1c 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 42 ea 1c 02 66 90 48 bb f9 ef ff ff ff 7f [ 1450.946738] RSP: 0018:ffff888034d079c8 EFLAGS: 00050202 [ 1450.947859] RAX: 0000000000000020 RBX: ffffffff837e6c40 RCX: 0000000020002030 [ 1450.949382] RDX: 1ffff110069a0fc3 RSI: ffffffff8310cbca RDI: 0000000000000005 [ 1450.950926] RBP: ffff888034d07dc8 R08: 0000000000000001 R09: ffff888015bdc0df [ 1450.952431] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030 [ 1450.953958] R13: 0000000020002000 R14: 0000000000000022 R15: 0000000000000034 [ 1450.955472] ? packet_create+0xb00/0xb00 [ 1450.956334] ? ____sys_recvmsg+0x2aa/0x590 [ 1450.957232] ____sys_recvmsg+0x2dd/0x590 [ 1450.958112] ? kernel_recvmsg+0x80/0x80 [ 1450.958974] ? __import_iovec+0x458/0x590 [ 1450.959855] ? import_iovec+0x83/0xb0 [ 1450.960667] ___sys_recvmsg+0x127/0x200 [ 1450.961530] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1450.962571] ? lock_acquire+0x197/0x470 [ 1450.963403] ? find_held_lock+0x2c/0x110 [ 1450.964268] ? __might_fault+0xd3/0x180 [ 1450.965109] ? lock_downgrade+0x6d0/0x6d0 [ 1450.966007] do_recvmmsg+0x24c/0x6d0 17:18:27 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 30) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:27 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1450.966803] ? ___sys_recvmsg+0x200/0x200 [ 1450.967973] ? lock_downgrade+0x6d0/0x6d0 [ 1450.968871] ? ksys_write+0x12d/0x260 [ 1450.969709] ? wait_for_completion_io+0x270/0x270 [ 1450.970735] ? rcu_read_lock_any_held+0x75/0xa0 [ 1450.971720] ? vfs_write+0x354/0xb10 [ 1450.972520] __x64_sys_recvmmsg+0x20f/0x260 [ 1450.973429] ? ksys_write+0x1a9/0x260 [ 1450.974237] ? __do_sys_socketcall+0x600/0x600 [ 1450.975203] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1450.976310] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1450.977402] do_syscall_64+0x33/0x40 [ 1450.978188] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1450.978817] 9pnet: Insufficient options for proto=fd [ 1450.979266] RIP: 0033:0x7f67c49b5b19 [ 1450.979294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1450.981793] FAULT_INJECTION: forcing a failure. [ 1450.981793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.985168] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1450.985187] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1450.985198] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1450.985209] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1450.985219] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1450.985231] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1450.998497] FAULT_INJECTION: forcing a failure. [ 1450.998497] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1450.999520] CPU: 0 PID: 8302 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1450.999533] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1450.999540] Call Trace: [ 1450.999569] dump_stack+0x107/0x167 [ 1450.999595] should_fail.cold+0x5/0xa [ 1451.007979] _copy_from_user+0x2e/0x1b0 [ 1451.008950] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.010135] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.011186] ? __lock_acquire+0x1657/0x5b00 [ 1451.012239] ___sys_recvmsg+0xd5/0x200 [ 1451.013188] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.014394] ? __fget_files+0x2cf/0x520 [ 1451.015347] ? lock_acquire+0x197/0x470 [ 1451.016288] ? find_held_lock+0x2c/0x110 [ 1451.017252] ? __might_fault+0xd3/0x180 [ 1451.018220] ? lock_downgrade+0x6d0/0x6d0 [ 1451.019243] do_recvmmsg+0x24c/0x6d0 [ 1451.020145] ? ___sys_recvmsg+0x200/0x200 [ 1451.021149] ? lock_downgrade+0x6d0/0x6d0 [ 1451.022197] ? ksys_write+0x12d/0x260 [ 1451.023130] ? wait_for_completion_io+0x270/0x270 [ 1451.024307] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.025426] ? vfs_write+0x354/0xb10 [ 1451.026349] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.027399] ? ksys_write+0x1a9/0x260 [ 1451.028331] ? __do_sys_socketcall+0x600/0x600 [ 1451.029452] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.030726] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.031969] do_syscall_64+0x33/0x40 [ 1451.032866] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.034124] RIP: 0033:0x7f033573cb19 [ 1451.035026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.039472] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.041479] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1451.043185] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1451.044903] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.046644] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1451.048369] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1451.050156] CPU: 1 PID: 8290 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1451.051585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.053321] Call Trace: [ 1451.053893] dump_stack+0x107/0x167 [ 1451.054654] should_fail.cold+0x5/0xa [ 1451.055440] _copy_from_user+0x2e/0x1b0 [ 1451.056263] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.057217] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.058136] ? __lock_acquire+0x1657/0x5b00 [ 1451.059042] ___sys_recvmsg+0xd5/0x200 [ 1451.059849] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.060863] ? __fget_files+0x2cf/0x520 [ 1451.061696] ? lock_acquire+0x197/0x470 [ 1451.062511] ? find_held_lock+0x2c/0x110 [ 1451.063406] ? __might_fault+0xd3/0x180 [ 1451.064353] ? lock_downgrade+0x6d0/0x6d0 [ 1451.065369] do_recvmmsg+0x24c/0x6d0 [ 1451.066264] ? ___sys_recvmsg+0x200/0x200 [ 1451.067162] ? lock_downgrade+0x6d0/0x6d0 [ 1451.068078] ? ksys_write+0x12d/0x260 [ 1451.068966] ? wait_for_completion_io+0x270/0x270 [ 1451.070079] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.071173] ? vfs_write+0x354/0xb10 [ 1451.072045] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.073104] ? ksys_write+0x1a9/0x260 [ 1451.074074] ? __do_sys_socketcall+0x600/0x600 [ 1451.075142] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.076354] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.077604] do_syscall_64+0x33/0x40 [ 1451.078348] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.079417] RIP: 0033:0x7f60a47afb19 [ 1451.080159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.084008] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.085513] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1451.086985] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1451.088455] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.090051] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1451.091546] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1451.105497] FAULT_INJECTION: forcing a failure. [ 1451.105497] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1451.107955] CPU: 1 PID: 8299 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1451.108376] 9pnet: Insufficient options for proto=fd [ 1451.109367] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.109373] Call Trace: [ 1451.109394] dump_stack+0x107/0x167 [ 1451.109418] should_fail.cold+0x5/0xa [ 1451.114709] _copy_from_user+0x2e/0x1b0 [ 1451.115626] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.116556] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.117475] ? __lock_acquire+0x1657/0x5b00 [ 1451.118367] ___sys_recvmsg+0xd5/0x200 [ 1451.119228] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.120301] ? __fget_files+0x2cf/0x520 [ 1451.121114] ? lock_acquire+0x197/0x470 [ 1451.121917] ? find_held_lock+0x2c/0x110 [ 1451.122744] ? __might_fault+0xd3/0x180 [ 1451.123554] ? lock_downgrade+0x6d0/0x6d0 [ 1451.124465] do_recvmmsg+0x24c/0x6d0 [ 1451.125297] ? ___sys_recvmsg+0x200/0x200 [ 1451.126141] ? lock_downgrade+0x6d0/0x6d0 [ 1451.126984] ? ksys_write+0x12d/0x260 [ 1451.127773] ? wait_for_completion_io+0x270/0x270 [ 1451.128755] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.129708] ? vfs_write+0x354/0xb10 [ 1451.130482] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.131377] ? ksys_write+0x1a9/0x260 [ 1451.132178] ? __do_sys_socketcall+0x600/0x600 [ 1451.133121] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.134214] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.135256] do_syscall_64+0x33/0x40 [ 1451.136017] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.137056] RIP: 0033:0x7f11b74b4b19 [ 1451.137816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.141587] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.143188] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1451.144692] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1451.146133] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.147574] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1451.149052] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:18:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 26) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1451.174092] FAULT_INJECTION: forcing a failure. [ 1451.174092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1451.176574] CPU: 1 PID: 8310 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1451.177936] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.179575] Call Trace: [ 1451.180104] dump_stack+0x107/0x167 [ 1451.180800] should_fail.cold+0x5/0xa [ 1451.181544] _copy_from_user+0x2e/0x1b0 [ 1451.182342] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.183245] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.184138] ? __lock_acquire+0x1657/0x5b00 [ 1451.185000] ___sys_recvmsg+0xd5/0x200 [ 1451.185758] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.186699] ? __fget_files+0x2cf/0x520 [ 1451.187476] ? lock_acquire+0x197/0x470 [ 1451.188303] ? find_held_lock+0x2c/0x110 [ 1451.189126] ? __might_fault+0xd3/0x180 [ 1451.189955] ? lock_downgrade+0x6d0/0x6d0 [ 1451.190767] do_recvmmsg+0x24c/0x6d0 [ 1451.191479] ? ___sys_recvmsg+0x200/0x200 [ 1451.192287] ? lock_downgrade+0x6d0/0x6d0 [ 1451.193117] ? ksys_write+0x12d/0x260 [ 1451.193855] ? wait_for_completion_io+0x270/0x270 [ 1451.194812] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.195734] ? vfs_write+0x354/0xb10 [ 1451.196476] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.197327] ? ksys_write+0x1a9/0x260 [ 1451.198090] ? __do_sys_socketcall+0x600/0x600 [ 1451.199005] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.200030] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.201049] do_syscall_64+0x33/0x40 [ 1451.201787] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.202810] RIP: 0033:0x7f67c49b5b19 [ 1451.203552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.207217] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.208752] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1451.210164] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1451.211584] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.213043] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1451.214438] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:18:27 executing program 6: sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000001c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x78, r0}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x20d87f529a614156, 0x40) ioctl$EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f0000000500)=0x4) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8916, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000080)={@local, 0x78}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@remote}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x8010) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x2f, 0x8, 0x4, 0x7ff, 0x40, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7, 0x7, 0x1, 0x4}}) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0x100, 0x0, 0x0, 0x70bd2c, 0x25dfdbfd, {}, [@HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}]}]}, 0x100}}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000200)={'ip6gre0\x00', r3, 0x29, 0xf, 0x6, 0x5, 0x0, @remote, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7, 0x48, 0x4, 0x9}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000740)={'sit0\x00', r6, 0x4, 0x5, 0x5, 0x641b, 0x12, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0, 0x8000, 0x8000, 0x1, 0x3f9}}) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000007c0)=ANY=[@ANYBLOB="200100001d00210c00000000000000000400020014001180809801a7b0c7dba09475f251c743092f2ef9b9d79bb827e8b023d973f9a9b317430606a5eb854dcf902b63643a28dfea2b84efeeb6dd5765d40299ce6e50194d9408877186bdf575b0c6c65b685d75e818361d6b1d17e3cf85df0b3de40dc1ec6c27fdc611b63c9c9d1c566dd4d417a0d86a6b907220885899fea9320188a414523d893995ae45cdc0276ce695fd4969066c7fe9dbabe7b9f1185eaa5447775b2f81f9484dc04a388b73b9313d8395bb5588a2d2d59aaee6f775600e80e4064f9ea02356f754222c96782a973c002c0ce4c60f7e8d2447f56a4e8b0c0b1eea97c020c199a20eab668429411739e9f234b3f49b4e1971c3133f46d46af782cbb546c2276649c1559d65e19f13ec00bf7f6d0266e6739cae54eff361525fe365f7b8e64f1a65b2e5d7099763ecd5c5764354cb44c165cb628ecabc4d9fa0d27435dc4e8bed88489bfa903d7eb60b52a3385daa3f9dc0e088b85cbad396fa3b27bba01618e05beb1a93a858a4df6b4fc53deaf8e2c31e9ff466b7deb6e779566e8300d16f7bb2502e88c588ffa78ae1977e27358523fae120bbe62d3975d610d7ab783368817d90e37a852da62b6399ceed1b48c5f0ef12e7f85ed177253382c6781fed876ac87167a8dd9bfdc358", @ANYRES32=r4, @ANYBLOB="0b000800ffffffffffffffff080000006401010014001000fe8000000000000000000000000000bb08000a00ac1e000100ab398a2887b8139fd5fb7ad9143111ccb80d36ab77c5c62aa021afe0e20c4cba0ec87c8c3a969aba9ab2b94014374c01a2616372a31ef886367a26d6b9962f3e1bce958d22cd69755aad1b47a67b73f46623ac5608ac45d02f95"], 0x120}}, 0x0) [ 1451.292300] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.6'. 17:18:27 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 49) [ 1451.302561] sysfs: cannot create duplicate filename '/class/ieee80211/€˜§°ÇÛ ”uòQÇC !' [ 1451.304228] CPU: 1 PID: 8318 Comm: syz-executor.6 Not tainted 5.10.235 #1 [ 1451.305514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.307048] Call Trace: [ 1451.307538] dump_stack+0x107/0x167 [ 1451.308218] sysfs_warn_dup.cold+0x1c/0x29 [ 1451.309006] sysfs_do_create_link_sd+0x122/0x140 [ 1451.309894] sysfs_create_link+0x5f/0xc0 [ 1451.310645] device_add+0x703/0x1c50 [ 1451.311339] ? devlink_add_symlinks+0x970/0x970 [ 1451.312216] ? ieee80211_set_bitrate_flags+0x202/0x620 [ 1451.313193] wiphy_register+0x1da6/0x2850 [ 1451.313996] ? wiphy_unregister+0xb90/0xb90 [ 1451.314808] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1451.315801] ieee80211_register_hw+0x23c5/0x38b0 [ 1451.316679] ? ieee80211_ifa6_changed+0x4d0/0x4d0 [ 1451.317585] ? net_generic+0xdb/0x2b0 [ 1451.318290] ? lockdep_init_map_type+0x2c7/0x780 [ 1451.319175] ? memset+0x20/0x50 [ 1451.319779] ? __hrtimer_init+0x12c/0x270 [ 1451.320550] mac80211_hwsim_new_radio+0x1d04/0x4290 [ 1451.321489] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 1451.322512] ? hwsim_new_radio_nl+0x967/0x1080 [ 1451.323448] ? memcpy+0x39/0x60 [ 1451.324060] hwsim_new_radio_nl+0x991/0x1080 [ 1451.324863] ? mac80211_hwsim_new_radio+0x4290/0x4290 [ 1451.325832] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 1451.327007] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 1451.328177] genl_family_rcv_msg_doit+0x22d/0x330 [ 1451.329054] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 1451.330245] ? cap_capable+0x1cd/0x230 [ 1451.330957] ? ns_capable+0xe2/0x110 [ 1451.331638] genl_rcv_msg+0x36a/0x5a0 [ 1451.332332] ? genl_get_cmd+0x480/0x480 [ 1451.333049] ? mac80211_hwsim_new_radio+0x4290/0x4290 [ 1451.334001] ? lock_release+0x680/0x680 [ 1451.334702] ? netlink_deliver_tap+0xf4/0xcc0 [ 1451.335510] netlink_rcv_skb+0x14b/0x430 [ 1451.336235] ? genl_get_cmd+0x480/0x480 [ 1451.336947] ? netlink_ack+0xab0/0xab0 [ 1451.337667] ? netlink_deliver_tap+0x1c4/0xcc0 [ 1451.338498] ? is_vmalloc_addr+0x7b/0xb0 [ 1451.339238] genl_rcv+0x24/0x40 [ 1451.339830] netlink_unicast+0x54e/0x800 [ 1451.340554] ? netlink_attachskb+0x870/0x870 [ 1451.341354] netlink_sendmsg+0x90f/0xe00 [ 1451.342100] ? netlink_unicast+0x800/0x800 [ 1451.342865] ? netlink_unicast+0x800/0x800 [ 1451.343616] __sock_sendmsg+0x154/0x190 [ 1451.344336] ____sys_sendmsg+0x70d/0x870 [ 1451.345074] ? sock_write_iter+0x3d0/0x3d0 [ 1451.345850] ? do_recvmmsg+0x6d0/0x6d0 [ 1451.346595] ___sys_sendmsg+0xf3/0x170 [ 1451.347327] ? sendmsg_copy_msghdr+0x160/0x160 [ 1451.348171] ? __fget_files+0x2cf/0x520 [ 1451.348912] ? lock_downgrade+0x6d0/0x6d0 [ 1451.349681] ? finish_task_switch+0x126/0x5d0 [ 1451.350478] ? lock_downgrade+0x6d0/0x6d0 [ 1451.351231] ? __fget_files+0x2f8/0x520 [ 1451.351943] ? __fget_light+0xea/0x290 [ 1451.352648] __sys_sendmsg+0xe5/0x1b0 [ 1451.353317] ? __sys_sendmsg_sock+0x40/0x40 [ 1451.354112] ? io_schedule_timeout+0x140/0x140 [ 1451.354947] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.355435] FAULT_INJECTION: forcing a failure. [ 1451.355435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1451.355885] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.355900] ? trace_hardirqs_on+0x5b/0x180 [ 1451.355917] do_syscall_64+0x33/0x40 [ 1451.355934] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.355955] RIP: 0033:0x7fdc21025b19 [ 1451.362806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.366081] RSP: 002b:00007fdc1e57a188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1451.367434] RAX: ffffffffffffffda RBX: 00007fdc21139020 RCX: 00007fdc21025b19 [ 1451.368688] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006 [ 1451.369958] RBP: 00007fdc2107ff6d R08: 0000000000000000 R09: 0000000000000000 [ 1451.371208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1451.372455] R13: 00007ffe80cb762f R14: 00007fdc1e57a300 R15: 0000000000022000 [ 1451.373750] CPU: 0 PID: 8320 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1451.375251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.377005] Call Trace: [ 1451.377592] dump_stack+0x107/0x167 [ 1451.378364] should_fail.cold+0x5/0xa [ 1451.379180] _copy_from_user+0x2e/0x1b0 [ 1451.380030] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.381011] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.381952] ? __lock_acquire+0x1657/0x5b00 [ 1451.382883] ___sys_recvmsg+0xd5/0x200 [ 1451.383708] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.384756] ? trace_hardirqs_on+0x5b/0x180 [ 1451.385687] ? lock_acquire+0x197/0x470 [ 1451.386529] ? find_held_lock+0x2c/0x110 [ 1451.387393] ? __might_fault+0xd3/0x180 [ 1451.388232] ? lock_downgrade+0x6d0/0x6d0 [ 1451.389142] do_recvmmsg+0x24c/0x6d0 [ 1451.389996] ? ___sys_recvmsg+0x200/0x200 [ 1451.390881] ? lock_downgrade+0x6d0/0x6d0 [ 1451.391769] ? ksys_write+0x12d/0x260 [ 1451.392590] ? wait_for_completion_io+0x270/0x270 [ 1451.393643] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.394624] ? vfs_write+0x354/0xb10 [ 1451.395424] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.396334] ? ksys_write+0x1a9/0x260 [ 1451.397146] ? __do_sys_socketcall+0x600/0x600 [ 1451.398144] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.399272] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.400381] do_syscall_64+0x33/0x40 [ 1451.401178] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.402288] RIP: 0033:0x7f60a47afb19 [ 1451.403078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.407024] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.408651] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1451.410189] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1451.411705] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.413210] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1451.414739] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1451.449549] FAULT_INJECTION: forcing a failure. [ 1451.449549] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1451.451653] CPU: 1 PID: 8323 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1451.452747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.454063] Call Trace: [ 1451.454485] dump_stack+0x107/0x167 17:18:27 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 31) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 27) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:27 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:18:27 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 9) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1451.455090] should_fail.cold+0x5/0xa [ 1451.455921] _copy_from_user+0x2e/0x1b0 [ 1451.456617] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.457398] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.458153] ? __lock_acquire+0x1657/0x5b00 [ 1451.458899] ___sys_recvmsg+0xd5/0x200 [ 1451.459560] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.460404] ? __fget_files+0x2cf/0x520 [ 1451.461071] ? lock_acquire+0x197/0x470 [ 1451.461744] ? find_held_lock+0x2c/0x110 [ 1451.462423] ? __might_fault+0xd3/0x180 [ 1451.463088] ? lock_downgrade+0x6d0/0x6d0 [ 1451.463793] do_recvmmsg+0x24c/0x6d0 [ 1451.464423] ? ___sys_recvmsg+0x200/0x200 [ 1451.465114] ? lock_downgrade+0x6d0/0x6d0 [ 1451.465821] ? ksys_write+0x12d/0x260 [ 1451.466463] ? wait_for_completion_io+0x270/0x270 [ 1451.467265] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.468031] ? vfs_write+0x354/0xb10 [ 1451.468653] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.469375] ? ksys_write+0x1a9/0x260 [ 1451.470011] ? __do_sys_socketcall+0x600/0x600 [ 1451.470771] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.471648] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.472502] do_syscall_64+0x33/0x40 [ 1451.473121] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.473979] RIP: 0033:0x7f67c49b5b19 [ 1451.474594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.477662] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.478935] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1451.480114] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1451.481298] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.482492] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1451.483677] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1451.489473] FAULT_INJECTION: forcing a failure. [ 1451.489473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1451.491404] CPU: 1 PID: 8325 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1451.492526] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.493904] Call Trace: [ 1451.494333] dump_stack+0x107/0x167 [ 1451.494928] should_fail.cold+0x5/0xa [ 1451.495550] _copy_from_user+0x2e/0x1b0 [ 1451.496200] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.496959] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.497685] ? __lock_acquire+0x1657/0x5b00 [ 1451.498399] ___sys_recvmsg+0xd5/0x200 [ 1451.499054] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.499951] ? __fget_files+0x2cf/0x520 [ 1451.500700] ? lock_acquire+0x197/0x470 [ 1451.501463] ? find_held_lock+0x2c/0x110 [ 1451.502295] ? __might_fault+0xd3/0x180 [ 1451.503108] ? lock_downgrade+0x6d0/0x6d0 [ 1451.503952] do_recvmmsg+0x24c/0x6d0 [ 1451.504700] ? ___sys_recvmsg+0x200/0x200 [ 1451.505510] ? lock_downgrade+0x6d0/0x6d0 [ 1451.506325] ? ksys_write+0x12d/0x260 [ 1451.507064] ? wait_for_completion_io+0x270/0x270 [ 1451.508010] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.508923] ? vfs_write+0x354/0xb10 [ 1451.509668] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.510512] ? ksys_write+0x1a9/0x260 [ 1451.511259] ? __do_sys_socketcall+0x600/0x600 [ 1451.512166] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.513186] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.514154] do_syscall_64+0x33/0x40 [ 1451.514829] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.515655] RIP: 0033:0x7f11b74b4b19 [ 1451.516250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.519215] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.520444] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1451.521598] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1451.522740] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.523883] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1451.525031] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:18:27 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x12}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1451.565878] FAULT_INJECTION: forcing a failure. [ 1451.565878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1451.567817] CPU: 1 PID: 8331 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1451.568892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1451.570202] Call Trace: [ 1451.570613] dump_stack+0x107/0x167 [ 1451.571177] should_fail.cold+0x5/0xa [ 1451.571778] _copy_from_user+0x2e/0x1b0 [ 1451.572412] __copy_msghdr_from_user+0x91/0x4b0 [ 1451.573137] ? __ia32_sys_shutdown+0x80/0x80 [ 1451.573827] ? __lock_acquire+0x1657/0x5b00 [ 1451.574504] ___sys_recvmsg+0xd5/0x200 [ 1451.575107] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1451.575872] ? __fget_files+0x2cf/0x520 [ 1451.576495] ? lock_acquire+0x197/0x470 [ 1451.577109] ? find_held_lock+0x2c/0x110 [ 1451.577763] ? __might_fault+0xd3/0x180 [ 1451.578385] ? lock_downgrade+0x6d0/0x6d0 [ 1451.579047] do_recvmmsg+0x24c/0x6d0 [ 1451.579628] ? ___sys_recvmsg+0x200/0x200 [ 1451.580279] ? lock_downgrade+0x6d0/0x6d0 [ 1451.580930] ? ksys_write+0x12d/0x260 [ 1451.581540] ? wait_for_completion_io+0x270/0x270 [ 1451.582299] ? rcu_read_lock_any_held+0x75/0xa0 [ 1451.583016] ? vfs_write+0x354/0xb10 [ 1451.583597] __x64_sys_recvmmsg+0x20f/0x260 [ 1451.584270] ? ksys_write+0x1a9/0x260 [ 1451.584857] ? __do_sys_socketcall+0x600/0x600 [ 1451.585583] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1451.586388] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1451.587287] do_syscall_64+0x33/0x40 [ 1451.587966] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1451.588885] RIP: 0033:0x7f033573cb19 [ 1451.589549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1451.592743] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1451.594079] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1451.595341] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1451.596634] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1451.597805] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001 [ 1451.599016] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1451.644082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1451.959458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:18:42 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x14}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:18:42 executing program 6: syz_emit_ethernet(0x1d8, &(0x7f0000000080)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x43, 0x4, 0x2, 0x0, 0x1ca, 0x68, 0x0, 0x80, 0x1, 0x0, @empty, @multicast2, {[@cipso={0x86, 0x6a, 0x0, [{0x6, 0x10, "10cb45053a35e376e75cb3af11f0"}, {0x6, 0x8, "50b1e18d8477"}, {0x6, 0xf, "413d58869d51db0f25428481f6"}, {0x1, 0x5, "ae5e77"}, {0x0, 0x10, "9b1a7be9576ff80bac80a944f037"}, {0x0, 0x6, "438a858f"}, {0x7, 0xb, "1e608c86f95f6767d5"}, {0x0, 0x11, "ee5dbf775ccd8b498ca70ee03f9654"}, {0x2, 0x6, "aa311974"}]}, @timestamp_addr={0x44, 0x24, 0xae, 0x1, 0xf, [{@local, 0x80000000}, {@private=0xa010100, 0x558}, {@remote, 0x2a52e837}, {@private=0xa010101, 0x1ff}]}, @end, @end, @noop, @noop, @noop, @cipso={0x86, 0x62, 0xffffffffffffffff, [{0x1, 0x9, "72a21701bd2d4b"}, {0x0, 0xc, "7eedb4d10f5457147c25"}, {0x7, 0xd, "3a1ec7347d12fddd1af6e2"}, {0x7, 0xf, "c028469a71628227e59fa4361a"}, {0x0, 0x8, "729f96b7a147"}, {0x1, 0xe, "0b59318fa75985791435f07d"}, {0x1, 0x11, "37abe4038880a577cc2103e3ba0ec1"}, {0x0, 0x4, "62a8"}]}]}}, @dest_unreach={0x3, 0xc, 0x0, 0x0, 0xa6, 0xfff, {0x2d, 0x4, 0x3, 0x9, 0x3e, 0x66, 0xffff, 0x1f, 0xc, 0x8, @remote, @broadcast, {[@timestamp_addr={0x44, 0x24, 0x98, 0x1, 0xf, [{@loopback, 0x905}, {@loopback, 0x2}, {@broadcast, 0x1}, {@broadcast, 0x3}]}, @lsrr={0x83, 0x17, 0xa6, [@empty, @remote, @local, @local, @multicast1]}, @timestamp_addr={0x44, 0x1c, 0x9a, 0x1, 0x3, [{@multicast2, 0x101}, {@remote}, {@multicast1, 0x5}]}, @cipso={0x86, 0x21, 0x2, [{0x7, 0xb, "4bb12364e3143a7935"}, {0x2, 0x10, "d0142cf71b4cb22773fd9e415290"}]}, @ssrr={0x89, 0xb, 0x88, [@local, @rand_addr=0x64010100]}, @end, @rr={0x7, 0x7, 0x24, [@private=0xa010100]}, @end, @end, @lsrr={0x83, 0x13, 0x55, [@rand_addr=0x64010100, @remote, @local, @multicast2]}]}}, "98eb"}}}}}, 0x0) 17:18:42 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 32) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:42 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:18:42 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:18:42 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 50) 17:18:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 28) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:42 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 10) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1465.969300] FAULT_INJECTION: forcing a failure. [ 1465.969300] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1465.972175] CPU: 0 PID: 8351 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1465.973682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1465.975488] Call Trace: [ 1465.976064] dump_stack+0x107/0x167 [ 1465.976858] should_fail.cold+0x5/0xa [ 1465.977699] _copy_from_user+0x2e/0x1b0 [ 1465.978568] __copy_msghdr_from_user+0x91/0x4b0 [ 1465.979580] ? __ia32_sys_shutdown+0x80/0x80 [ 1465.980538] ? __lock_acquire+0x1657/0x5b00 [ 1465.981489] ___sys_recvmsg+0xd5/0x200 [ 1465.982359] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1465.983450] ? __fget_files+0x2cf/0x520 [ 1465.984340] ? lock_acquire+0x197/0x470 [ 1465.985191] ? find_held_lock+0x2c/0x110 [ 1465.986091] ? __might_fault+0xd3/0x180 [ 1465.986939] ? lock_downgrade+0x6d0/0x6d0 [ 1465.987854] do_recvmmsg+0x24c/0x6d0 [ 1465.988410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1465.988654] ? ___sys_recvmsg+0x200/0x200 [ 1465.991981] ? lock_downgrade+0x6d0/0x6d0 [ 1465.992891] ? ksys_write+0x12d/0x260 [ 1465.993718] ? wait_for_completion_io+0x270/0x270 [ 1465.994763] ? rcu_read_lock_any_held+0x75/0xa0 [ 1465.995750] ? vfs_write+0x354/0xb10 [ 1465.996559] __x64_sys_recvmmsg+0x20f/0x260 [ 1465.997482] ? ksys_write+0x1a9/0x260 [ 1465.998328] ? __do_sys_socketcall+0x600/0x600 [ 1465.999302] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.000434] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.001555] do_syscall_64+0x33/0x40 [ 1466.002396] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.003493] RIP: 0033:0x7f11b74b4b19 [ 1466.004298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.008231] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.009855] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1466.011371] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1466.012893] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.014420] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.015938] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1466.043977] FAULT_INJECTION: forcing a failure. [ 1466.043977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.046529] CPU: 0 PID: 8360 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1466.046592] FAULT_INJECTION: forcing a failure. [ 1466.046592] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.047988] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.047994] Call Trace: [ 1466.048015] dump_stack+0x107/0x167 [ 1466.048034] should_fail.cold+0x5/0xa [ 1466.048057] _copy_from_user+0x2e/0x1b0 [ 1466.048084] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.056288] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.057229] ? __lock_acquire+0x1657/0x5b00 [ 1466.058192] ___sys_recvmsg+0xd5/0x200 [ 1466.059031] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.060101] ? __fget_files+0x2cf/0x520 [ 1466.060964] ? lock_acquire+0x197/0x470 [ 1466.061838] ? find_held_lock+0x2c/0x110 [ 1466.062712] ? __might_fault+0xd3/0x180 [ 1466.063585] ? lock_downgrade+0x6d0/0x6d0 [ 1466.064494] do_recvmmsg+0x24c/0x6d0 [ 1466.065311] ? ___sys_recvmsg+0x200/0x200 [ 1466.066214] ? lock_downgrade+0x6d0/0x6d0 [ 1466.067129] ? ksys_write+0x12d/0x260 [ 1466.067963] ? wait_for_completion_io+0x270/0x270 [ 1466.069019] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.070030] ? vfs_write+0x354/0xb10 [ 1466.070843] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.071762] ? ksys_write+0x1a9/0x260 [ 1466.072590] ? __do_sys_socketcall+0x600/0x600 [ 1466.073582] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.074747] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.075868] do_syscall_64+0x33/0x40 [ 1466.076675] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.077803] RIP: 0033:0x7f033573cb19 [ 1466.078618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.082597] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.084263] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1466.085842] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1466.087413] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.088992] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.090568] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1466.092169] CPU: 1 PID: 8358 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1466.093695] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.095474] Call Trace: [ 1466.096062] dump_stack+0x107/0x167 [ 1466.096854] should_fail.cold+0x5/0xa [ 1466.097697] _copy_from_user+0x2e/0x1b0 [ 1466.098567] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.099580] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.100547] ? __lock_acquire+0x1657/0x5b00 [ 1466.101490] ___sys_recvmsg+0xd5/0x200 [ 1466.102340] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.103415] ? lock_acquire+0x197/0x470 [ 1466.104286] ? find_held_lock+0x2c/0x110 [ 1466.105187] ? __might_fault+0xd3/0x180 [ 1466.106053] ? lock_downgrade+0x6d0/0x6d0 [ 1466.106984] do_recvmmsg+0x24c/0x6d0 [ 1466.107782] ? ___sys_recvmsg+0x200/0x200 [ 1466.108681] ? lock_downgrade+0x6d0/0x6d0 [ 1466.109576] ? ksys_write+0x12d/0x260 [ 1466.110421] ? wait_for_completion_io+0x270/0x270 [ 1466.111467] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.112481] ? vfs_write+0x354/0xb10 [ 1466.113274] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.114230] ? ksys_write+0x1a9/0x260 [ 1466.115047] ? __do_sys_socketcall+0x600/0x600 [ 1466.116049] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.117167] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.118295] do_syscall_64+0x33/0x40 [ 1466.119099] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.120219] RIP: 0033:0x7f67c49b5b19 [ 1466.121036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.125035] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.126712] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1466.128261] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1466.129807] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.131328] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.132845] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:18:42 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = syz_io_uring_complete(0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4ea0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r2, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) fcntl$setflags(r1, 0x2, 0x0) writev(r2, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000040)}], 0x2) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000180)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x74}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1000}, 0x4) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0xb4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00), 0x2f, 0x0) [ 1466.198520] FAULT_INJECTION: forcing a failure. [ 1466.198520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.201302] CPU: 1 PID: 8357 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1466.202928] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.204907] Call Trace: [ 1466.205539] dump_stack+0x107/0x167 [ 1466.206425] should_fail.cold+0x5/0xa [ 1466.207340] _copy_from_user+0x2e/0x1b0 [ 1466.208294] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.209395] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.210390] ? __lock_acquire+0x1657/0x5b00 [ 1466.211450] ___sys_recvmsg+0xd5/0x200 [ 1466.212388] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.213588] ? lock_acquire+0x197/0x470 [ 1466.214522] ? find_held_lock+0x2c/0x110 [ 1466.215517] ? __might_fault+0xd3/0x180 [ 1466.216466] ? lock_downgrade+0x6d0/0x6d0 [ 1466.217379] do_recvmmsg+0x24c/0x6d0 [ 1466.218265] ? ___sys_recvmsg+0x200/0x200 [ 1466.219276] ? lock_downgrade+0x6d0/0x6d0 [ 1466.220246] ? ksys_write+0x12d/0x260 [ 1466.221170] ? wait_for_completion_io+0x270/0x270 [ 1466.222336] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.223448] ? vfs_write+0x354/0xb10 [ 1466.224341] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.225373] ? ksys_write+0x1a9/0x260 [ 1466.226300] ? __do_sys_socketcall+0x600/0x600 [ 1466.227414] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 17:18:42 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 33) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1466.228690] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.230179] do_syscall_64+0x33/0x40 [ 1466.231270] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.232587] RIP: 0033:0x7f60a47afb19 [ 1466.234189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.240450] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.242340] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1466.244067] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1466.245808] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.247727] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.249821] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:18:42 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1466.304624] FAULT_INJECTION: forcing a failure. [ 1466.304624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.307322] CPU: 1 PID: 8370 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1466.308910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.310808] Call Trace: [ 1466.311416] dump_stack+0x107/0x167 [ 1466.312320] should_fail.cold+0x5/0xa [ 1466.313189] _copy_from_user+0x2e/0x1b0 [ 1466.314242] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.315447] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.316580] ? __lock_acquire+0x1657/0x5b00 [ 1466.317574] ___sys_recvmsg+0xd5/0x200 [ 1466.318542] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.319595] ? trace_hardirqs_on+0x5b/0x180 [ 1466.320522] ? lock_acquire+0x197/0x470 [ 1466.321377] ? find_held_lock+0x2c/0x110 [ 1466.322269] ? __might_fault+0xd3/0x180 [ 1466.323126] ? lock_downgrade+0x6d0/0x6d0 [ 1466.324020] do_recvmmsg+0x24c/0x6d0 [ 1466.324831] ? ___sys_recvmsg+0x200/0x200 [ 1466.325728] ? lock_downgrade+0x6d0/0x6d0 [ 1466.326646] ? ksys_write+0x12d/0x260 [ 1466.327469] ? wait_for_completion_io+0x270/0x270 [ 1466.328513] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.329509] ? vfs_write+0x354/0xb10 [ 1466.330337] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.331271] ? ksys_write+0x1a9/0x260 [ 1466.332091] ? __do_sys_socketcall+0x600/0x600 [ 1466.333084] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.334225] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.335346] do_syscall_64+0x33/0x40 [ 1466.336156] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.337280] RIP: 0033:0x7f11b74b4b19 [ 1466.338102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.342114] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.343764] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1466.345317] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1466.346863] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.348399] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.349951] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1466.354782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:18:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 29) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:42 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 11) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:18:42 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x15}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1466.405432] FAULT_INJECTION: forcing a failure. [ 1466.405432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.407045] FAULT_INJECTION: forcing a failure. [ 1466.407045] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.407970] CPU: 1 PID: 8376 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1466.407981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.407987] Call Trace: [ 1466.408013] dump_stack+0x107/0x167 [ 1466.408034] should_fail.cold+0x5/0xa [ 1466.408059] _copy_from_user+0x2e/0x1b0 [ 1466.408085] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.408105] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.408126] ? __lock_acquire+0x1657/0x5b00 [ 1466.408161] ___sys_recvmsg+0xd5/0x200 [ 1466.421039] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.422275] ? __fget_files+0x2cf/0x520 [ 1466.423162] ? lock_acquire+0x197/0x470 [ 1466.424063] ? find_held_lock+0x2c/0x110 [ 1466.425031] ? __might_fault+0xd3/0x180 [ 1466.426028] ? lock_downgrade+0x6d0/0x6d0 [ 1466.426941] do_recvmmsg+0x24c/0x6d0 [ 1466.427765] ? ___sys_recvmsg+0x200/0x200 [ 1466.428644] ? lock_downgrade+0x6d0/0x6d0 [ 1466.429520] ? ksys_write+0x12d/0x260 [ 1466.430353] ? wait_for_completion_io+0x270/0x270 [ 1466.431366] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.432333] ? vfs_write+0x354/0xb10 [ 1466.433131] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.434255] ? ksys_write+0x1a9/0x260 [ 1466.435080] ? __do_sys_socketcall+0x600/0x600 [ 1466.436068] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.437205] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.438341] do_syscall_64+0x33/0x40 [ 1466.439147] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.440254] RIP: 0033:0x7f033573cb19 [ 1466.441062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.445038] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.446789] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1466.448326] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1466.449942] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.451490] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.453035] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1466.454633] CPU: 0 PID: 8377 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1466.456503] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.458669] Call Trace: [ 1466.459362] dump_stack+0x107/0x167 [ 1466.460339] should_fail.cold+0x5/0xa [ 1466.461370] _copy_from_user+0x2e/0x1b0 [ 1466.462442] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.463665] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.464835] ? __lock_acquire+0x1657/0x5b00 [ 1466.466067] ___sys_recvmsg+0xd5/0x200 [ 1466.467073] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.468331] ? __fget_files+0x2cf/0x520 [ 1466.469358] ? lock_acquire+0x197/0x470 [ 1466.470390] ? find_held_lock+0x2c/0x110 [ 1466.471306] ? __might_fault+0xd3/0x180 [ 1466.472159] ? lock_downgrade+0x6d0/0x6d0 [ 1466.473053] do_recvmmsg+0x24c/0x6d0 [ 1466.473864] ? ___sys_recvmsg+0x200/0x200 [ 1466.474740] ? lock_downgrade+0x6d0/0x6d0 [ 1466.475623] ? ksys_write+0x12d/0x260 [ 1466.476448] ? wait_for_completion_io+0x270/0x270 [ 1466.477479] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.478489] ? vfs_write+0x354/0xb10 [ 1466.479286] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.480197] ? ksys_write+0x1a9/0x260 [ 1466.481004] ? __do_sys_socketcall+0x600/0x600 [ 1466.481983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.483103] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.484196] do_syscall_64+0x33/0x40 [ 1466.484994] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.486088] RIP: 0033:0x7f67c49b5b19 [ 1466.486887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.490826] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.492442] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1466.493986] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1466.494305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1466.495494] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.495506] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.495517] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:18:42 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:18:42 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 51) [ 1466.596048] FAULT_INJECTION: forcing a failure. [ 1466.596048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.599187] CPU: 1 PID: 8386 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1466.600746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.602546] Call Trace: [ 1466.603119] dump_stack+0x107/0x167 [ 1466.603913] should_fail.cold+0x5/0xa [ 1466.604739] _copy_from_user+0x2e/0x1b0 [ 1466.605601] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.606640] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.607585] ? __lock_acquire+0x1657/0x5b00 [ 1466.608535] ___sys_recvmsg+0xd5/0x200 [ 1466.609372] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.610440] ? __fget_files+0x2cf/0x520 [ 1466.611300] ? lock_acquire+0x197/0x470 [ 1466.612160] ? find_held_lock+0x2c/0x110 [ 1466.613041] ? __might_fault+0xd3/0x180 [ 1466.613905] ? lock_downgrade+0x6d0/0x6d0 [ 1466.614815] do_recvmmsg+0x24c/0x6d0 [ 1466.615628] ? ___sys_recvmsg+0x200/0x200 [ 1466.616524] ? lock_downgrade+0x6d0/0x6d0 [ 1466.617428] ? ksys_write+0x12d/0x260 [ 1466.618272] ? wait_for_completion_io+0x270/0x270 [ 1466.619302] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.620307] ? vfs_write+0x354/0xb10 [ 1466.621107] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.622047] ? ksys_write+0x1a9/0x260 [ 1466.622866] ? __do_sys_socketcall+0x600/0x600 [ 1466.623855] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.624979] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.626087] do_syscall_64+0x33/0x40 [ 1466.626885] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.627982] RIP: 0033:0x7f60a47afb19 [ 1466.628785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.632735] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.634381] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1466.635903] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1466.637434] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.638976] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.640498] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:18:43 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x89) openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x5a7083, 0x20) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r0, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0xfdef) syz_open_procfs(0x0, &(0x7f0000000280)='net/protocols\x00') ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f00000000c0)={0x3fd, 0x9, 0x7}) setsockopt$packet_int(r3, 0x107, 0xc, &(0x7f0000000080), 0x4) syz_io_uring_complete(r1) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x7, 0x10000, 0x5, 0x0, 0x0, 0x2}, 0x0, 0xffdffffdffffffff, 0xffffffffffffffff, 0x2) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r4 = signalfd4(r3, &(0x7f0000000180)={[0x9]}, 0x8, 0x180800) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="31960c00de9cad000004000000000000006c0aa15b0050cf710467e35600899aed79000000"]) move_mount(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x2) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xe, 0x1}, 0x5) lseek(0xffffffffffffffff, 0x2, 0x0) 17:18:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 30) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:18:43 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 52) 17:18:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1466.829447] FAULT_INJECTION: forcing a failure. [ 1466.829447] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.832149] CPU: 1 PID: 8394 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1466.833667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.835397] Call Trace: [ 1466.835986] dump_stack+0x107/0x167 [ 1466.836823] should_fail.cold+0x5/0xa [ 1466.837622] _copy_from_user+0x2e/0x1b0 [ 1466.838453] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.839400] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.840300] ? __lock_acquire+0x1657/0x5b00 [ 1466.841255] ___sys_recvmsg+0xd5/0x200 [ 1466.842157] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.843233] ? __fget_files+0x2cf/0x520 [ 1466.844568] ? lock_acquire+0x197/0x470 [ 1466.845709] ? find_held_lock+0x2c/0x110 [ 1466.846574] ? __might_fault+0xd3/0x180 [ 1466.847404] ? lock_downgrade+0x6d0/0x6d0 [ 1466.848301] do_recvmmsg+0x24c/0x6d0 [ 1466.849311] ? ___sys_recvmsg+0x200/0x200 [ 1466.850285] ? lock_downgrade+0x6d0/0x6d0 [ 1466.851171] ? ksys_write+0x12d/0x260 [ 1466.852186] ? wait_for_completion_io+0x270/0x270 [ 1466.853273] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.854454] ? vfs_write+0x354/0xb10 [ 1466.855401] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.856423] ? ksys_write+0x1a9/0x260 [ 1466.857309] ? __do_sys_socketcall+0x600/0x600 [ 1466.858395] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.859678] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.860848] do_syscall_64+0x33/0x40 [ 1466.861637] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.862774] RIP: 0033:0x7f60a47afb19 [ 1466.863549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.867446] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.869034] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1466.870511] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1466.871990] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.873458] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.874941] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1466.880101] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1466.888999] FAULT_INJECTION: forcing a failure. [ 1466.888999] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.891660] CPU: 1 PID: 8393 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1466.893086] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.894806] Call Trace: [ 1466.895348] dump_stack+0x107/0x167 [ 1466.896104] should_fail.cold+0x5/0xa [ 1466.896930] _copy_from_user+0x2e/0x1b0 [ 1466.897802] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.898787] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.899721] ? __lock_acquire+0x1657/0x5b00 [ 1466.900649] ___sys_recvmsg+0xd5/0x200 [ 1466.901488] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.902535] ? lock_acquire+0x197/0x470 [ 1466.903590] ? find_held_lock+0x2c/0x110 [ 1466.904456] ? __might_fault+0xd3/0x180 [ 1466.905313] ? lock_downgrade+0x6d0/0x6d0 [ 1466.906352] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1466.907521] do_recvmmsg+0x24c/0x6d0 [ 1466.908334] ? ___sys_recvmsg+0x200/0x200 [ 1466.909210] ? lock_downgrade+0x6d0/0x6d0 [ 1466.910099] ? ksys_write+0x12d/0x260 [ 1466.910908] ? wait_for_completion_io+0x270/0x270 [ 1466.911959] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.912942] ? vfs_write+0x354/0xb10 [ 1466.913766] __x64_sys_recvmmsg+0x20f/0x260 [ 1466.914691] ? ksys_write+0x1a9/0x260 [ 1466.915505] ? __do_sys_socketcall+0x600/0x600 [ 1466.916492] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1466.917597] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1466.918682] do_syscall_64+0x33/0x40 [ 1466.919477] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1466.920563] RIP: 0033:0x7f67c49b5b19 [ 1466.921352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1466.925278] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1466.926913] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1466.928425] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1466.929949] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1466.931470] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1466.932980] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:18:43 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 12) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1466.975977] FAULT_INJECTION: forcing a failure. [ 1466.975977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.978530] CPU: 1 PID: 8401 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1466.979971] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1466.981744] Call Trace: [ 1466.982300] dump_stack+0x107/0x167 [ 1466.983073] should_fail.cold+0x5/0xa [ 1466.983881] _copy_from_user+0x2e/0x1b0 [ 1466.984724] __copy_msghdr_from_user+0x91/0x4b0 [ 1466.985724] ? __ia32_sys_shutdown+0x80/0x80 [ 1466.986650] ? __lock_acquire+0x1657/0x5b00 [ 1466.987582] ___sys_recvmsg+0xd5/0x200 [ 1466.988404] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1466.989437] ? __fget_files+0x2cf/0x520 [ 1466.990285] ? lock_acquire+0x197/0x470 [ 1466.991123] ? find_held_lock+0x2c/0x110 [ 1466.991987] ? __might_fault+0xd3/0x180 [ 1466.992831] ? lock_downgrade+0x6d0/0x6d0 [ 1466.993734] do_recvmmsg+0x24c/0x6d0 [ 1466.994530] ? ___sys_recvmsg+0x200/0x200 [ 1466.995392] ? lock_downgrade+0x6d0/0x6d0 [ 1466.996270] ? ksys_write+0x12d/0x260 [ 1466.997081] ? wait_for_completion_io+0x270/0x270 [ 1466.998108] ? rcu_read_lock_any_held+0x75/0xa0 [ 1466.999088] ? vfs_write+0x354/0xb10 [ 1466.999891] __x64_sys_recvmmsg+0x20f/0x260 [ 1467.000801] ? ksys_write+0x1a9/0x260 [ 1467.001604] ? __do_sys_socketcall+0x600/0x600 [ 1467.002582] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1467.003688] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1467.004769] do_syscall_64+0x33/0x40 [ 1467.005550] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1467.006639] RIP: 0033:0x7f033573cb19 [ 1467.007417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1467.011325] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1467.013031] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1467.014544] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1467.016040] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1467.017539] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1467.019442] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 17:19:01 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 34) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:01 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x0, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:01 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000500)={'sit0\x00', &(0x7f0000000580)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x5}}) 17:19:01 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:19:01 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x16}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:19:01 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 13) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:01 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 53) 17:19:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 31) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1485.233439] FAULT_INJECTION: forcing a failure. [ 1485.233439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.236495] CPU: 0 PID: 8413 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1485.238269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.240400] Call Trace: [ 1485.241070] dump_stack+0x107/0x167 [ 1485.242031] should_fail.cold+0x5/0xa [ 1485.243018] _copy_from_user+0x2e/0x1b0 [ 1485.244052] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.245264] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.246412] ? __lock_acquire+0x1657/0x5b00 [ 1485.247547] ___sys_recvmsg+0xd5/0x200 [ 1485.248544] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.249951] ? __fget_files+0x2cf/0x520 [ 1485.251089] ? lock_acquire+0x197/0x470 [ 1485.252157] ? find_held_lock+0x2c/0x110 [ 1485.253221] ? __might_fault+0xd3/0x180 [ 1485.254320] ? lock_downgrade+0x6d0/0x6d0 [ 1485.256494] do_recvmmsg+0x24c/0x6d0 [ 1485.257455] ? ___sys_recvmsg+0x200/0x200 [ 1485.258525] ? lock_downgrade+0x6d0/0x6d0 [ 1485.259590] ? ksys_write+0x12d/0x260 [ 1485.260574] ? wait_for_completion_io+0x270/0x270 [ 1485.261822] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.263010] ? vfs_write+0x354/0xb10 [ 1485.263969] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.265067] ? ksys_write+0x1a9/0x260 [ 1485.266051] ? __do_sys_socketcall+0x600/0x600 [ 1485.267045] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.268168] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.269272] do_syscall_64+0x33/0x40 [ 1485.270072] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.271172] RIP: 0033:0x7f033573cb19 [ 1485.271969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.275956] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.277580] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1485.279113] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.280643] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.282175] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.283700] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1485.289457] FAULT_INJECTION: forcing a failure. [ 1485.289457] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.291991] CPU: 0 PID: 8418 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1485.293436] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.295191] Call Trace: [ 1485.295746] dump_stack+0x107/0x167 [ 1485.296516] should_fail.cold+0x5/0xa [ 1485.297337] _copy_from_user+0x2e/0x1b0 [ 1485.298188] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.299176] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.300123] ? __lock_acquire+0x1657/0x5b00 [ 1485.301000] FAULT_INJECTION: forcing a failure. [ 1485.301000] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.301060] ___sys_recvmsg+0xd5/0x200 [ 1485.303583] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.304645] ? __fget_files+0x2cf/0x520 [ 1485.305507] ? lock_acquire+0x197/0x470 [ 1485.306375] ? find_held_lock+0x2c/0x110 [ 1485.307265] ? __might_fault+0xd3/0x180 [ 1485.308123] ? lock_downgrade+0x6d0/0x6d0 [ 1485.309041] do_recvmmsg+0x24c/0x6d0 [ 1485.309860] ? ___sys_recvmsg+0x200/0x200 [ 1485.310754] ? lock_downgrade+0x6d0/0x6d0 [ 1485.311654] ? ksys_write+0x12d/0x260 [ 1485.312484] ? wait_for_completion_io+0x270/0x270 [ 1485.313545] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.314582] ? vfs_write+0x354/0xb10 [ 1485.315392] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.316323] ? ksys_write+0x1a9/0x260 [ 1485.317144] ? __do_sys_socketcall+0x600/0x600 [ 1485.318141] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.319265] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.320372] do_syscall_64+0x33/0x40 [ 1485.321184] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.322498] RIP: 0033:0x7f11b74b4b19 [ 1485.323295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.327257] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.328892] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1485.330429] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.331965] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.333497] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.335064] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1485.336619] CPU: 1 PID: 8415 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1485.337778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.338478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1485.339169] Call Trace: [ 1485.339190] dump_stack+0x107/0x167 [ 1485.339212] should_fail.cold+0x5/0xa [ 1485.342758] _copy_from_user+0x2e/0x1b0 [ 1485.343432] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.344213] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.344944] ? __lock_acquire+0x1657/0x5b00 [ 1485.345681] ___sys_recvmsg+0xd5/0x200 [ 1485.346353] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.347181] ? __fget_files+0x2cf/0x520 [ 1485.347854] ? lock_acquire+0x197/0x470 [ 1485.348516] ? find_held_lock+0x2c/0x110 [ 1485.349202] ? __might_fault+0xd3/0x180 [ 1485.349880] ? lock_downgrade+0x6d0/0x6d0 [ 1485.350581] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1485.351488] do_recvmmsg+0x24c/0x6d0 [ 1485.352107] ? ___sys_recvmsg+0x200/0x200 [ 1485.352785] ? lock_downgrade+0x6d0/0x6d0 [ 1485.353470] ? ksys_write+0x12d/0x260 [ 1485.354117] ? wait_for_completion_io+0x270/0x270 [ 1485.354919] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.355674] ? vfs_write+0x354/0xb10 [ 1485.356298] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.357024] ? ksys_write+0x1a9/0x260 [ 1485.357650] ? __do_sys_socketcall+0x600/0x600 [ 1485.358412] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.359275] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.360117] do_syscall_64+0x33/0x40 [ 1485.360728] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.361566] RIP: 0033:0x7f67c49b5b19 [ 1485.362465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.367212] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.368973] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1485.370640] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1485.372302] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.373966] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.375618] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:19:01 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 14) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1485.463991] FAULT_INJECTION: forcing a failure. [ 1485.463991] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.466915] CPU: 0 PID: 8429 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1485.468515] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.470558] Call Trace: [ 1485.471236] dump_stack+0x107/0x167 [ 1485.472148] should_fail.cold+0x5/0xa [ 1485.473106] _copy_from_user+0x2e/0x1b0 [ 1485.474129] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.476426] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.477524] ? __lock_acquire+0x1657/0x5b00 [ 1485.478650] ___sys_recvmsg+0xd5/0x200 [ 1485.479557] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.480709] ? __fget_files+0x2cf/0x520 [ 1485.481653] ? lock_acquire+0x197/0x470 [ 1485.482645] ? find_held_lock+0x2c/0x110 [ 1485.483514] ? __might_fault+0xd3/0x180 [ 1485.484508] ? lock_downgrade+0x6d0/0x6d0 [ 1485.485584] do_recvmmsg+0x24c/0x6d0 [ 1485.486538] ? ___sys_recvmsg+0x200/0x200 [ 1485.487592] ? lock_downgrade+0x6d0/0x6d0 [ 1485.488671] ? ksys_write+0x12d/0x260 [ 1485.489657] ? wait_for_completion_io+0x270/0x270 [ 1485.490960] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.492139] ? vfs_write+0x354/0xb10 [ 1485.493084] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.494197] ? ksys_write+0x1a9/0x260 [ 1485.495158] ? __do_sys_socketcall+0x600/0x600 [ 1485.496300] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.497620] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.498744] do_syscall_64+0x33/0x40 17:19:01 executing program 6: r0 = open_tree(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x200, 0x0, 0x0, 0x1, 0x17, "77004a6efdff00", 0x0, 0x1}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r2 = socket$inet(0x2, 0xa, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f00000000c0)='./file0\x00') fcntl$getown(0xffffffffffffffff, 0x9) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) r3 = socket$inet(0x2, 0x3, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_setup(0x21, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000feb000/0x13000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000000300)=0x0, &(0x7f0000002a40)=0x0) r6 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000580)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f0000000340)=@phonet={0x23, 0x0, 0x1, 0x80}}, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_WRITE={0x17, 0x1, 0x0, @fd=r6, 0x6, &(0x7f0000000140)="2a1c6601c247ddca3006d872e25c8871f5a785c9634ada56ef45d5626e214ba4a8e05bfa933f3194bf96bfa540e2852f6f0c62521ab8f47146cb03466c7589b502aeadca70fa01ae6d2753c4ed4611777081e4da2fa988dfedb51fef54f5e7f08cd26e121d586855ac306d2f7a8c502c050fdc5b1783b52940828db180339e91f9834a8fc658781227f4a07dfaab3e0331d5ed6ff1885049d9", 0x99, 0x10, 0x0, {0x0, r7}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) dup3(r2, r1, 0x0) [ 1485.499527] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.500838] RIP: 0033:0x7f60a47afb19 [ 1485.501617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.505489] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.507079] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1485.508551] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.510044] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.511533] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.513025] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 [ 1485.530129] FAULT_INJECTION: forcing a failure. [ 1485.530129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.532951] CPU: 0 PID: 8432 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1485.534408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.536228] Call Trace: [ 1485.536814] dump_stack+0x107/0x167 [ 1485.537587] should_fail.cold+0x5/0xa [ 1485.538415] _copy_from_user+0x2e/0x1b0 [ 1485.539265] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.540249] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.541174] ? __lock_acquire+0x1657/0x5b00 [ 1485.542113] ___sys_recvmsg+0xd5/0x200 [ 1485.542933] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.543970] ? __fget_files+0x2cf/0x520 [ 1485.544820] ? lock_acquire+0x197/0x470 [ 1485.545661] ? find_held_lock+0x2c/0x110 [ 1485.546533] ? __might_fault+0xd3/0x180 [ 1485.547369] ? lock_downgrade+0x6d0/0x6d0 [ 1485.548251] do_recvmmsg+0x24c/0x6d0 [ 1485.549041] ? ___sys_recvmsg+0x200/0x200 [ 1485.549924] ? lock_downgrade+0x6d0/0x6d0 [ 1485.550803] ? ksys_write+0x12d/0x260 [ 1485.551615] ? wait_for_completion_io+0x270/0x270 [ 1485.552637] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.553614] ? vfs_write+0x354/0xb10 [ 1485.554448] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.555363] ? ksys_write+0x1a9/0x260 [ 1485.556172] ? __do_sys_socketcall+0x600/0x600 [ 1485.557142] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.558266] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.559362] do_syscall_64+0x33/0x40 [ 1485.560144] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.561255] RIP: 0033:0x7f033573cb19 [ 1485.562087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.565872] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.567489] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1485.568978] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.570528] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.572046] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.573555] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 17:19:01 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 35) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:01 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x0, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 32) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1485.578628] FAULT_INJECTION: forcing a failure. [ 1485.578628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.581986] CPU: 1 PID: 8435 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1485.583775] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.585830] Call Trace: [ 1485.586533] dump_stack+0x107/0x167 [ 1485.587485] should_fail.cold+0x5/0xa [ 1485.588505] _copy_from_user+0x2e/0x1b0 [ 1485.589563] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.590788] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.591952] ? __lock_acquire+0x1657/0x5b00 [ 1485.593123] ___sys_recvmsg+0xd5/0x200 [ 1485.594160] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.595458] ? __fget_files+0x2cf/0x520 [ 1485.596510] ? lock_acquire+0x197/0x470 [ 1485.597550] ? find_held_lock+0x2c/0x110 [ 1485.598638] ? __might_fault+0xd3/0x180 [ 1485.599650] ? lock_downgrade+0x6d0/0x6d0 [ 1485.600761] do_recvmmsg+0x24c/0x6d0 [ 1485.601742] ? ___sys_recvmsg+0x200/0x200 [ 1485.602856] ? lock_downgrade+0x6d0/0x6d0 [ 1485.603941] ? ksys_write+0x12d/0x260 [ 1485.604948] ? wait_for_completion_io+0x270/0x270 [ 1485.606189] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.607391] ? vfs_write+0x354/0xb10 [ 1485.608372] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.609502] ? ksys_write+0x1a9/0x260 [ 1485.610596] ? __do_sys_socketcall+0x600/0x600 [ 1485.611855] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.613192] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.614545] do_syscall_64+0x33/0x40 [ 1485.615381] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.616219] RIP: 0033:0x7f11b74b4b19 [ 1485.616826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.620387] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.621918] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1485.623239] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.624485] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.625854] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.627166] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1485.676987] FAULT_INJECTION: forcing a failure. [ 1485.676987] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.679662] CPU: 0 PID: 8441 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1485.681126] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.682921] Call Trace: [ 1485.683472] dump_stack+0x107/0x167 [ 1485.684266] should_fail.cold+0x5/0xa [ 1485.685092] _copy_from_user+0x2e/0x1b0 [ 1485.685961] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.686957] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.687923] ? __lock_acquire+0x1657/0x5b00 [ 1485.688858] ___sys_recvmsg+0xd5/0x200 [ 1485.689691] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.690763] ? lock_acquire+0x197/0x470 [ 1485.691614] ? find_held_lock+0x2c/0x110 [ 1485.692486] ? __might_fault+0xd3/0x180 [ 1485.693336] ? lock_downgrade+0x6d0/0x6d0 [ 1485.694245] do_recvmmsg+0x24c/0x6d0 [ 1485.695372] ? ___sys_recvmsg+0x200/0x200 [ 1485.696375] ? lock_downgrade+0x6d0/0x6d0 [ 1485.697275] ? ksys_write+0x12d/0x260 [ 1485.698110] ? wait_for_completion_io+0x270/0x270 [ 1485.699146] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.700145] ? vfs_write+0x354/0xb10 [ 1485.700951] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.701887] ? ksys_write+0x1a9/0x260 [ 1485.702702] ? __do_sys_socketcall+0x600/0x600 [ 1485.703689] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.704814] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.705931] do_syscall_64+0x33/0x40 [ 1485.706929] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.708316] RIP: 0033:0x7f67c49b5b19 [ 1485.709329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.714162] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.715874] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1485.717485] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1485.719104] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.720639] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.722255] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1485.737191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:19:02 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 36) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:02 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 54) [ 1485.770430] FAULT_INJECTION: forcing a failure. [ 1485.770430] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.772460] CPU: 1 PID: 8447 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1485.773578] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.774933] Call Trace: [ 1485.775370] dump_stack+0x107/0x167 [ 1485.775962] should_fail.cold+0x5/0xa [ 1485.776581] _copy_from_user+0x2e/0x1b0 [ 1485.777231] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.777999] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.778710] ? __lock_acquire+0x1657/0x5b00 [ 1485.779418] ___sys_recvmsg+0xd5/0x200 [ 1485.780051] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.780846] ? __fget_files+0x2cf/0x520 [ 1485.781498] ? lock_acquire+0x197/0x470 [ 1485.782151] ? find_held_lock+0x2c/0x110 [ 1485.782812] ? __might_fault+0xd3/0x180 [ 1485.783452] ? lock_downgrade+0x6d0/0x6d0 [ 1485.784134] do_recvmmsg+0x24c/0x6d0 [ 1485.784740] ? ___sys_recvmsg+0x200/0x200 [ 1485.785409] ? lock_downgrade+0x6d0/0x6d0 [ 1485.786104] ? ksys_write+0x12d/0x260 [ 1485.786726] ? wait_for_completion_io+0x270/0x270 [ 1485.787504] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.788259] ? vfs_write+0x354/0xb10 [ 1485.788860] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.789561] ? ksys_write+0x1a9/0x260 [ 1485.790183] ? __do_sys_socketcall+0x600/0x600 [ 1485.790919] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.791765] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.792590] do_syscall_64+0x33/0x40 [ 1485.793190] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.794016] RIP: 0033:0x7f11b74b4b19 [ 1485.794609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.797549] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.798777] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1485.799919] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.801072] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.802222] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.803375] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:19:02 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x17}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:19:02 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 15) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1485.844481] FAULT_INJECTION: forcing a failure. [ 1485.844481] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.847089] CPU: 0 PID: 8450 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1485.848544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.850358] Call Trace: [ 1485.850930] dump_stack+0x107/0x167 [ 1485.851727] should_fail.cold+0x5/0xa [ 1485.852559] _copy_from_user+0x2e/0x1b0 [ 1485.852955] FAULT_INJECTION: forcing a failure. [ 1485.852955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1485.853462] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.856532] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.857515] ? __lock_acquire+0x1657/0x5b00 [ 1485.858520] ___sys_recvmsg+0xd5/0x200 [ 1485.859380] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.860432] ? lock_acquire+0x197/0x470 [ 1485.861270] ? find_held_lock+0x2c/0x110 [ 1485.862141] ? __might_fault+0xd3/0x180 [ 1485.862997] ? lock_downgrade+0x6d0/0x6d0 [ 1485.863891] do_recvmmsg+0x24c/0x6d0 [ 1485.864692] ? ___sys_recvmsg+0x200/0x200 [ 1485.865573] ? lock_downgrade+0x6d0/0x6d0 [ 1485.866473] ? ksys_write+0x12d/0x260 [ 1485.867290] ? wait_for_completion_io+0x270/0x270 [ 1485.868316] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.869294] ? vfs_write+0x354/0xb10 [ 1485.870088] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.871004] ? ksys_write+0x1a9/0x260 [ 1485.871810] ? __do_sys_socketcall+0x600/0x600 [ 1485.872781] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.873909] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.874995] do_syscall_64+0x33/0x40 [ 1485.875782] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.876853] RIP: 0033:0x7f60a47afb19 [ 1485.877640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.881532] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.883128] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1485.884624] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.886134] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.887654] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.889142] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1485.890699] CPU: 1 PID: 8451 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1485.892274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1485.894085] Call Trace: [ 1485.894669] dump_stack+0x107/0x167 [ 1485.895451] should_fail.cold+0x5/0xa [ 1485.896277] _copy_from_user+0x2e/0x1b0 [ 1485.897146] __copy_msghdr_from_user+0x91/0x4b0 [ 1485.898162] ? __ia32_sys_shutdown+0x80/0x80 [ 1485.899116] ? __lock_acquire+0x1657/0x5b00 [ 1485.900057] ___sys_recvmsg+0xd5/0x200 [ 1485.900907] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1485.901978] ? __fget_files+0x2cf/0x520 [ 1485.902846] ? lock_acquire+0x197/0x470 [ 1485.903695] ? find_held_lock+0x2c/0x110 [ 1485.904578] ? __might_fault+0xd3/0x180 [ 1485.905434] ? lock_downgrade+0x6d0/0x6d0 [ 1485.906354] do_recvmmsg+0x24c/0x6d0 [ 1485.907157] ? ___sys_recvmsg+0x200/0x200 [ 1485.908044] ? lock_downgrade+0x6d0/0x6d0 [ 1485.908939] ? ksys_write+0x12d/0x260 [ 1485.909761] ? wait_for_completion_io+0x270/0x270 [ 1485.910838] ? rcu_read_lock_any_held+0x75/0xa0 [ 1485.911823] ? vfs_write+0x354/0xb10 [ 1485.912628] __x64_sys_recvmmsg+0x20f/0x260 [ 1485.913551] ? ksys_write+0x1a9/0x260 [ 1485.914390] ? __do_sys_socketcall+0x600/0x600 [ 1485.915378] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1485.916501] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1485.917602] do_syscall_64+0x33/0x40 [ 1485.918417] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1485.919515] RIP: 0033:0x7f033573cb19 [ 1485.920311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1485.924246] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1485.925901] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1485.927421] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1485.928952] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1485.930508] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1485.932037] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1485.949890] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1486.256580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:19:17 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x18}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:19:17 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1501.480952] FAULT_INJECTION: forcing a failure. [ 1501.480952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1501.484038] CPU: 0 PID: 8463 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1501.484650] FAULT_INJECTION: forcing a failure. [ 1501.484650] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1501.485779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1501.485788] Call Trace: [ 1501.485817] dump_stack+0x107/0x167 [ 1501.485846] should_fail.cold+0x5/0xa [ 1501.493027] _copy_from_user+0x2e/0x1b0 [ 1501.494080] __copy_msghdr_from_user+0x91/0x4b0 [ 1501.495266] ? __ia32_sys_shutdown+0x80/0x80 [ 1501.496378] ? __lock_acquire+0x1657/0x5b00 [ 1501.497522] ___sys_recvmsg+0xd5/0x200 [ 1501.498526] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1501.499765] ? __fget_files+0x2cf/0x520 [ 1501.500778] ? lock_acquire+0x197/0x470 [ 1501.501796] ? find_held_lock+0x2c/0x110 [ 1501.502845] ? __might_fault+0xd3/0x180 [ 1501.503858] ? lock_downgrade+0x6d0/0x6d0 [ 1501.504932] do_recvmmsg+0x24c/0x6d0 [ 1501.505882] ? ___sys_recvmsg+0x200/0x200 [ 1501.506943] ? lock_downgrade+0x6d0/0x6d0 [ 1501.507896] ? ksys_write+0x12d/0x260 [ 1501.508763] ? wait_for_completion_io+0x270/0x270 [ 1501.509858] ? rcu_read_lock_any_held+0x75/0xa0 [ 1501.510917] ? vfs_write+0x354/0xb10 [ 1501.511767] __x64_sys_recvmmsg+0x20f/0x260 [ 1501.512737] ? ksys_write+0x1a9/0x260 [ 1501.513621] ? __do_sys_socketcall+0x600/0x600 [ 1501.514658] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1501.515844] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1501.517015] do_syscall_64+0x33/0x40 [ 1501.517849] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1501.519018] RIP: 0033:0x7f033573cb19 [ 1501.519856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1501.524031] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1501.525751] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1501.527379] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1501.529000] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1501.530624] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1501.532226] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1501.533885] CPU: 1 PID: 8471 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1501.535413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1501.537180] Call Trace: [ 1501.537750] dump_stack+0x107/0x167 [ 1501.538525] should_fail.cold+0x5/0xa [ 1501.539333] _copy_from_user+0x2e/0x1b0 [ 1501.540185] __copy_msghdr_from_user+0x91/0x4b0 [ 1501.541167] ? __ia32_sys_shutdown+0x80/0x80 [ 1501.542103] ? __lock_acquire+0x1657/0x5b00 [ 1501.543029] ___sys_recvmsg+0xd5/0x200 [ 1501.543848] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1501.544881] ? __fget_files+0x2cf/0x520 [ 1501.545720] ? lock_acquire+0x197/0x470 [ 1501.546569] ? find_held_lock+0x2c/0x110 [ 1501.547436] ? __might_fault+0xd3/0x180 [ 1501.548250] ? lock_downgrade+0x6d0/0x6d0 [ 1501.549138] do_recvmmsg+0x24c/0x6d0 [ 1501.549919] ? ___sys_recvmsg+0x200/0x200 [ 1501.550801] ? lock_downgrade+0x6d0/0x6d0 [ 1501.551665] ? ksys_write+0x12d/0x260 [ 1501.552470] ? wait_for_completion_io+0x270/0x270 [ 1501.553478] ? rcu_read_lock_any_held+0x75/0xa0 [ 1501.554455] ? vfs_write+0x354/0xb10 [ 1501.555235] __x64_sys_recvmmsg+0x20f/0x260 [ 1501.556140] ? ksys_write+0x1a9/0x260 [ 1501.556938] ? __do_sys_socketcall+0x600/0x600 [ 1501.557893] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1501.558989] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1501.560056] do_syscall_64+0x33/0x40 [ 1501.560836] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1501.561908] RIP: 0033:0x7f11b74b4b19 [ 1501.562696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1501.566571] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1501.568163] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1501.569667] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1501.571180] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1501.572669] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1501.574174] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1501.644392] FAULT_INJECTION: forcing a failure. [ 1501.644392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1501.647036] CPU: 1 PID: 8477 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1501.648523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1501.650545] Call Trace: [ 1501.651130] dump_stack+0x107/0x167 [ 1501.651950] should_fail.cold+0x5/0xa [ 1501.652787] _copy_from_user+0x2e/0x1b0 17:19:17 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 16) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:17 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 55) 17:19:17 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 37) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:17 executing program 6: clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) setitimer(0x0, &(0x7f00000005c0)={{r0, r1/1000+60000}, {0x0, 0x2710}}, &(0x7f0000000600)) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x28, 0x20, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @typed={0xc, 0x11, 0x0, 0x0, @u64}]}, 0x28}}, 0x0) close_range(r3, r2, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40008800}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0x78, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1000}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_PROTOINFO={0x28, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x24, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x8}, @CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5, 0x2, 0xe2}, @CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x40}, @CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x80, 0x3f}}]}}, @CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @rand_addr=0x64010102}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000044}, 0x4000800) perf_event_open(&(0x7f0000000440)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)={0x5c, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x62}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x20000004) syz_open_dev$tty1(0xc, 0x4, 0x1) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) write$evdev(0xffffffffffffffff, &(0x7f00000003c0)=[{{r4, r5/1000+60000}, 0x1f, 0xf4c, 0xbbd}], 0x18) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp6\x00') unshare(0x48020200) 17:19:17 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 33) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:17 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x0, &(0x7f0000000180)={@local, r6}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1501.653785] __copy_msghdr_from_user+0x91/0x4b0 [ 1501.654902] ? __ia32_sys_shutdown+0x80/0x80 [ 1501.655863] ? __lock_acquire+0x1657/0x5b00 [ 1501.656840] ___sys_recvmsg+0xd5/0x200 [ 1501.657733] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1501.658862] ? __fget_files+0x2cf/0x520 [ 1501.659726] ? lock_acquire+0x197/0x470 [ 1501.660565] ? find_held_lock+0x2c/0x110 [ 1501.661444] ? __might_fault+0xd3/0x180 [ 1501.662312] ? lock_downgrade+0x6d0/0x6d0 [ 1501.663205] do_recvmmsg+0x24c/0x6d0 [ 1501.664019] ? ___sys_recvmsg+0x200/0x200 [ 1501.664936] ? lock_downgrade+0x6d0/0x6d0 [ 1501.665822] ? ksys_write+0x12d/0x260 [ 1501.666677] ? wait_for_completion_io+0x270/0x270 [ 1501.667713] ? rcu_read_lock_any_held+0x75/0xa0 [ 1501.668729] ? vfs_write+0x354/0xb10 [ 1501.669546] __x64_sys_recvmmsg+0x20f/0x260 [ 1501.670497] ? ksys_write+0x1a9/0x260 [ 1501.671327] ? __do_sys_socketcall+0x600/0x600 [ 1501.672326] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1501.673292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1501.673475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1501.676586] do_syscall_64+0x33/0x40 [ 1501.677374] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1501.678476] RIP: 0033:0x7f67c49b5b19 [ 1501.679281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1501.683276] RSP: 002b:00007f67c1f0a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1501.684948] RAX: ffffffffffffffda RBX: 00007f67c4ac9020 RCX: 00007f67c49b5b19 [ 1501.686522] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1501.688062] RBP: 00007f67c1f0a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1501.689606] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1501.691184] R13: 00007fff4edb47af R14: 00007f67c1f0a300 R15: 0000000000022000 [ 1501.702096] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=259 sclass=netlink_route_socket pid=8479 comm=syz-executor.6 [ 1501.710390] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8479 comm=syz-executor.6 17:19:18 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 38) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:18 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 17) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1501.851502] FAULT_INJECTION: forcing a failure. [ 1501.851502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1501.854365] CPU: 0 PID: 8484 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1501.856068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1501.858138] Call Trace: [ 1501.858810] dump_stack+0x107/0x167 [ 1501.859730] should_fail.cold+0x5/0xa [ 1501.860692] _copy_from_user+0x2e/0x1b0 [ 1501.861689] __copy_msghdr_from_user+0x91/0x4b0 [ 1501.862853] ? __ia32_sys_shutdown+0x80/0x80 [ 1501.863937] ? __lock_acquire+0x1657/0x5b00 [ 1501.865036] ___sys_recvmsg+0xd5/0x200 [ 1501.866017] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1501.867241] ? trace_hardirqs_on+0x5b/0x180 [ 1501.868312] ? lock_acquire+0x197/0x470 [ 1501.869294] ? find_held_lock+0x2c/0x110 [ 1501.870304] ? __might_fault+0xd3/0x180 [ 1501.871269] ? lock_downgrade+0x6d0/0x6d0 [ 1501.872291] do_recvmmsg+0x24c/0x6d0 [ 1501.873200] ? ___sys_recvmsg+0x200/0x200 [ 1501.874252] ? lock_downgrade+0x6d0/0x6d0 [ 1501.875287] ? ksys_write+0x12d/0x260 [ 1501.876234] ? wait_for_completion_io+0x270/0x270 [ 1501.877425] ? rcu_read_lock_any_held+0x75/0xa0 [ 1501.878594] ? vfs_write+0x354/0xb10 [ 1501.879520] __x64_sys_recvmmsg+0x20f/0x260 [ 1501.880564] ? ksys_write+0x1a9/0x260 [ 1501.881520] ? __do_sys_socketcall+0x600/0x600 [ 1501.882647] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1501.883911] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1501.885162] do_syscall_64+0x33/0x40 [ 1501.886092] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1501.887365] RIP: 0033:0x7f60a47afb19 [ 1501.888291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1501.892594] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1501.894327] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1501.895942] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1501.897558] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1501.899261] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1501.900878] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 [ 1501.900917] FAULT_INJECTION: forcing a failure. [ 1501.900917] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1501.905100] CPU: 1 PID: 8488 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1501.906573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1501.908346] Call Trace: [ 1501.908907] dump_stack+0x107/0x167 [ 1501.909672] should_fail.cold+0x5/0xa [ 1501.910482] _copy_from_user+0x2e/0x1b0 [ 1501.911352] __copy_msghdr_from_user+0x91/0x4b0 [ 1501.912330] ? __ia32_sys_shutdown+0x80/0x80 [ 1501.913270] ? __lock_acquire+0x1657/0x5b00 [ 1501.914206] ___sys_recvmsg+0xd5/0x200 [ 1501.915020] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1501.916057] ? __fget_files+0x2cf/0x520 [ 1501.916914] ? lock_acquire+0x197/0x470 [ 1501.917747] ? find_held_lock+0x2c/0x110 [ 1501.918622] ? __might_fault+0xd3/0x180 [ 1501.919459] ? lock_downgrade+0x6d0/0x6d0 [ 1501.920366] do_recvmmsg+0x24c/0x6d0 [ 1501.921166] ? ___sys_recvmsg+0x200/0x200 [ 1501.922048] ? lock_downgrade+0x6d0/0x6d0 [ 1501.922930] ? ksys_write+0x12d/0x260 [ 1501.923756] ? wait_for_completion_io+0x270/0x270 [ 1501.924715] FAULT_INJECTION: forcing a failure. [ 1501.924715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1501.924785] ? rcu_read_lock_any_held+0x75/0xa0 [ 1501.928589] ? vfs_write+0x354/0xb10 [ 1501.929375] __x64_sys_recvmmsg+0x20f/0x260 [ 1501.930287] ? ksys_write+0x1a9/0x260 [ 1501.931087] ? __do_sys_socketcall+0x600/0x600 [ 1501.932058] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1501.933159] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1501.934253] do_syscall_64+0x33/0x40 [ 1501.935046] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1501.936119] RIP: 0033:0x7f033573cb19 [ 1501.936906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1501.940819] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1501.942426] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1501.943931] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1501.945436] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1501.946959] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1501.948441] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1501.949959] CPU: 0 PID: 8490 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1501.951711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1501.953771] Call Trace: [ 1501.954438] dump_stack+0x107/0x167 [ 1501.955347] should_fail.cold+0x5/0xa [ 1501.956306] _copy_from_user+0x2e/0x1b0 [ 1501.957319] __copy_msghdr_from_user+0x91/0x4b0 [ 1501.958466] ? __ia32_sys_shutdown+0x80/0x80 [ 1501.959556] ? __lock_acquire+0x1657/0x5b00 [ 1501.960654] ___sys_recvmsg+0xd5/0x200 [ 1501.961648] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1501.962887] ? trace_hardirqs_on+0x5b/0x180 [ 1501.963974] ? lock_acquire+0x197/0x470 [ 1501.964968] ? find_held_lock+0x2c/0x110 [ 1501.966016] ? __might_fault+0xd3/0x180 [ 1501.967006] ? lock_downgrade+0x6d0/0x6d0 [ 1501.968045] do_recvmmsg+0x24c/0x6d0 [ 1501.968985] ? ___sys_recvmsg+0x200/0x200 [ 1501.970051] ? lock_downgrade+0x6d0/0x6d0 [ 1501.971111] ? ksys_write+0x12d/0x260 [ 1501.972074] ? wait_for_completion_io+0x270/0x270 [ 1501.973298] ? rcu_read_lock_any_held+0x75/0xa0 [ 1501.974483] ? vfs_write+0x354/0xb10 [ 1501.975424] __x64_sys_recvmmsg+0x20f/0x260 [ 1501.976513] ? ksys_write+0x1a9/0x260 [ 1501.977465] ? __do_sys_socketcall+0x600/0x600 [ 1501.978623] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1501.979953] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1501.981253] do_syscall_64+0x33/0x40 [ 1501.982204] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1501.983491] RIP: 0033:0x7f11b74b4b19 [ 1501.984400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1501.988991] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1501.990919] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1501.992731] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1501.994561] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1501.996369] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1501.998167] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:19:18 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:19:18 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 18) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:18 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 34) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:18 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, 0x0, 0x0) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:18 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 39) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1502.166069] FAULT_INJECTION: forcing a failure. [ 1502.166069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1502.168711] CPU: 1 PID: 8497 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1502.170230] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1502.171834] Call Trace: [ 1502.172341] dump_stack+0x107/0x167 [ 1502.172553] FAULT_INJECTION: forcing a failure. [ 1502.172553] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1502.173013] should_fail.cold+0x5/0xa [ 1502.173039] _copy_from_user+0x2e/0x1b0 [ 1502.173063] __copy_msghdr_from_user+0x91/0x4b0 [ 1502.173083] ? __ia32_sys_shutdown+0x80/0x80 [ 1502.173101] ? __lock_acquire+0x1657/0x5b00 [ 1502.173131] ___sys_recvmsg+0xd5/0x200 [ 1502.173149] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1502.173168] ? __fget_files+0x2cf/0x520 [ 1502.173192] ? lock_acquire+0x197/0x470 [ 1502.183060] ? find_held_lock+0x2c/0x110 [ 1502.183832] ? __might_fault+0xd3/0x180 [ 1502.184570] ? lock_downgrade+0x6d0/0x6d0 [ 1502.185361] do_recvmmsg+0x24c/0x6d0 [ 1502.186082] ? ___sys_recvmsg+0x200/0x200 [ 1502.186855] ? lock_downgrade+0x6d0/0x6d0 [ 1502.187629] ? ksys_write+0x12d/0x260 [ 1502.188361] ? wait_for_completion_io+0x270/0x270 [ 1502.189255] ? rcu_read_lock_any_held+0x75/0xa0 [ 1502.190125] ? vfs_write+0x354/0xb10 [ 1502.190816] __x64_sys_recvmmsg+0x20f/0x260 [ 1502.191626] ? ksys_write+0x1a9/0x260 [ 1502.192334] ? __do_sys_socketcall+0x600/0x600 [ 1502.193189] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1502.194166] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1502.195134] do_syscall_64+0x33/0x40 [ 1502.195828] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1502.196774] RIP: 0033:0x7f033573cb19 [ 1502.197463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1502.200908] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1502.202333] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1502.203668] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1502.205001] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1502.206327] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1502.207654] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1502.209025] CPU: 0 PID: 8496 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1502.210927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1502.213118] Call Trace: [ 1502.213818] dump_stack+0x107/0x167 [ 1502.214819] should_fail.cold+0x5/0xa [ 1502.215907] _copy_from_user+0x2e/0x1b0 [ 1502.216950] __copy_msghdr_from_user+0x91/0x4b0 [ 1502.218168] ? __ia32_sys_shutdown+0x80/0x80 [ 1502.219331] ? __lock_acquire+0x1657/0x5b00 [ 1502.220471] ___sys_recvmsg+0xd5/0x200 [ 1502.221486] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1502.222792] ? __fget_files+0x2cf/0x520 [ 1502.223898] ? lock_acquire+0x197/0x470 [ 1502.224965] ? find_held_lock+0x2c/0x110 [ 1502.226038] ? __might_fault+0xd3/0x180 [ 1502.227068] ? lock_downgrade+0x6d0/0x6d0 [ 1502.228174] do_recvmmsg+0x24c/0x6d0 [ 1502.229168] ? ___sys_recvmsg+0x200/0x200 [ 1502.230263] ? lock_downgrade+0x6d0/0x6d0 [ 1502.231372] ? ksys_write+0x12d/0x260 [ 1502.232398] ? wait_for_completion_io+0x270/0x270 [ 1502.233671] ? rcu_read_lock_any_held+0x75/0xa0 [ 1502.234864] ? vfs_write+0x354/0xb10 [ 1502.235769] __x64_sys_recvmmsg+0x20f/0x260 [ 1502.236792] ? ksys_write+0x1a9/0x260 [ 1502.237650] ? __do_sys_socketcall+0x600/0x600 [ 1502.238767] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1502.240024] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1502.241161] do_syscall_64+0x33/0x40 [ 1502.241968] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1502.243091] RIP: 0033:0x7f67c49b5b19 [ 1502.243893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1502.247865] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1502.249517] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1502.251066] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1502.252630] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1502.254169] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1502.255702] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1502.274186] FAULT_INJECTION: forcing a failure. [ 1502.274186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1502.276862] CPU: 0 PID: 8501 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1502.278474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1502.280329] Call Trace: [ 1502.280903] dump_stack+0x107/0x167 [ 1502.281686] should_fail.cold+0x5/0xa [ 1502.282539] _copy_from_user+0x2e/0x1b0 [ 1502.283413] __copy_msghdr_from_user+0x91/0x4b0 [ 1502.284459] ? __ia32_sys_shutdown+0x80/0x80 [ 1502.285461] ? __lock_acquire+0x1657/0x5b00 [ 1502.286464] ___sys_recvmsg+0xd5/0x200 [ 1502.287287] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1502.288363] ? __fget_files+0x2cf/0x520 [ 1502.289239] ? lock_acquire+0x197/0x470 [ 1502.290121] ? find_held_lock+0x2c/0x110 [ 1502.291039] ? __might_fault+0xd3/0x180 [ 1502.291915] ? lock_downgrade+0x6d0/0x6d0 [ 1502.292843] do_recvmmsg+0x24c/0x6d0 [ 1502.293643] ? ___sys_recvmsg+0x200/0x200 [ 1502.294542] ? lock_downgrade+0x6d0/0x6d0 [ 1502.295425] ? ksys_write+0x12d/0x260 [ 1502.296264] ? wait_for_completion_io+0x270/0x270 [ 1502.297318] ? rcu_read_lock_any_held+0x75/0xa0 [ 1502.298338] ? vfs_write+0x354/0xb10 [ 1502.299157] __x64_sys_recvmmsg+0x20f/0x260 [ 1502.300059] ? ksys_write+0x1a9/0x260 [ 1502.300993] ? __do_sys_socketcall+0x600/0x600 [ 1502.302168] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1502.303471] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1502.304715] do_syscall_64+0x33/0x40 [ 1502.305611] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1502.306856] RIP: 0033:0x7f11b74b4b19 [ 1502.307735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1502.311975] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1502.313560] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1502.315108] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1502.316609] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1502.318171] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1502.319811] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1507.033819] Bluetooth: hci1: command 0x0409 tx timeout [ 1509.082586] Bluetooth: hci1: command 0x041b tx timeout [ 1511.129804] Bluetooth: hci1: command 0x040f tx timeout [ 1512.339381] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1512.342220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1512.349032] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1512.414490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1512.416250] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1512.420057] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1512.565130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1512.869790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1513.177820] Bluetooth: hci1: command 0x0419 tx timeout 17:19:44 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 56) 17:19:44 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:19:44 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x19}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:19:44 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, 0x0, 0x0) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:44 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 35) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:44 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 19) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:44 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 40) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:44 executing program 6: clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) setitimer(0x0, &(0x7f00000005c0)={{r0, r1/1000+60000}, {0x0, 0x2710}}, &(0x7f0000000600)) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x28, 0x20, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @typed={0xc, 0x11, 0x0, 0x0, @u64}]}, 0x28}}, 0x0) close_range(r3, r2, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40008800}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0x78, 0x3, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1000}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_PROTOINFO={0x28, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x24, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x8}, @CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5, 0x2, 0xe2}, @CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x40}, @CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x80, 0x3f}}]}}, @CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @rand_addr=0x64010102}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000044}, 0x4000800) perf_event_open(&(0x7f0000000440)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)={0x5c, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x62}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x20000004) syz_open_dev$tty1(0xc, 0x4, 0x1) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) write$evdev(0xffffffffffffffff, &(0x7f00000003c0)=[{{r4, r5/1000+60000}, 0x1f, 0xf4c, 0xbbd}], 0x18) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp6\x00') unshare(0x48020200) [ 1528.386011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1528.395373] FAULT_INJECTION: forcing a failure. [ 1528.395373] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1528.399283] CPU: 1 PID: 8983 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1528.400754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1528.402504] Call Trace: [ 1528.403068] dump_stack+0x107/0x167 [ 1528.403838] should_fail.cold+0x5/0xa [ 1528.404639] _copy_from_user+0x2e/0x1b0 [ 1528.405483] __copy_msghdr_from_user+0x91/0x4b0 [ 1528.406467] ? __ia32_sys_shutdown+0x80/0x80 [ 1528.407408] ? __lock_acquire+0x1657/0x5b00 [ 1528.408347] ___sys_recvmsg+0xd5/0x200 [ 1528.409189] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1528.410220] ? __fget_files+0x2cf/0x520 [ 1528.411067] ? lock_acquire+0x197/0x470 [ 1528.411905] ? find_held_lock+0x2c/0x110 [ 1528.412756] ? __might_fault+0xd3/0x180 [ 1528.413598] ? lock_downgrade+0x6d0/0x6d0 [ 1528.414511] do_recvmmsg+0x24c/0x6d0 [ 1528.415314] ? ___sys_recvmsg+0x200/0x200 [ 1528.416210] ? lock_downgrade+0x6d0/0x6d0 [ 1528.417109] ? ksys_write+0x12d/0x260 [ 1528.417947] ? wait_for_completion_io+0x270/0x270 [ 1528.419128] ? rcu_read_lock_any_held+0x75/0xa0 [ 1528.420281] ? vfs_write+0x354/0xb10 [ 1528.421207] __x64_sys_recvmmsg+0x20f/0x260 [ 1528.422314] ? ksys_write+0x1a9/0x260 [ 1528.423123] ? __do_sys_socketcall+0x600/0x600 [ 1528.424080] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1528.425191] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1528.426273] do_syscall_64+0x33/0x40 [ 1528.427061] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1528.428126] RIP: 0033:0x7f11b74b4b19 [ 1528.428895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1528.432803] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1528.434429] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1528.435971] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1528.437497] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1528.439036] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1528.440553] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1528.480608] FAULT_INJECTION: forcing a failure. [ 1528.480608] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1528.483119] CPU: 1 PID: 8984 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1528.484561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1528.486340] Call Trace: [ 1528.486898] dump_stack+0x107/0x167 [ 1528.487661] should_fail.cold+0x5/0xa [ 1528.488466] _copy_from_user+0x2e/0x1b0 [ 1528.489308] __copy_msghdr_from_user+0x91/0x4b0 [ 1528.490294] ? __ia32_sys_shutdown+0x80/0x80 [ 1528.491216] ? __lock_acquire+0x1657/0x5b00 [ 1528.492137] ___sys_recvmsg+0xd5/0x200 [ 1528.492960] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1528.493980] ? trace_hardirqs_on+0x5b/0x180 [ 1528.494907] ? lock_acquire+0x197/0x470 [ 1528.495738] ? find_held_lock+0x2c/0x110 [ 1528.496596] ? __might_fault+0xd3/0x180 [ 1528.497435] ? lock_downgrade+0x6d0/0x6d0 [ 1528.498343] do_recvmmsg+0x24c/0x6d0 [ 1528.499137] ? ___sys_recvmsg+0x200/0x200 [ 1528.500000] ? lock_downgrade+0x6d0/0x6d0 [ 1528.500876] ? ksys_write+0x12d/0x260 [ 1528.501688] ? wait_for_completion_io+0x270/0x270 [ 1528.502716] ? rcu_read_lock_any_held+0x75/0xa0 [ 1528.503700] ? vfs_write+0x354/0xb10 [ 1528.504483] __x64_sys_recvmmsg+0x20f/0x260 [ 1528.505383] ? ksys_write+0x1a9/0x260 [ 1528.506180] ? __do_sys_socketcall+0x600/0x600 [ 1528.507150] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1528.508329] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1528.509488] do_syscall_64+0x33/0x40 [ 1528.510441] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1528.511760] RIP: 0033:0x7f033573cb19 [ 1528.512744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1528.517595] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1528.519558] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1528.521341] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1528.523115] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1528.524904] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1528.526708] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1528.546180] FAULT_INJECTION: forcing a failure. [ 1528.546180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1528.549381] CPU: 0 PID: 8980 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1528.551124] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1528.553190] Call Trace: [ 1528.553863] dump_stack+0x107/0x167 [ 1528.554795] should_fail.cold+0x5/0xa [ 1528.555758] _copy_from_user+0x2e/0x1b0 [ 1528.556760] __copy_msghdr_from_user+0x91/0x4b0 [ 1528.557924] ? __ia32_sys_shutdown+0x80/0x80 [ 1528.559038] ? __lock_acquire+0x1657/0x5b00 [ 1528.560150] ___sys_recvmsg+0xd5/0x200 [ 1528.561124] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1528.562360] ? lock_acquire+0x197/0x470 [ 1528.563348] ? find_held_lock+0x2c/0x110 [ 1528.564369] ? __might_fault+0xd3/0x180 [ 1528.565369] ? lock_downgrade+0x6d0/0x6d0 [ 1528.566414] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1528.567794] do_recvmmsg+0x24c/0x6d0 [ 1528.568735] ? ___sys_recvmsg+0x200/0x200 [ 1528.569760] ? lock_downgrade+0x6d0/0x6d0 [ 1528.570810] ? ksys_write+0x12d/0x260 [ 1528.571773] ? wait_for_completion_io+0x270/0x270 [ 1528.572985] ? rcu_read_lock_any_held+0x75/0xa0 [ 1528.574143] ? vfs_write+0x354/0xb10 [ 1528.575085] __x64_sys_recvmmsg+0x20f/0x260 [ 1528.576152] ? ksys_write+0x1a9/0x260 [ 1528.576244] FAULT_INJECTION: forcing a failure. [ 1528.576244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1528.577095] ? __do_sys_socketcall+0x600/0x600 [ 1528.577129] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1528.577165] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1528.583281] do_syscall_64+0x33/0x40 [ 1528.584205] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1528.585457] RIP: 0033:0x7f67c49b5b19 [ 1528.586389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1528.590912] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1528.592783] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1528.594541] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1528.596294] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1528.598045] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1528.599824] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1528.601603] CPU: 1 PID: 8985 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1528.603134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1528.604930] Call Trace: [ 1528.605493] dump_stack+0x107/0x167 [ 1528.606282] should_fail.cold+0x5/0xa [ 1528.607109] _copy_from_user+0x2e/0x1b0 [ 1528.608089] __copy_msghdr_from_user+0x91/0x4b0 [ 1528.609302] ? __ia32_sys_shutdown+0x80/0x80 [ 1528.610577] ? __lock_acquire+0x1657/0x5b00 [ 1528.611740] ___sys_recvmsg+0xd5/0x200 [ 1528.612772] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1528.614082] ? __fget_files+0x2cf/0x520 [ 1528.615146] ? lock_acquire+0x197/0x470 [ 1528.616188] ? find_held_lock+0x2c/0x110 [ 1528.617272] ? __might_fault+0xd3/0x180 [ 1528.618337] ? lock_downgrade+0x6d0/0x6d0 [ 1528.619563] do_recvmmsg+0x24c/0x6d0 [ 1528.620533] ? ___sys_recvmsg+0x200/0x200 [ 1528.621555] ? lock_downgrade+0x6d0/0x6d0 [ 1528.622582] ? ksys_write+0x12d/0x260 [ 1528.623524] ? wait_for_completion_io+0x270/0x270 [ 1528.624726] ? rcu_read_lock_any_held+0x75/0xa0 [ 1528.625875] ? vfs_write+0x354/0xb10 [ 1528.626796] __x64_sys_recvmmsg+0x20f/0x260 [ 1528.627839] ? ksys_write+0x1a9/0x260 [ 1528.628749] ? __do_sys_socketcall+0x600/0x600 [ 1528.629809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1528.630999] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1528.632243] do_syscall_64+0x33/0x40 [ 1528.633155] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1528.634387] RIP: 0033:0x7f60a47afb19 [ 1528.635288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1528.639824] RSP: 002b:00007f60a1d04188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1528.641795] RAX: ffffffffffffffda RBX: 00007f60a48c3020 RCX: 00007f60a47afb19 [ 1528.643662] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1528.645499] RBP: 00007f60a1d041d0 R08: 0000000000000000 R09: 0000000000000000 [ 1528.647338] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1528.649173] R13: 00007ffeb710efbf R14: 00007f60a1d04300 R15: 0000000000022000 17:19:44 executing program 6: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c76616368653d6d6d61702c63616368653d6c6f6f73652c6e6f657874656e642c6e6f6465766d61702c646f6e745f61707072616973652c646f6e745f6d6561737572652c7375626a5f747970653d2c646f6e745f6d6561737572652c6673636f6e746578743d73797374656d5f752c66736d616769633d3078303030a2910ece23f255f630303038632c7569643d", @ANYRESDEC, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:19:45 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 20) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:45 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 41) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:19:45 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1528.799971] FAULT_INJECTION: forcing a failure. [ 1528.799971] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1528.802428] CPU: 0 PID: 8998 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1528.803842] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1528.805531] Call Trace: [ 1528.806070] dump_stack+0x107/0x167 [ 1528.806839] should_fail.cold+0x5/0xa [ 1528.807621] _copy_from_user+0x2e/0x1b0 [ 1528.808455] __copy_msghdr_from_user+0x91/0x4b0 [ 1528.809420] ? __ia32_sys_shutdown+0x80/0x80 [ 1528.810350] ? __lock_acquire+0x1657/0x5b00 [ 1528.811247] ___sys_recvmsg+0xd5/0x200 [ 1528.812053] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1528.813082] ? __fget_files+0x2cf/0x520 [ 1528.813915] ? lock_acquire+0x197/0x470 [ 1528.814745] ? find_held_lock+0x2c/0x110 [ 1528.815608] ? __might_fault+0xd3/0x180 [ 1528.816433] ? lock_downgrade+0x6d0/0x6d0 [ 1528.817320] do_recvmmsg+0x24c/0x6d0 [ 1528.818103] ? ___sys_recvmsg+0x200/0x200 [ 1528.818983] ? lock_downgrade+0x6d0/0x6d0 [ 1528.819882] ? ksys_write+0x12d/0x260 [ 1528.820696] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1528.821793] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1528.822935] __x64_sys_recvmmsg+0x20f/0x260 [ 1528.823826] ? __do_sys_socketcall+0x600/0x600 [ 1528.824755] ? __do_sys_socketcall+0x600/0x600 [ 1528.825707] do_syscall_64+0x33/0x40 [ 1528.826492] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1528.827557] RIP: 0033:0x7f11b74b4b19 [ 1528.828318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1528.832196] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1528.833784] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1528.835285] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1528.836915] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1528.838443] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1528.839958] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1528.842774] FAULT_INJECTION: forcing a failure. [ 1528.842774] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1528.845381] CPU: 0 PID: 8997 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1528.846830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1528.848589] Call Trace: [ 1528.849140] dump_stack+0x107/0x167 [ 1528.849924] should_fail.cold+0x5/0xa [ 1528.850744] _copy_from_user+0x2e/0x1b0 [ 1528.851598] __copy_msghdr_from_user+0x91/0x4b0 [ 1528.852598] ? __ia32_sys_shutdown+0x80/0x80 [ 1528.853535] ? __lock_acquire+0x1657/0x5b00 [ 1528.854490] ___sys_recvmsg+0xd5/0x200 [ 1528.855315] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1528.856359] ? __fget_files+0x2cf/0x520 [ 1528.857204] ? lock_acquire+0x197/0x470 [ 1528.858046] ? find_held_lock+0x2c/0x110 [ 1528.858939] ? __might_fault+0xd3/0x180 [ 1528.859783] ? lock_downgrade+0x6d0/0x6d0 [ 1528.860676] do_recvmmsg+0x24c/0x6d0 [ 1528.861472] ? ___sys_recvmsg+0x200/0x200 [ 1528.862363] ? lock_downgrade+0x6d0/0x6d0 [ 1528.863262] ? ksys_write+0x12d/0x260 [ 1528.864087] ? wait_for_completion_io+0x270/0x270 [ 1528.865114] ? rcu_read_lock_any_held+0x75/0xa0 [ 1528.866100] ? vfs_write+0x354/0xb10 [ 1528.866906] __x64_sys_recvmmsg+0x20f/0x260 [ 1528.867833] ? ksys_write+0x1a9/0x260 [ 1528.868643] ? __do_sys_socketcall+0x600/0x600 [ 1528.869636] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1528.870761] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1528.871868] do_syscall_64+0x33/0x40 [ 1528.872674] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1528.873764] RIP: 0033:0x7f033573cb19 [ 1528.874559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1528.878517] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1528.880128] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1528.881626] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1528.883152] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1528.884661] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1528.886185] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1528.889321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:19:45 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, 0x0, 0x0) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:19:45 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x1a}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) [ 1529.029390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1529.344971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 17:20:01 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x1b}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:20:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 36) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:20:01 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 57) 17:20:01 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:20:01 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 42) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1545.517172] FAULT_INJECTION: forcing a failure. [ 1545.517172] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1545.520380] CPU: 0 PID: 9014 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1545.522122] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1545.524245] Call Trace: [ 1545.524914] dump_stack+0x107/0x167 [ 1545.525845] should_fail.cold+0x5/0xa [ 1545.526834] _copy_from_user+0x2e/0x1b0 [ 1545.527855] __copy_msghdr_from_user+0x91/0x4b0 [ 1545.529029] ? __ia32_sys_shutdown+0x80/0x80 [ 1545.530161] ? __lock_acquire+0x1657/0x5b00 [ 1545.531483] ___sys_recvmsg+0xd5/0x200 [ 1545.532345] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1545.533386] ? __fget_files+0x2cf/0x520 [ 1545.534223] ? lock_acquire+0x197/0x470 [ 1545.535068] ? find_held_lock+0x2c/0x110 [ 1545.535931] ? __might_fault+0xd3/0x180 [ 1545.536772] ? lock_downgrade+0x6d0/0x6d0 [ 1545.537663] do_recvmmsg+0x24c/0x6d0 [ 1545.538466] ? ___sys_recvmsg+0x200/0x200 [ 1545.539368] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1545.540470] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1545.541607] ? trace_hardirqs_on+0x5b/0x180 [ 1545.542557] __x64_sys_recvmmsg+0x20f/0x260 [ 1545.543470] ? __do_sys_socketcall+0x600/0x600 [ 1545.544445] ? __do_sys_socketcall+0x600/0x600 [ 1545.545446] do_syscall_64+0x33/0x40 [ 1545.546238] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1545.547339] RIP: 0033:0x7f67c49b5b19 [ 1545.548124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1545.552006] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1545.553594] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1545.555209] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1545.556729] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1545.558431] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1545.560118] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 17:20:01 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 21) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:20:01 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:20:01 executing program 6: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x800000, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="30000000100001000a00000000000000000000001700000000000000c3fef480487fec864b245e0f3f9be149f8000000"], 0x30}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x401) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') getdents64(r2, &(0x7f00000007c0)=""/180, 0x200007d8) getdents64(r2, 0x0, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="305391f7", @ANYRES16=0x0, @ANYBLOB="010027bd7000fddbdf2501000000000000000c4100000014001462726f61646361730818d6a446d7ff70"], 0x30}}, 0x1) r3 = syz_genetlink_get_family_id$ipvs(0x0, r2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) lseek(r0, 0x1, 0x4) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r4, 0x1, 0x6, @local}, 0x10) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000000c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x2f}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000300)=ANY=[@ANYBLOB="2fdb37649ce6de56f1a66de348a417046c0069ae0ef3465fb297298b035b3be1c5d095708560c432cbd0a799a9c94aa07ca0242933c3799d374b17d979131fb67add1380b3ff0deb06bf947f3d81039dbe009d98baeb6089e9cae74920699e14aad9f26f83f4d50ecc11c480d59a5477b8cca73a83e4e16e8f7d3472208b8e76a96eea28f6131945d1ffe37875bac36e6b62abc4704f", @ANYRES32]) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYRESOCT, @ANYRES16=r3, @ANYBLOB], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x0) unshare(0x48020200) [ 1545.620138] FAULT_INJECTION: forcing a failure. [ 1545.620138] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1545.622841] CPU: 0 PID: 9023 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1545.624268] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1545.626009] Call Trace: [ 1545.626581] dump_stack+0x107/0x167 [ 1545.627365] should_fail.cold+0x5/0xa [ 1545.628182] _copy_from_user+0x2e/0x1b0 [ 1545.629032] __copy_msghdr_from_user+0x91/0x4b0 [ 1545.630024] ? __ia32_sys_shutdown+0x80/0x80 [ 1545.630977] ? __lock_acquire+0x1657/0x5b00 [ 1545.631922] ___sys_recvmsg+0xd5/0x200 [ 1545.632751] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1545.633801] ? trace_hardirqs_on+0x5b/0x180 [ 1545.634736] ? lock_acquire+0x197/0x470 [ 1545.635577] ? find_held_lock+0x2c/0x110 [ 1545.636439] ? __might_fault+0xd3/0x180 [ 1545.637296] ? lock_downgrade+0x6d0/0x6d0 [ 1545.638183] do_recvmmsg+0x24c/0x6d0 [ 1545.639015] ? ___sys_recvmsg+0x200/0x200 [ 1545.639755] FAULT_INJECTION: forcing a failure. [ 1545.639755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1545.639902] ? lock_downgrade+0x6d0/0x6d0 [ 1545.643383] ? ksys_write+0x12d/0x260 [ 1545.644208] ? wait_for_completion_io+0x270/0x270 [ 1545.645247] ? rcu_read_lock_any_held+0x75/0xa0 [ 1545.646235] ? vfs_write+0x354/0xb10 [ 1545.647048] __x64_sys_recvmmsg+0x20f/0x260 [ 1545.647962] ? ksys_write+0x1a9/0x260 [ 1545.648773] ? __do_sys_socketcall+0x600/0x600 [ 1545.649745] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1545.650873] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1545.651965] do_syscall_64+0x33/0x40 [ 1545.652746] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1545.653836] RIP: 0033:0x7f11b74b4b19 [ 1545.654628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1545.658502] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1545.660108] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1545.661634] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1545.663141] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1545.664659] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1545.666172] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1545.667740] CPU: 1 PID: 9028 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1545.669229] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1545.671024] Call Trace: [ 1545.671601] dump_stack+0x107/0x167 [ 1545.672396] should_fail.cold+0x5/0xa [ 1545.673224] _copy_from_user+0x2e/0x1b0 [ 1545.674101] __copy_msghdr_from_user+0x91/0x4b0 [ 1545.675233] ? __ia32_sys_shutdown+0x80/0x80 [ 1545.676208] ? __lock_acquire+0x1657/0x5b00 [ 1545.677310] ___sys_recvmsg+0xd5/0x200 [ 1545.678312] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1545.679389] ? __fget_files+0x2cf/0x520 [ 1545.680440] ? lock_acquire+0x197/0x470 [ 1545.681418] ? find_held_lock+0x2c/0x110 [ 1545.682442] ? __might_fault+0xd3/0x180 [ 1545.683453] ? lock_downgrade+0x6d0/0x6d0 [ 1545.684431] do_recvmmsg+0x24c/0x6d0 [ 1545.685296] ? ___sys_recvmsg+0x200/0x200 [ 1545.686267] ? lock_downgrade+0x6d0/0x6d0 [ 1545.687309] ? ksys_write+0x12d/0x260 [ 1545.688217] ? wait_for_completion_io+0x270/0x270 [ 1545.689387] ? rcu_read_lock_any_held+0x75/0xa0 [ 1545.690548] ? vfs_write+0x354/0xb10 [ 1545.691413] __x64_sys_recvmmsg+0x20f/0x260 [ 1545.692411] ? ksys_write+0x1a9/0x260 [ 1545.693289] ? __do_sys_socketcall+0x600/0x600 [ 1545.694280] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1545.695467] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1545.696608] do_syscall_64+0x33/0x40 [ 1545.697476] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1545.698620] RIP: 0033:0x7f033573cb19 [ 1545.699458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1545.703564] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1545.705292] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1545.706926] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1545.708557] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1545.710177] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1545.711818] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1545.732461] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.6'. 17:20:02 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 37) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1545.772915] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1545.850414] FAULT_INJECTION: forcing a failure. [ 1545.850414] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1545.853378] CPU: 1 PID: 9036 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1545.854921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1545.856788] Call Trace: [ 1545.857413] dump_stack+0x107/0x167 [ 1545.858219] should_fail.cold+0x5/0xa [ 1545.859113] _copy_from_user+0x2e/0x1b0 [ 1545.859997] __copy_msghdr_from_user+0x91/0x4b0 [ 1545.861072] ? __ia32_sys_shutdown+0x80/0x80 [ 1545.862064] ? __lock_acquire+0x1657/0x5b00 [ 1545.863090] ___sys_recvmsg+0xd5/0x200 [ 1545.863968] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1545.865089] ? __fget_files+0x2cf/0x520 [ 1545.865989] ? lock_acquire+0x197/0x470 [ 1545.866917] ? find_held_lock+0x2c/0x110 [ 1545.867840] ? __might_fault+0xd3/0x180 [ 1545.868767] ? lock_downgrade+0x6d0/0x6d0 [ 1545.869745] do_recvmmsg+0x24c/0x6d0 [ 1545.870634] ? ___sys_recvmsg+0x200/0x200 [ 1545.871592] ? lock_downgrade+0x6d0/0x6d0 [ 1545.872556] ? ksys_write+0x12d/0x260 [ 1545.873441] ? wait_for_completion_io+0x270/0x270 [ 1545.874557] ? rcu_read_lock_any_held+0x75/0xa0 [ 1545.875596] ? vfs_write+0x354/0xb10 [ 1545.876447] __x64_sys_recvmmsg+0x20f/0x260 [ 1545.877418] ? ksys_write+0x1a9/0x260 [ 1545.878278] ? __do_sys_socketcall+0x600/0x600 [ 1545.879350] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1545.880518] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1545.881678] do_syscall_64+0x33/0x40 [ 1545.882563] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1545.883711] RIP: 0033:0x7f67c49b5b19 [ 1545.884561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1545.888667] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1545.890390] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1545.891972] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1545.893589] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1545.895205] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1545.896801] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1546.001104] FAULT_INJECTION: forcing a failure. [ 1546.001104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1546.003687] CPU: 0 PID: 9019 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1546.005168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1546.006982] Call Trace: [ 1546.007554] dump_stack+0x107/0x167 [ 1546.008358] should_fail.cold+0x5/0xa [ 1546.009189] _copy_from_user+0x2e/0x1b0 [ 1546.010052] __copy_msghdr_from_user+0x91/0x4b0 [ 1546.011074] ? __ia32_sys_shutdown+0x80/0x80 [ 1546.012011] ? __lock_acquire+0x1657/0x5b00 [ 1546.012944] ___sys_recvmsg+0xd5/0x200 [ 1546.013785] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1546.014850] ? trace_hardirqs_on+0x5b/0x180 [ 1546.015777] ? lock_acquire+0x197/0x470 [ 1546.016631] ? find_held_lock+0x2c/0x110 [ 1546.017513] ? __might_fault+0xd3/0x180 [ 1546.018365] ? lock_downgrade+0x6d0/0x6d0 [ 1546.019314] do_recvmmsg+0x24c/0x6d0 [ 1546.020117] ? ___sys_recvmsg+0x200/0x200 [ 1546.021025] ? lock_downgrade+0x6d0/0x6d0 [ 1546.021938] ? ksys_write+0x12d/0x260 [ 1546.022772] ? wait_for_completion_io+0x270/0x270 [ 1546.023815] ? rcu_read_lock_any_held+0x75/0xa0 [ 1546.024813] ? vfs_write+0x354/0xb10 [ 1546.025616] __x64_sys_recvmmsg+0x20f/0x260 [ 1546.026546] ? ksys_write+0x1a9/0x260 [ 1546.027390] ? __do_sys_socketcall+0x600/0x600 [ 1546.028370] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1546.029496] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1546.030606] do_syscall_64+0x33/0x40 [ 1546.031409] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1546.032518] RIP: 0033:0x7f60a47afb19 [ 1546.033319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1546.037275] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1546.038877] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1546.040390] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1546.041903] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1546.043440] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1546.044961] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 [ 1546.131480] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.6'. [ 1550.746780] Bluetooth: hci1: command 0x0409 tx timeout [ 1552.793822] Bluetooth: hci1: command 0x041b tx timeout [ 1554.842780] Bluetooth: hci1: command 0x040f tx timeout [ 1555.827846] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1555.829967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1555.832951] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1555.890413] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1555.892590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1555.895080] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1556.024014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1556.328380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1556.889802] Bluetooth: hci1: command 0x0419 tx timeout 17:20:27 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x1c}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:20:27 executing program 6: memfd_create(&(0x7f0000000340)='\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r0 = syz_io_uring_setup(0x5, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000540)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x5, 0x0, @fd_index}, 0x3) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_NOP={0x0, 0x2}, 0x9) io_uring_enter(r0, 0x4eae, 0x0, 0x0, 0x0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2010009, &(0x7f0000000380)={[{@nr_inodes={'nr_inodes', 0x3d, [0x49, 0xe]}}, {@huge_within_size}, {@huge_always}, {@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x74, 0x35, 0x78, 0x74, 0x33, 0x34, 0x6b, 0x6b, 0x38]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x74, 0x67]}}, {@nr_inodes={'nr_inodes', 0x3d, [0x67, 0x6b, 0x25, 0x70]}}, {@mode={'mode', 0x3d, 0x5}}, {@huge_within_size}, {@huge_within_size}], [{@euid_lt={'euid<', 0xffffffffffffffff}}, {@appraise_type}, {@measure}]}) 17:20:27 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) 17:20:27 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 43) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:20:27 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:20:27 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 22) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:20:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 38) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:20:27 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 58) [ 1571.398478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1571.412062] FAULT_INJECTION: forcing a failure. [ 1571.412062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.413507] CPU: 1 PID: 9514 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1571.414320] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.415329] Call Trace: [ 1571.415646] dump_stack+0x107/0x167 [ 1571.416069] should_fail.cold+0x5/0xa [ 1571.416524] _copy_from_user+0x2e/0x1b0 [ 1571.416999] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.417541] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.418091] ? __lock_acquire+0x1657/0x5b00 [ 1571.418690] ___sys_recvmsg+0xd5/0x200 [ 1571.419161] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.419766] ? __fget_files+0x2cf/0x520 [ 1571.420248] ? lock_acquire+0x197/0x470 [ 1571.420734] ? find_held_lock+0x2c/0x110 [ 1571.421225] ? __might_fault+0xd3/0x180 [ 1571.421689] ? lock_downgrade+0x6d0/0x6d0 [ 1571.422009] FAULT_INJECTION: forcing a failure. [ 1571.422009] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.422208] do_recvmmsg+0x24c/0x6d0 [ 1571.425646] ? ___sys_recvmsg+0x200/0x200 [ 1571.426156] ? lock_downgrade+0x6d0/0x6d0 [ 1571.426649] ? ksys_write+0x12d/0x260 [ 1571.427131] ? wait_for_completion_io+0x270/0x270 [ 1571.427708] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.428270] ? vfs_write+0x354/0xb10 [ 1571.428724] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.429239] ? ksys_write+0x1a9/0x260 [ 1571.429691] ? __do_sys_socketcall+0x600/0x600 [ 1571.430236] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.430865] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.431476] do_syscall_64+0x33/0x40 [ 1571.431930] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.432532] RIP: 0033:0x7f11b74b4b19 [ 1571.432987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.435225] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.436141] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1571.436993] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.437836] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.438696] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.439562] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1571.440441] CPU: 0 PID: 9521 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1571.441952] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.443701] Call Trace: [ 1571.444255] dump_stack+0x107/0x167 [ 1571.445010] should_fail.cold+0x5/0xa [ 1571.445821] _copy_from_user+0x2e/0x1b0 [ 1571.446672] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.447669] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.448584] ? __lock_acquire+0x1657/0x5b00 [ 1571.449485] ___sys_recvmsg+0xd5/0x200 [ 1571.450311] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.451348] ? __fget_files+0x2cf/0x520 [ 1571.452181] ? lock_acquire+0x197/0x470 [ 1571.453009] ? find_held_lock+0x2c/0x110 [ 1571.453859] ? __might_fault+0xd3/0x180 [ 1571.454709] ? lock_downgrade+0x6d0/0x6d0 [ 1571.455608] do_recvmmsg+0x24c/0x6d0 [ 1571.456408] ? ___sys_recvmsg+0x200/0x200 [ 1571.457300] ? lock_downgrade+0x6d0/0x6d0 [ 1571.458178] ? ksys_write+0x12d/0x260 [ 1571.459003] ? wait_for_completion_io+0x270/0x270 [ 1571.460019] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.461020] ? vfs_write+0x354/0xb10 [ 1571.461827] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.462760] ? ksys_write+0x1a9/0x260 [ 1571.463573] ? __do_sys_socketcall+0x600/0x600 [ 1571.464555] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.465687] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.466840] do_syscall_64+0x33/0x40 [ 1571.467655] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.468770] RIP: 0033:0x7f67c49b5b19 [ 1571.469564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.473455] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.475111] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1571.476646] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1571.478149] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.479672] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.481165] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1571.491995] tmpfs: Bad value for 'nr_inodes' [ 1571.495340] FAULT_INJECTION: forcing a failure. [ 1571.495340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.496813] CPU: 1 PID: 9520 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1571.497648] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.498659] Call Trace: [ 1571.498999] dump_stack+0x107/0x167 [ 1571.499426] should_fail.cold+0x5/0xa [ 1571.499877] _copy_from_user+0x2e/0x1b0 [ 1571.500353] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.500903] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.501431] ? __lock_acquire+0x1657/0x5b00 [ 1571.501965] ___sys_recvmsg+0xd5/0x200 [ 1571.502448] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.503120] ? __fget_files+0x2cf/0x520 [ 1571.503636] ? lock_acquire+0x197/0x470 [ 1571.504157] ? find_held_lock+0x2c/0x110 [ 1571.504687] ? __might_fault+0xd3/0x180 [ 1571.505241] ? lock_downgrade+0x6d0/0x6d0 [ 1571.505838] do_recvmmsg+0x24c/0x6d0 [ 1571.506361] ? ___sys_recvmsg+0x200/0x200 [ 1571.506959] ? lock_downgrade+0x6d0/0x6d0 [ 1571.507544] ? ksys_write+0x12d/0x260 [ 1571.508093] ? wait_for_completion_io+0x270/0x270 [ 1571.508765] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.509417] ? vfs_write+0x354/0xb10 [ 1571.509942] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.510537] ? ksys_write+0x1a9/0x260 [ 1571.511085] ? __do_sys_socketcall+0x600/0x600 [ 1571.511732] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.512470] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.513210] do_syscall_64+0x33/0x40 [ 1571.513723] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.514319] RIP: 0033:0x7f033573cb19 [ 1571.514766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.517370] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.518442] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1571.519453] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.520457] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.521453] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.522479] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1571.543192] tmpfs: Bad value for 'nr_inodes' [ 1571.587655] FAULT_INJECTION: forcing a failure. [ 1571.587655] name fail_usercopy, interval 1, probability 0, space 0, times 0 17:20:27 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736602106c00080120000200004000f8000020004000000000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}], 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00dae2c3b6499c2105d78089aa74a545e9af93bba25cc826947d605368d86f882834f20f"]) [ 1571.590600] CPU: 0 PID: 9519 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1571.592431] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.594503] Call Trace: [ 1571.595171] dump_stack+0x107/0x167 [ 1571.596100] should_fail.cold+0x5/0xa [ 1571.597059] _copy_from_user+0x2e/0x1b0 [ 1571.598058] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.599210] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.600329] ? __lock_acquire+0x1657/0x5b00 [ 1571.601428] ___sys_recvmsg+0xd5/0x200 [ 1571.602392] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.603633] ? __fget_files+0x2cf/0x520 [ 1571.604644] ? lock_acquire+0x197/0x470 [ 1571.605661] ? find_held_lock+0x2c/0x110 [ 1571.606691] ? __might_fault+0xd3/0x180 [ 1571.607722] ? lock_downgrade+0x6d0/0x6d0 [ 1571.608778] do_recvmmsg+0x24c/0x6d0 [ 1571.609723] ? ___sys_recvmsg+0x200/0x200 [ 1571.610848] ? lock_downgrade+0x6d0/0x6d0 [ 1571.611897] ? ksys_write+0x12d/0x260 [ 1571.612834] ? wait_for_completion_io+0x270/0x270 [ 1571.614005] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.615165] ? vfs_write+0x354/0xb10 [ 1571.616086] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.617026] ? ksys_write+0x1a9/0x260 [ 1571.617839] ? __do_sys_socketcall+0x600/0x600 [ 1571.618839] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.619972] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.621086] do_syscall_64+0x33/0x40 [ 1571.621916] entry_SYSCALL_64_after_hwframe+0x67/0xd1 17:20:27 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 44) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1571.623053] RIP: 0033:0x7f60a47afb19 [ 1571.626600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.630559] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.632411] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1571.633970] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.635465] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.636983] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.638486] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:20:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 39) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:20:27 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 23) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:20:28 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000180)={@local}, 0x14) sendto$packet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r6, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1571.673215] FAULT_INJECTION: forcing a failure. [ 1571.673215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.674630] CPU: 1 PID: 9532 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1571.675442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.676446] Call Trace: [ 1571.676752] dump_stack+0x107/0x167 [ 1571.677181] should_fail.cold+0x5/0xa [ 1571.677628] _copy_from_user+0x2e/0x1b0 [ 1571.678019] loop6: detected capacity change from 0 to 4096 [ 1571.678109] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.679996] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.680552] ? __lock_acquire+0x1657/0x5b00 [ 1571.681057] ___sys_recvmsg+0xd5/0x200 [ 1571.681498] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.682067] ? __fget_files+0x2cf/0x520 [ 1571.682534] ? lock_acquire+0x197/0x470 [ 1571.683011] ? find_held_lock+0x2c/0x110 [ 1571.683478] ? __might_fault+0xd3/0x180 [ 1571.683941] ? lock_downgrade+0x6d0/0x6d0 [ 1571.684446] do_recvmmsg+0x24c/0x6d0 [ 1571.684884] ? ___sys_recvmsg+0x200/0x200 [ 1571.685376] ? lock_downgrade+0x6d0/0x6d0 [ 1571.685865] ? ksys_write+0x12d/0x260 [ 1571.686354] ? wait_for_completion_io+0x270/0x270 [ 1571.686923] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.687492] ? vfs_write+0x354/0xb10 [ 1571.687752] FAULT_INJECTION: forcing a failure. [ 1571.687752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.687945] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.690842] ? ksys_write+0x1a9/0x260 [ 1571.691287] ? __do_sys_socketcall+0x600/0x600 [ 1571.691825] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.692435] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.693025] do_syscall_64+0x33/0x40 [ 1571.693448] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.694037] RIP: 0033:0x7f033573cb19 [ 1571.694468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.696589] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.697465] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1571.698290] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.699114] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.699935] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.700767] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1571.701600] CPU: 0 PID: 9527 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1571.703048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.704772] Call Trace: [ 1571.705320] dump_stack+0x107/0x167 [ 1571.706117] should_fail.cold+0x5/0xa [ 1571.706944] _copy_from_user+0x2e/0x1b0 [ 1571.707785] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.708759] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.709689] ? __lock_acquire+0x1657/0x5b00 [ 1571.710627] ___sys_recvmsg+0xd5/0x200 [ 1571.711466] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.712499] ? trace_hardirqs_on+0x5b/0x180 [ 1571.713414] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.714512] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1571.715640] ? trace_hardirqs_on+0x5b/0x180 [ 1571.716535] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1571.717670] ? lock_release+0x3ee/0x680 [ 1571.718510] do_recvmmsg+0x24c/0x6d0 [ 1571.719310] ? ___sys_recvmsg+0x200/0x200 [ 1571.720160] ? lock_downgrade+0x6d0/0x6d0 [ 1571.721048] ? ksys_write+0x12d/0x260 [ 1571.721861] ? wait_for_completion_io+0x270/0x270 [ 1571.722902] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.723878] ? vfs_write+0x354/0xb10 [ 1571.724674] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.725600] ? ksys_write+0x1a9/0x260 [ 1571.726305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1571.726409] ? __do_sys_socketcall+0x600/0x600 [ 1571.728407] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.729492] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.730597] do_syscall_64+0x33/0x40 [ 1571.731395] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.732462] RIP: 0033:0x7f11b74b4b19 [ 1571.733229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.737078] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.738678] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1571.740182] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.741676] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.743199] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.744692] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 17:20:28 executing program 2: syz_80211_inject_frame(&(0x7f0000000300)=@device_b={0x8, 0x2, 0x11, 0x1d}, &(0x7f0000000040)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x2e) 17:20:28 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 24) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1571.771907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1571.781031] FAULT_INJECTION: forcing a failure. [ 1571.781031] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.781339] FAULT_INJECTION: forcing a failure. [ 1571.781339] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.783653] CPU: 0 PID: 9533 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1571.786254] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.787971] Call Trace: [ 1571.788524] dump_stack+0x107/0x167 [ 1571.789306] should_fail.cold+0x5/0xa [ 1571.790098] _copy_from_user+0x2e/0x1b0 [ 1571.790941] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.791917] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.792842] ? __lock_acquire+0x1657/0x5b00 [ 1571.793766] ___sys_recvmsg+0xd5/0x200 [ 1571.794571] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.795623] ? lock_acquire+0x197/0x470 [ 1571.796455] ? find_held_lock+0x2c/0x110 [ 1571.797316] ? __might_fault+0xd3/0x180 [ 1571.798148] ? lock_downgrade+0x6d0/0x6d0 [ 1571.799040] do_recvmmsg+0x24c/0x6d0 [ 1571.799838] ? ___sys_recvmsg+0x200/0x200 [ 1571.800697] ? lock_downgrade+0x6d0/0x6d0 [ 1571.801576] ? ksys_write+0x12d/0x260 [ 1571.802383] ? wait_for_completion_io+0x270/0x270 [ 1571.803410] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.804385] ? vfs_write+0x354/0xb10 [ 1571.805170] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.806081] ? ksys_write+0x1a9/0x260 [ 1571.806896] ? __do_sys_socketcall+0x600/0x600 [ 1571.807868] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.808969] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.810046] do_syscall_64+0x33/0x40 [ 1571.810853] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.811910] RIP: 0033:0x7f67c49b5b19 [ 1571.812715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.816570] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.818169] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1571.819697] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1571.821186] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.822692] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.824212] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1571.825750] CPU: 1 PID: 9541 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1571.826563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.827532] Call Trace: [ 1571.827842] dump_stack+0x107/0x167 [ 1571.828262] should_fail.cold+0x5/0xa [ 1571.828709] _copy_from_user+0x2e/0x1b0 [ 1571.829179] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.829716] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.830236] ? __lock_acquire+0x1657/0x5b00 [ 1571.830748] ___sys_recvmsg+0xd5/0x200 [ 1571.831195] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.831774] ? __fget_files+0x2cf/0x520 [ 1571.832243] ? lock_acquire+0x197/0x470 [ 1571.832691] ? find_held_lock+0x2c/0x110 [ 1571.833195] ? __might_fault+0xd3/0x180 [ 1571.833658] ? lock_downgrade+0x6d0/0x6d0 [ 1571.834140] do_recvmmsg+0x24c/0x6d0 [ 1571.834603] ? ___sys_recvmsg+0x200/0x200 [ 1571.835116] ? lock_downgrade+0x6d0/0x6d0 [ 1571.835622] ? ksys_write+0x12d/0x260 [ 1571.836069] ? wait_for_completion_io+0x270/0x270 [ 1571.836644] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.837180] ? vfs_write+0x354/0xb10 [ 1571.837623] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.838141] ? ksys_write+0x1a9/0x260 [ 1571.838590] ? __do_sys_socketcall+0x600/0x600 [ 1571.839146] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.839812] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.840422] do_syscall_64+0x33/0x40 [ 1571.840851] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.841453] RIP: 0033:0x7f033573cb19 [ 1571.841887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.844095] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.844975] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1571.845883] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.846769] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.847634] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.848521] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1571.851079] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x00000000 (sector = 1) 17:20:28 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 25) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:20:28 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 59) [ 1571.884290] FAULT_INJECTION: forcing a failure. [ 1571.884290] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1571.885749] CPU: 1 PID: 9545 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1571.886531] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.887549] Call Trace: [ 1571.887886] dump_stack+0x107/0x167 [ 1571.888304] should_fail.cold+0x5/0xa [ 1571.888756] __alloc_pages_nodemask+0x182/0x600 [ 1571.889318] ? lock_chain_count+0x20/0x20 [ 1571.889787] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1571.890515] alloc_pages_vma+0xbb/0x410 [ 1571.891002] wp_page_copy+0xee7/0x1f00 [ 1571.891465] ? print_bad_pte+0x5a0/0x5a0 [ 1571.891947] ? lock_downgrade+0x6d0/0x6d0 [ 1571.892425] ? vm_normal_page+0x162/0x2e0 [ 1571.892894] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1571.893493] do_wp_page+0x27b/0x1390 [ 1571.893922] handle_mm_fault+0x1cc7/0x3500 [ 1571.894390] ? __check_object_size+0x2f/0x440 [ 1571.894906] ? __pmd_alloc+0x5e0/0x5e0 [ 1571.895350] ? vmacache_find+0x55/0x2a0 [ 1571.895816] do_user_addr_fault+0x56e/0xc60 [ 1571.896312] exc_page_fault+0xa2/0x1a0 [ 1571.896763] asm_exc_page_fault+0x1e/0x30 [ 1571.897244] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 1571.897815] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca e9 61 ea 1c 02 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca e9 42 ea 1c 02 66 90 48 bb f9 ef ff ff ff 7f [ 1571.899952] RSP: 0018:ffff88800e7379c8 EFLAGS: 00050202 [ 1571.900599] RAX: 0000000000000020 RBX: ffffffff837e6c40 RCX: 0000000020002030 [ 1571.901447] RDX: 1ffff11001ce6fc3 RSI: ffffffff8310cbca RDI: 0000000000000005 [ 1571.902265] RBP: ffff88800e737dc8 R08: 0000000000000001 R09: ffff88801ce465df [ 1571.903106] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000020002030 [ 1571.903906] R13: 0000000020002000 R14: 0000000000000022 R15: 0000000000000034 [ 1571.904728] ? packet_create+0xb00/0xb00 [ 1571.905188] ? ____sys_recvmsg+0x2aa/0x590 [ 1571.905670] ____sys_recvmsg+0x2dd/0x590 [ 1571.906110] ? kernel_recvmsg+0x80/0x80 [ 1571.906543] ? __import_iovec+0x458/0x590 [ 1571.907023] ? import_iovec+0x83/0xb0 [ 1571.907454] ___sys_recvmsg+0x127/0x200 [ 1571.907881] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.908418] ? __fget_files+0x2cf/0x520 [ 1571.908882] ? lock_acquire+0x197/0x470 [ 1571.909338] ? find_held_lock+0x2c/0x110 [ 1571.909801] ? __might_fault+0xd3/0x180 [ 1571.910257] ? lock_downgrade+0x6d0/0x6d0 [ 1571.910764] do_recvmmsg+0x24c/0x6d0 [ 1571.911187] ? ___sys_recvmsg+0x200/0x200 [ 1571.911652] ? lock_downgrade+0x6d0/0x6d0 [ 1571.912119] ? ksys_write+0x12d/0x260 [ 1571.912556] ? wait_for_completion_io+0x270/0x270 [ 1571.913106] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.913628] ? vfs_write+0x354/0xb10 [ 1571.914048] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.914552] ? ksys_write+0x1a9/0x260 [ 1571.914991] ? __do_sys_socketcall+0x600/0x600 [ 1571.915519] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.916113] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.916697] do_syscall_64+0x33/0x40 [ 1571.917120] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.917716] RIP: 0033:0x7f033573cb19 [ 1571.918128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.920241] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.921096] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1571.921905] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.922704] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.923512] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.924322] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 17:20:28 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 45) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) [ 1571.947334] FAULT_INJECTION: forcing a failure. [ 1571.947334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.949021] CPU: 1 PID: 9547 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1571.949894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1571.951004] Call Trace: [ 1571.951332] dump_stack+0x107/0x167 [ 1571.951806] should_fail.cold+0x5/0xa [ 1571.952263] _copy_from_user+0x2e/0x1b0 [ 1571.952760] __copy_msghdr_from_user+0x91/0x4b0 [ 1571.953290] ? __ia32_sys_shutdown+0x80/0x80 [ 1571.953781] ? __lock_acquire+0x1657/0x5b00 [ 1571.954285] ___sys_recvmsg+0xd5/0x200 [ 1571.954752] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1571.955319] ? __fget_files+0x2cf/0x520 [ 1571.955790] ? lock_acquire+0x197/0x470 [ 1571.956252] ? find_held_lock+0x2c/0x110 [ 1571.956753] ? __might_fault+0xd3/0x180 [ 1571.957202] ? lock_downgrade+0x6d0/0x6d0 [ 1571.957681] do_recvmmsg+0x24c/0x6d0 [ 1571.958102] ? ___sys_recvmsg+0x200/0x200 [ 1571.958574] ? lock_downgrade+0x6d0/0x6d0 [ 1571.959063] ? ksys_write+0x12d/0x260 [ 1571.959498] ? wait_for_completion_io+0x270/0x270 [ 1571.960044] ? rcu_read_lock_any_held+0x75/0xa0 [ 1571.960591] ? vfs_write+0x354/0xb10 [ 1571.961016] __x64_sys_recvmmsg+0x20f/0x260 [ 1571.961517] ? ksys_write+0x1a9/0x260 [ 1571.961964] ? __do_sys_socketcall+0x600/0x600 [ 1571.962500] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1571.963119] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1571.963714] do_syscall_64+0x33/0x40 [ 1571.964155] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1571.964728] RIP: 0033:0x7f11b74b4b19 [ 1571.965154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1571.967298] RSP: 002b:00007f11b4a2a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1571.968173] RAX: ffffffffffffffda RBX: 00007f11b75c7f60 RCX: 00007f11b74b4b19 [ 1571.969002] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1571.969823] RBP: 00007f11b4a2a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.970599] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1571.971427] R13: 00007ffc1d6cbebf R14: 00007f11b4a2a300 R15: 0000000000022000 [ 1571.995847] FAULT_INJECTION: forcing a failure. [ 1571.995847] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.998556] CPU: 0 PID: 9549 Comm: syz-executor.7 Not tainted 5.10.235 #1 [ 1572.000011] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1572.001735] Call Trace: [ 1572.002287] dump_stack+0x107/0x167 [ 1572.003056] should_fail.cold+0x5/0xa [ 1572.003863] _copy_from_user+0x2e/0x1b0 [ 1572.004704] __copy_msghdr_from_user+0x91/0x4b0 [ 1572.005659] ? __ia32_sys_shutdown+0x80/0x80 [ 1572.006590] ? __lock_acquire+0x1657/0x5b00 [ 1572.007519] ___sys_recvmsg+0xd5/0x200 [ 1572.008330] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1572.009353] ? lock_acquire+0x197/0x470 [ 1572.010182] ? find_held_lock+0x2c/0x110 [ 1572.011049] ? __might_fault+0xd3/0x180 [ 1572.011873] ? lock_downgrade+0x6d0/0x6d0 [ 1572.012766] do_recvmmsg+0x24c/0x6d0 [ 1572.013542] ? ___sys_recvmsg+0x200/0x200 [ 1572.014413] ? lock_downgrade+0x6d0/0x6d0 [ 1572.015288] ? ksys_write+0x12d/0x260 [ 1572.016101] ? wait_for_completion_io+0x270/0x270 [ 1572.017101] ? rcu_read_lock_any_held+0x75/0xa0 [ 1572.018064] ? vfs_write+0x354/0xb10 [ 1572.018841] __x64_sys_recvmmsg+0x20f/0x260 [ 1572.019746] ? ksys_write+0x1a9/0x260 [ 1572.020537] ? __do_sys_socketcall+0x600/0x600 [ 1572.021490] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1572.022584] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1572.023666] do_syscall_64+0x33/0x40 [ 1572.024444] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1572.025502] RIP: 0033:0x7f60a47afb19 [ 1572.026282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1572.030122] RSP: 002b:00007f60a1d25188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1572.031699] RAX: ffffffffffffffda RBX: 00007f60a48c2f60 RCX: 00007f60a47afb19 [ 1572.033188] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1572.034621] RBP: 00007f60a1d251d0 R08: 0000000000000000 R09: 0000000000000000 [ 1572.036127] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1572.037636] R13: 00007ffeb710efbf R14: 00007f60a1d25300 R15: 0000000000022000 17:20:28 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 40) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:20:28 executing program 4: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4008240b, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 26) signalfd(r1, &(0x7f0000000340)={[0x8001]}, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) 17:20:28 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x2ff, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) rename(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0\x00') syz_80211_join_ibss(&(0x7f0000000080)='wlan1\x00', 0x0, 0xf, 0x0) [ 1572.082419] FAULT_INJECTION: forcing a failure. [ 1572.082419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1572.083921] CPU: 1 PID: 9552 Comm: syz-executor.1 Not tainted 5.10.235 #1 [ 1572.084727] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1572.085689] Call Trace: [ 1572.086007] dump_stack+0x107/0x167 [ 1572.086442] should_fail.cold+0x5/0xa [ 1572.086906] _copy_from_user+0x2e/0x1b0 [ 1572.087370] __copy_msghdr_from_user+0x91/0x4b0 [ 1572.087919] ? __ia32_sys_shutdown+0x80/0x80 [ 1572.088435] ? __lock_acquire+0x1657/0x5b00 [ 1572.088954] ___sys_recvmsg+0xd5/0x200 [ 1572.089413] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1572.089985] ? __fget_files+0x2cf/0x520 [ 1572.090457] ? lock_acquire+0x197/0x470 [ 1572.090929] ? find_held_lock+0x2c/0x110 [ 1572.091401] ? __might_fault+0xd3/0x180 [ 1572.091868] ? lock_downgrade+0x6d0/0x6d0 [ 1572.092352] do_recvmmsg+0x24c/0x6d0 [ 1572.092793] ? ___sys_recvmsg+0x200/0x200 [ 1572.093279] ? lock_downgrade+0x6d0/0x6d0 [ 1572.093764] ? ksys_write+0x12d/0x260 [ 1572.094213] ? wait_for_completion_io+0x270/0x270 [ 1572.094851] ? rcu_read_lock_any_held+0x75/0xa0 [ 1572.095493] ? vfs_write+0x354/0xb10 [ 1572.096005] __x64_sys_recvmmsg+0x20f/0x260 [ 1572.096580] ? ksys_write+0x1a9/0x260 [ 1572.097102] ? __do_sys_socketcall+0x600/0x600 [ 1572.097710] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1572.098423] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1572.099144] do_syscall_64+0x33/0x40 [ 1572.099650] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1572.100348] RIP: 0033:0x7f67c49b5b19 [ 1572.100856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1572.103257] RSP: 002b:00007f67c1f2b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1572.103849] ------------[ cut here ]------------ [ 1572.104157] RAX: ffffffffffffffda RBX: 00007f67c4ac8f60 RCX: 00007f67c49b5b19 [ 1572.104166] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000004 [ 1572.104173] RBP: 00007f67c1f2b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1572.104179] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 17:20:28 executing program 0: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x4008240b, &(0x7f00000002c0)='\x00\x00\x00\x00\xe7\xad`\xdb\x87\xbe\xfe\xa6\xb2\x00\x00\x1b\x98\xcb!\x0f\x90kJ\x9e~\xec3\x85\xcc\xa2\xc7\xac\f\x01+S\xfc\xcb{\x83\xb6\x99\x84\x19;\t\xda\x8a;\x00\x00@\x00^\xd6\x1b\xe6m\xf6\x8d\x82\xd5\x84*\xbd\b\x8c5gG\r\xd6\xe3\xb3\xa0BK\xcd&\'\x9c\x16\xe57\xb8\xd9\xf2c\x12\xb94x\x8f\xe3\xf06z\x00$\xa2\xb02\xe98\xbf\xd4rl\xec\xe9\xd0\xd0\x88') r1 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) (fail_nth: 46) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) 17:20:28 executing program 3: r0 = semget$private(0x0, 0x4, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x82b4d8da1ae7c66c}], 0x1) getresgid(&(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)) stat(&(0x7f0000000100)='./file2\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d91e31b7892f71f3ac842db783e431d605372ea606c253e7c4ff3d013e13614b38210b49077cca3b953d867fd849b8fe2ff2f49a2849f897aa0aa580d9181e218f7c241c047d0a0ef6ba946c262de8447d2ec926ffc3aaadd9660fff9cea9b11f2ff3704df391d2bdb33465bfa785d15ef405e901c59cb0dfc75ae84a5ce85db5f2f363979cb753db158729cd7ca20d8cb5989348", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=r1, @ANYBLOB=',audit,rootcontext=user_u,\x00']) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000002c0)={{0x1, 0x0, 0x0, r1, 0x0, 0x39, 0x8}, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}) semctl$IPC_RMID(0x0, 0x0, 0x0) stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000100)) r2 = semget(0x2, 0x0, 0x100) getuid() stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) semtimedop(r2, &(0x7f0000000080)=[{0x0, 0x4, 0x1000}], 0x1, &(0x7f0000000100)={r3, r4+10000000}) r5 = semget(0x1, 0x4, 0x4c0) semctl$SEM_INFO(r5, 0x935a4533181df21f, 0x13, &(0x7f0000001e00)=""/4096) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@file={0x0, './file1\x00'}, 0x6e) semctl$SEM_INFO(r0, 0x3, 0x13, &(0x7f0000000000)=""/35) unshare(0x48020200) [ 1572.104187] R13: 00007fff4edb47af R14: 00007f67c1f2b300 R15: 0000000000022000 [ 1572.114055] wlan1: Failed check-sdata-in-driver check, flags: 0x4 17:20:28 executing program 5: perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000110}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1072e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)={0x80, 0x0, 0x5, 0x0, 0xffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x34, &(0x7f0000001f00)=ANY=[], 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x300, 0x22, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000380)={0x3, 0x1}, 0x4) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f0000000180)={@local, r5}, 0x14) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x8100, r5, 0x1, 0x0, 0x6, @random="c480e72d13a8"}, 0x14) fcntl$setpipe(r2, 0x407, 0x80000000) openat2(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x783080, 0x39, 0x9}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast2}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) [ 1572.116025] WARNING: CPU: 0 PID: 9556 at net/mac80211/driver-ops.h:172 drv_bss_info_changed+0x554/0x5f0 [ 1572.118560] Modules linked in: [ 1572.119315] CPU: 0 PID: 9556 Comm: syz-executor.6 Not tainted 5.10.235 #1 [ 1572.120798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1572.123109] RIP: 0010:drv_bss_info_changed+0x554/0x5f0 [ 1572.124685] Code: 49 8b ac 24 a8 03 00 00 48 85 ed 74 3e e8 54 ab 8b fd e8 4f ab 8b fd 8b 54 24 04 48 89 ee 48 c7 c7 c0 da 95 84 e8 dc 07 25 00 <0f> 0b e9 c7 fd ff ff 4c 89 ff e8 7d af b7 fd e9 97 fb ff ff 4c 89 [ 1572.126527] FAULT_INJECTION: forcing a failure. [ 1572.126527] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1572.134515] RSP: 0018:ffff888034f3f5d0 EFLAGS: 00010282 [ 1572.135796] CPU: 1 PID: 9558 Comm: syz-executor.4 Not tainted 5.10.235 #1 [ 1572.135803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1572.135814] Call Trace: [ 1572.136941] [ 1572.137712] dump_stack+0x107/0x167 [ 1572.139465] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1572.139731] should_fail.cold+0x5/0xa [ 1572.139747] _copy_from_user+0x2e/0x1b0 [ 1572.139769] __copy_msghdr_from_user+0x91/0x4b0 [ 1572.140106] RDX: 0000000000040000 RSI: ffffffff8129e973 RDI: ffffed10069e7eac [ 1572.140529] ? __ia32_sys_shutdown+0x80/0x80 [ 1572.142035] RBP: ffff888046a24000 R08: 0000000000000001 R09: ffff88806ce37b0f [ 1572.142434] ? __lock_acquire+0x1657/0x5b00 [ 1572.142456] ___sys_recvmsg+0xd5/0x200 [ 1572.143325] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046a24bc0 [ 1572.143817] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1572.143831] ? __fget_files+0x2cf/0x520 [ 1572.143847] ? lock_acquire+0x197/0x470 [ 1572.145367] R13: 0000000000400000 R14: ffff888046a25da0 R15: ffff888046a25d98 [ 1572.145847] ? find_held_lock+0x2c/0x110 [ 1572.145863] ? __might_fault+0xd3/0x180 [ 1572.145880] ? lock_downgrade+0x6d0/0x6d0 [ 1572.147392] FS: 00007fdc1e59b700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 1572.147841] do_recvmmsg+0x24c/0x6d0 [ 1572.147860] ? ___sys_recvmsg+0x200/0x200 [ 1572.148657] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1572.149456] ? lock_downgrade+0x6d0/0x6d0 [ 1572.149472] ? ksys_write+0x12d/0x260 [ 1572.149489] ? wait_for_completion_io+0x270/0x270 [ 1572.150511] CR2: 00007f9ce632a550 CR3: 00000000467ba000 CR4: 0000000000350ef0 [ 1572.150921] ? rcu_read_lock_any_held+0x75/0xa0 [ 1572.150931] ? vfs_write+0x354/0xb10 [ 1572.150948] __x64_sys_recvmmsg+0x20f/0x260 [ 1572.151789] Call Trace: [ 1572.152579] ? ksys_write+0x1a9/0x260 [ 1572.153434] ? __warn+0xe2/0x1f0 [ 1572.153828] ? __do_sys_socketcall+0x600/0x600 [ 1572.153842] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1572.153860] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1572.154697] ? irq_work_queue+0x44/0x50 [ 1572.155625] do_syscall_64+0x33/0x40 [ 1572.156429] ? drv_bss_info_changed+0x554/0x5f0 [ 1572.156857] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1572.156865] RIP: 0033:0x7f033573cb19 [ 1572.156883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1572.158095] ? report_bug+0x1c1/0x210 [ 1572.158526] RSP: 002b:00007f0332cb2188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1572.159374] ? handle_bug+0x41/0x90 [ 1572.159870] RAX: ffffffffffffffda RBX: 00007f033584ff60 RCX: 00007f033573cb19 [ 1572.159877] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1572.159883] RBP: 00007f0332cb21d0 R08: 0000000000000000 R09: 0000000000000000 [ 1572.159889] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1572.159903] R13: 00007ffcf9e38e9f R14: 00007f0332cb2300 R15: 0000000000022000 [ 1572.161390] ? exc_invalid_op+0x14/0x50 [ 1572.163334] FAULT_INJECTION: forcing a failure. [ 1572.163334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1572.163602] ? asm_exc_invalid_op+0x12/0x20 [ 1572.163887] CPU: 1 PID: 9560 Comm: syz-executor.0 Not tainted 5.10.235 #1 [ 1572.163900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1572.164689] ? vprintk_func+0x93/0x140 [ 1572.165054] Call Trace: [ 1572.165067] dump_stack+0x107/0x167 [ 1572.165079] should_fail.cold+0x5/0xa [ 1572.165096] _copy_from_user+0x2e/0x1b0 [ 1572.166060] ? drv_bss_info_changed+0x554/0x5f0 [ 1572.166630] __copy_msghdr_from_user+0x91/0x4b0 [ 1572.167750] ieee80211_bss_info_change_notify+0x9a/0xc0 [ 1572.168147] ? __ia32_sys_shutdown+0x80/0x80 [ 1572.168922] ieee80211_ocb_leave+0x1ed/0x340 [ 1572.169417] ? __lock_acquire+0x1657/0x5b00 [ 1572.169438] ___sys_recvmsg+0xd5/0x200 [ 1572.170511] ? nl80211_parse_mon_options+0x477/0x6d0 [ 1572.170912] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 1572.170924] ? __fget_files+0x2cf/0x520 [ 1572.170943] ? lock_acquire+0x197/0x470 [ 1572.174790] __cfg80211_leave_ocb+0x1d6/0x570 [ 1572.175177] ? find_held_lock+0x2c/0x110 [ 1572.175194] ? __might_fault+0xd3/0x180 [ 1572.176777] cfg80211_leave_ocb+0x4e/0x70 [ 1572.177154] ? lock_downgrade+0x6d0/0x6d0 [ 1572.178654] cfg80211_change_iface+0x843/0xf90 [ 1572.179448] do_recvmmsg+0x24c/0x6d0 [ 1572.179469] ? ___sys_recvmsg+0x200/0x200 [ 1572.180962] nl80211_set_interface+0x67c/0x8f0 [ 1572.181725] ? lock_downgrade+0x6d0/0x6d0 [ 1572.181739] ? ksys_write+0x12d/0x260 [ 1572.181756] ? wait_for_completion_io+0x270/0x270 [ 1572.183255] ? nl80211_notify_iface+0x180/0x180 [ 1572.183666] ? rcu_read_lock_any_held+0x75/0xa0 [ 1572.186047] ? nl80211_pre_doit+0xa2/0x640 [ 1572.186488] ? vfs_write+0x354/0xb10 [ 1572.186505] __x64_sys_recvmmsg+0x20f/0x260 [ 1572.187943] genl_family_rcv_msg_doit+0x22d/0x330 [ 1572.188849] ? ksys_write+0x1a9/0x260 [ 1572.188861] ? __do_sys_socketcall+0x600/0x600 [ 1572.188879] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1572.189664] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 1572.189947] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1572.189959] do_syscall_64+0x33/0x40 [ 1572.189970] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1572.189984] RIP: 0033:0x7f11b74b4b19 [ 1572.190763] ? cap_capable+0x1cd/0x230 [ 1572.191164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1572.191177] RSP: 002b:00007f11b4a09188 EFLAGS: 00000246 [ 1572.192032] ? ns_capable+0xe2/0x110 [ 1572.192510] ORIG_RAX: 000000000000012b [ 1572.192523] RAX: ffffffffffffffda RBX: 00007f11b75c8020 RCX: 00007f11b74b4b19 [ 1572.193504] genl_rcv_msg+0x36a/0x5a0 [ 1572.194067] RDX: 0000000000000300 RSI: 0000000020001a40 RDI: 0000000000000003 [ 1572.194074] RBP: 00007f11b4a091d0 R08: 0000000000000000 R09: 0000000000000000 [ 1572.194080] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000002 [ 1572.194087] R13: 00007ffc1d6cbebf R14: 00007f11b4a09300 R15: 0000000000022000 [ 1572.226507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1572.226618] ? genl_get_cmd+0x480/0x480 [ 1572.248386] ? nl80211_notify_iface+0x180/0x180 [ 1572.249575] ? lock_release+0x680/0x680 [ 1572.250607] ? netlink_deliver_tap+0xf4/0xcc0 [ 1572.251786] netlink_rcv_skb+0x14b/0x430 [ 1572.252843] ? genl_get_cmd+0x480/0x480 [ 1572.253831] ? netlink_ack+0xab0/0xab0 [ 1572.254888] ? netlink_deliver_tap+0x1c4/0xcc0 [ 1572.256032] ? is_vmalloc_addr+0x7b/0xb0 [ 1572.257102] genl_rcv+0x24/0x40 [ 1572.257939] netlink_unicast+0x54e/0x800 [ 1572.259012] ? netlink_attachskb+0x870/0x870 [ 1572.260159] netlink_sendmsg+0x90f/0xe00 [ 1572.261216] ? netlink_unicast+0x800/0x800 [ 1572.262360] ? netlink_unicast+0x800/0x800 [ 1572.263444] __sock_sendmsg+0x154/0x190 [ 1572.264452] __sys_sendto+0x21c/0x320 [ 1572.265423] ? __ia32_sys_getpeername+0xb0/0xb0 [ 1572.266606] ? kmem_cache_free+0xa7/0x2d0 [ 1572.267730] ? _cond_resched+0x10/0x30 [ 1572.268776] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1572.270042] ? call_rcu+0x435/0x9c0 [ 1572.270974] ? trace_hardirqs_on+0x5b/0x180 [ 1572.272084] __x64_sys_sendto+0xdd/0x1b0 [ 1572.273125] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1572.274416] do_syscall_64+0x33/0x40 [ 1572.275410] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1572.276716] RIP: 0033:0x7fdc20fd88ac [ 1572.277687] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b [ 1572.282125] RSP: 002b:00007fdc1e599f80 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1572.284069] RAX: ffffffffffffffda RBX: 00007fdc1e59a0f0 RCX: 00007fdc20fd88ac [ 1572.285808] RDX: 0000000000000024 RSI: 00007fdc1e59a140 RDI: 0000000000000005 [ 1572.287560] RBP: 0000000000000000 R08: 00007fdc1e599fd4 R09: 000000000000000c [ 1572.289295] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1572.291048] R13: 00007fdc1e59a140 R14: 0000000000000005 R15: 0000000000000000 [ 1572.292794] irq event stamp: 2811 [ 1572.293644] hardirqs last enabled at (2819): [] console_unlock+0x92d/0xb40 [ 1572.295719] hardirqs last disabled at (2828): [] console_unlock+0x839/0xb40 [ 1572.297834] softirqs last enabled at (1900): [] asm_call_irq_on_stack+0x12/0x20 [ 1572.300087] softirqs last disabled at (1871): [] asm_call_irq_on_stack+0x12/0x20 [ 1572.302294] ---[ end trace 196ec39030329f69 ]--- VM DIAGNOSIS: 17:20:28 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822df351 RDI=ffffffff879f3180 RBP=ffffffff879f3140 RSP=ffff888034f3ef68 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001 R12=0000000000000020 R13=0000000000000020 R14=ffffffff879f3140 R15=dffffc0000000000 RIP=ffffffff822df3a8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fdc1e59b700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9ce632a550 CR3=00000000467ba000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=ffffffffffffffffffffff0000000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000002 RBX=0000000000000001 RCX=ffffffff8129ca53 RDX=ffff88800f198000 RSI=ffffffff8129ca41 RDI=0000000000000001 RBP=0000000000000200 RSP=ffff8880431b7898 R8 =0000000000000000 R9 =ffffffff8686c6e7 R10=0000000000000000 R11=0000000000000001 R12=0000000000000063 R13=0000000000000212 R14=ffff88804884cec0 R15=0000000000000000 RIP=ffffffff8140bf90 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0332cb2700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020002030 CR3=0000000045e76000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffffffffffffffffffffffff0000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000